@@ -811,3 +811,38 @@ You can set them globally or per-job in the [`variables`](../yaml/README.md#vari
...
@@ -811,3 +811,38 @@ You can set them globally or per-job in the [`variables`](../yaml/README.md#vari
## System calls not available on GitLab.com shared runners
## System calls not available on GitLab.com shared runners
GitLab.com shared runners run on CoreOS. This means that you cannot use some system calls, like `getlogin`, from the C standard library.
GitLab.com shared runners run on CoreOS. This means that you cannot use some system calls, like `getlogin`, from the C standard library.
## Artifact and cache settings
> Introduced in GitLab Runner 13.9.
Artifact and cache settings control the compression ratio of artifacts and caches.
Use these settings to specify the size of the archive produced by a job.
- On a slow network, uploads might be faster for smaller archives.
- On a fast network where bandwidth and storage are not a concern, uploads might be faster using the fastest compression ratio, despite the archive produced being larger.
For [GitLab Pages](../../user/project/pages/index.md) to serve
[HTTP Range requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests), artifacts
should use the `ARTIFACT_COMPRESSION_LEVEL: fastest` setting, as only uncompressed zip archives
support this feature.
A meter can also be enabled to provide the rate of transfer for uploads and downloads.
```yaml
variables:
# output upload and download progress every 2 seconds
TRANSFER_METER_FREQUENCY:"2s"
# Use fast compression for artifacts, resulting in larger archives
| `TRANSFER_METER_FREQUENCY` | Specify how often to print the meter's transfer rate. It can be set to a duration (for example, `1s` or `1m30s`). A duration of `0` disables the meter (default). When a value is set, the pipeline shows a progress meter for artifact and cache uploads and downloads. |
| `ARTIFACT_COMPRESSION_LEVEL` | To adjust compression ratio, set to `fastest`, `fast`, `default`, `slow`, or `slowest`. This setting works with the fastzip archiver only, so the GitLab Runner feature flag [`FF_USE_FASTZIP`](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags) must also be enabled. |
| `CACHE_COMPRESSION_LEVEL` | To adjust compression ratio, set to `fastest`, `fast`, `default`, `slow`, or `slowest`. This setting works with the fastzip archiver only, so the GitLab Runner feature flag [`FF_USE_FASTZIP`](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags) must also be enabled. |
@@ -8,6 +8,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -8,6 +8,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w
This page will cover architectural patterns and tips for developers to follow to prevent [transient bugs.](https://about.gitlab.com/handbook/engineering/quality/issue-triage/#transient-bugs)
This page will cover architectural patterns and tips for developers to follow to prevent [transient bugs.](https://about.gitlab.com/handbook/engineering/quality/issue-triage/#transient-bugs)
## Common root causes
We've noticed a few root causes that come up frequently when addressing transient bugs.
- Needs better state management in the backend or frontend.
A scanner profile defines the scanner settings used to run an on-demand scan:
A scanner profile defines the scanner settings used to run an on-demand scan:
-**Profile name:** A name you give the scanner profile. For example, "Spider_15".
-**Profile name:** A name you give the scanner profile. For example, "Spider_15".
-**Scan mode:** A passive scan monitors all HTTP messages (requests and responses) sent to the target. An active scan attacks the target to find potential vulnerabilities.
-**Spider timeout:** The maximum number of minutes allowed for the spider to traverse the site.
-**Spider timeout:** The maximum number of minutes allowed for the spider to traverse the site.
-**Target timeout:** The maximum number of seconds DAST waits for the site to be available before
-**Target timeout:** The maximum number of seconds DAST waits for the site to be available before
starting the scan.
starting the scan.
-**Scan mode:** A passive scan monitors all HTTP messages (requests and responses) sent to the target. An active scan attacks the target to find potential vulnerabilities.
-**AJAX spider:** Run the AJAX spider, in addition to the traditional spider, to crawl the target site.
-**AJAX spider:** Run the AJAX spider, in addition to the traditional spider, to crawl the target site.
-**Debug messages:** Include debug messages in the DAST console output.
-**Debug messages:** Include debug messages in the DAST console output.
Scan mode, AJAX spider, Debug messages are [added in GitLab 13.5](https://gitlab.com/gitlab-org/gitlab/-/issues/225804)
### Create a scanner profile
### Create a scanner profile
To create a scanner profile:
To create a scanner profile:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. From your project's home page, go to **Security & Compliance > Configuration**.
1.Click **Manage** in the **DAST Profiles** row.
1.In the **DAST Profiles** row select **Manage**.
1.Click **New Profile > Scanner Profile**.
1.Select **New > Scanner Profile**.
1.Enter a unique **Profile name**, the desired **Spider timeout**, and the **Target timeout**.
1.Complete the form. For details of each field, see [Scanner profile](#scanner-profile).
1. Click **Save profile**.
1. Click **Save profile**.
### Edit a scanner profile
### Edit a scanner profile
...
@@ -929,7 +943,12 @@ To edit a scanner profile:
...
@@ -929,7 +943,12 @@ To edit a scanner profile:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Click **Manage** in the **DAST Profiles** row.
1. Click **Manage** in the **DAST Profiles** row.
1. Click **Edit** in the scanner profile's row.
1. Select the **Scanner Profiles** tab.
1. In the scanner's row select the **More actions** (**{ellipsis_v}**) menu, then select **Edit**.
1. Edit the form.
1. Select **Save profile**.
The scanner profile is updated with the edited details.
### Delete a scanner profile
### Delete a scanner profile
...
@@ -937,7 +956,11 @@ To delete a scanner profile:
...
@@ -937,7 +956,11 @@ To delete a scanner profile:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Click **Manage** in the **DAST Profiles** row.
1. Click **Manage** in the **DAST Profiles** row.
1. Click **{remove}** (Delete profile) in the scanner profile's row.
1. Select the **Scanner Profiles** tab.
1. In the scanner's row select the **More actions** (**{ellipsis_v}**) menu, then select **Delete**.
Note that the `-connect` argument expects a `host:port` combination. For example, `https://kubernetes.example.com` would be `kubernetes.example.com:443`.