Standardize UI navigation steps in Secure-related tasks

5cb04931 · Russell Dickenson · Kati Paizee · 862882ba · 5cb04931 · 5cb04931
Commit 5cb04931 authored Apr 01, 2022 by Russell Dickenson Committed by Kati Paizee Apr 01, 2022
7 changed files
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -91,20 +91,25 @@ The API fuzzing configuration form helps you create or modify your project's API
 configuration. The form lets you choose values for the most common API fuzzing options and builds
 a YAML snippet that you can paste in your GitLab CI/CD configuration.
-#### Configure Web API fuzzing with the configuration form
+#### Configure Web API fuzzing in the UI
 To generate an API Fuzzing configuration snippet:
 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance > Configuration**.
-1. In the **API Fuzzing** row, select **Configure**.
+1. In the **API Fuzzing** row, select **Enable API Fuzzing**.
-1. Complete the form as needed. Read below for more information on available configuration options.
+1. Complete the fields. For details see [Available CI/CD variables](#available-cicd-variables).
 1. Select **Generate code snippet**.
   A modal opens with the YAML snippet corresponding to the options you've selected in the form.
-1. Choose one of the following actions:
+1. Do one of the following:
-   1. To copy the snippet to your clipboard and be redirected to your project's `.gitlab-ci.yml` file,
+   1. To copy the snippet to your clipboard, select **Copy code only**.
-      where you can paste the YAML configuration, select **Copy code and open `.gitlab-ci.yml` file**.
+   1. To add the snippet to your project's `.gitlab-ci.yml` file, select
-   1. To copy the snippet to your clipboard and close the modal, select **Copy code only**.
+      **Copy code and open `.gitlab-ci.yml` file**. The Pipeline Editor opens.
+      1. Paste the snippet into the `.gitlab-ci.yml` file.
+      1. Select the **Lint** tab to confirm the edited `.gitlab-ci.yml` file is valid.
+      1. Select the **Edit** tab, then select **Commit changes**.
+When the snippet is committed to the `.gitlab-ci.yml` file, pipelines include an API Fuzzing job.
 ### OpenAPI Specification

--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -278,7 +278,8 @@ page.
 You can enable or configure DAST settings using the UI. The generated settings are formatted so they
 can be conveniently pasted into the `.gitlab-ci.yml` file.
-1. From the project's home page, go to **Security & Compliance > Configuration**.
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Security & Compliance > Configuration**.
 1. In the **Dynamic Application Security Testing (DAST)** section, select **Enable DAST** or
   **Configure DAST**.
 1. Select the desired **Scanner profile**, or select **Create scanner profile** and save a
@@ -288,12 +289,14 @@ can be conveniently pasted into the `.gitlab-ci.yml` file.
 1. Select **Generate code snippet**. A modal opens with the YAML snippet corresponding to the
   options you selected.
 1. Do one of the following:
-   1. Select **Copy code only** to copy the snippet to your clipboard.
+   1. To copy the snippet to your clipboard, select **Copy code only**.
-   1. Select **Copy code and open `.gitlab-ci.yml` file** to copy the snippet to your clipboard. The
+   1. To add the snippet to your project's `.gitlab-ci.yml` file, select
-   CI/CD Editor then opens.
+      **Copy code and open `.gitlab-ci.yml` file**. The Pipeline Editor opens.
      1. Paste the snippet into the `.gitlab-ci.yml` file.
      1. Select the **Lint** tab to confirm the edited `.gitlab-ci.yml` file is valid.
-      1. Select **Commit changes**.
+      1. Select the **Edit** tab, then select **Commit changes**.
+When the snippet is committed to the `.gitlab-ci.yml` file, pipelines include a DAST job.
 #### Crawling web applications dependent on JavaScript

--- a/doc/user/application_security/dast_api/index.md
+++ b/doc/user/application_security/dast_api/index.md
@@ -84,9 +84,9 @@ the body generation is limited to these body types:
 - `application/json`
 - `application/xml`
-Follow these steps to configure DAST API in GitLab with an OpenAPI specification:
+To configure DAST API scanning with an OpenAPI specification:
-1. To use DAST API, you must [include](../../../ci/yaml/index.md#includetemplate)
+1. To use DAST API scanning, [include](../../../ci/yaml/index.md#includetemplate)
   the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml)
   that's provided as part of your GitLab installation. Add the following to your
   `.gitlab-ci.yml` file:
@@ -182,8 +182,7 @@ WARNING:
 HAR files may contain sensitive information such as authentication tokens, API keys, and session
 cookies. We recommend that you review the HAR file contents before adding them to a repository.
-Follow these steps to configure DAST API to use a HAR file that provides information about the
+To configure DAST API scanning to use a HAR file:
-target API to test:
 1. To use DAST API, you must [include](../../../ci/yaml/index.md#includetemplate)
   the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml)
@@ -282,8 +281,7 @@ Postman Collection files may contain sensitive information such as authenticatio
 and session cookies. We recommend that you review the Postman Collection file contents before adding
 them to a repository.
-Follow these steps to configure DAST API to use a Postman Collection file that provides
+To configure DAST API scanning to use a Postman Collection file:
-information about the target API to test:
 1. To use DAST API, you must [include](../../../ci/yaml/index.md#includetemplate)
   the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml)

--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -508,19 +508,18 @@ always take the latest dependency scanning artifact available.
 > - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/282533) in GitLab 14.1.
 > - [Feature flag sec_dependency_scanning_ui_enable removed](https://gitlab.com/gitlab-org/gitlab/-/issues/326005) in GitLab 14.2.
-To enable Dependency Scanning in a project, you can create a merge request
+To enable Dependency Scanning in a project, you can create a merge request:
-from the Security Configuration page.
-1. In the project where you want to enable Dependency Scanning, navigate to
+1. On the top bar, select **Menu > Projects** and find your project.
-   **Security & Compliance > Configuration**.
+1. On the left sidebar, select **Security & Compliance > Configuration**.
 1. In the **Dependency Scanning** row, select **Configure with a merge request**.
+1. Review and merge the merge request to enable Dependency Scanning.
-This automatically creates a merge request with the changes necessary to enable Dependency Scanning
+Pipelines now include a dependency scanning job.
-that you can review and merge to complete the configuration.
 ### Customizing the dependency scanning settings
-The dependency scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
+The Dependency Scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
 [`variables`](../../../ci/yaml/index.md#variables) parameter in `.gitlab-ci.yml`.
 For example:

--- a/doc/user/application_security/iac_scanning/index.md
+++ b/doc/user/application_security/iac_scanning/index.md
@@ -93,15 +93,14 @@ that you can download and analyze.
 ### Enable IaC Scanning via an automatic merge request
-To enable IaC Scanning in a project, you can create a merge request
+To enable IaC Scanning in a project, you can create a merge request:
-from the Security Configuration page:
 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance > Configuration**.
 1. In the **Infrastructure as Code (IaC) Scanning** row, select **Configure with a merge request**.
+1. Review and merge the merge request to enable IaC Scanning.
-This automatically creates a merge request with the changes necessary to enable IaC Scanning
+Pipelines now include an IaC job.
-that you can review and merge to complete the configuration.
 ## Reports JSON format

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -190,28 +190,28 @@ always take the latest SAST artifact available.
 ### Configure SAST in the UI
 You can enable and configure SAST in the UI, either with default settings, or with customizations.
-Use the method that best meets your needs.
+The method you can use depends on your GitLab license tier.
- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings)
+- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings).
- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations)
+- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations). **(ULTIMATE)**
 ### Configure SAST in the UI with default settings
 > [Introduced](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#security-configuration-page-for-all-users) in GitLab 13.9
+NOTE:
+The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
+configuration file. If you have a complex GitLab configuration file it may not be parsed
+successfully, and an error may occur.
 To enable and configure SAST with default settings:
 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance** > **Configuration**.
-1. In the SAST section, select `Enable via MR`.
+1. In the SAST section, select **Configure with a merge request**.
-1. Review the draft MR that enables SAST with the default recommended settings in the
+1. Review and merge the merge request to enable SAST.
-   `.gitlab-ci.yml` file.
-1. Merge the MR to enable SAST. You should see SAST jobs run in that MR's pipeline.
-NOTE:
+Pipelines now include a SAST job.
-The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
-configuration file. If you have a complex GitLab configuration file it may not be parsed
-successfully, and an error may occur.
 ### Configure SAST in the UI with customizations **(ULTIMATE)**
@@ -219,27 +219,28 @@ successfully, and an error may occur.
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab 13.4.
 > - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab 13.5.
+NOTE:
+The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
+configuration file. If you have a complex GitLab configuration file it may not be parsed
+successfully, and an error may occur.
 To enable and configure SAST with customizations:
 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance > Configuration**.
-1. If the project does not have a `.gitlab-ci.yml` file, select **Enable** in the Static Application
+1. If the project does not have a `.gitlab-ci.yml` file, select **Enable SAST** in the Static
-   Security Testing (SAST) row, otherwise select **Configure**.
+   Application Security Testing (SAST) row, otherwise select **Configure SAST**.
 1. Enter the custom SAST values.
   Custom values are stored in the `.gitlab-ci.yml` file. For CI/CD variables not in the SAST
-   Configuration page, their values are left unchanged. Default values are inherited from the GitLab
+   Configuration page, their values are inherited from the GitLab SAST template.
-   SAST template.
 1. Optionally, expand the **SAST analyzers** section, select individual
   [SAST analyzers](analyzers.md) and enter custom analyzer values.
 1. Select **Create Merge Request**.
 1. Review and merge the merge request.
-NOTE:
+Pipelines now include a SAST job.
-The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
-configuration file. If you have a complex GitLab configuration file it may not be parsed
-successfully, and an error may occur.
 ### Overriding SAST jobs

--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -112,20 +112,19 @@ always take the latest Secret Detection artifact available.
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, deployed behind a feature flag, enabled by default.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1.
-To enable Secret Detection in a project, you can create a merge request
+NOTE:
-from the Security Configuration page.
+This method works best with no existing `.gitlab-ci.yml` file, or with a minimal configuration
+file. If you have a complex GitLab configuration file it may not be parsed successfully, and an
+error may occur.
-1. In the project where you want to enable Secret Detection, go to
+To enable Secret Detection in a project, you can create a merge request:
-   **Security & Compliance > Configuration**.
-1. In the **Secret Detection** row, select **Configure with a merge request**.
-This automatically creates a merge request with the changes necessary to enable Secret Detection
+1. On the top bar, select **Menu > Projects** and find your project.
-that you can review and merge to complete the configuration.
+1. On the left sidebar, select **Security & Compliance > Configuration**.
+1. In the **Secret Detection** row, select **Configure with a merge request**.
+1. Review and merge the merge request to enable Secret Detection.
-NOTE:
+Pipelines now include a Secret Detection job.
-The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
-configuration file. If you have a complex GitLab configuration file it may not be parsed
-successfully, and an error may occur.
 ### Customizing settings