diff --git a/doc/README.md b/doc/README.md index 9a0252cc33464b6073d48d1793cb033d158d0158..c704bedc7d62cf61c6678bca2c5413853e75fa35 100644 --- a/doc/README.md +++ b/doc/README.md @@ -357,9 +357,10 @@ The following documentation relates to the DevOps **Secure** stage: | [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. | | [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. | -| [Group Security Dashboard](user/application_security/security_dashboard/index.md) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. | +| [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. | | [License Compliance](user/application_security/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. | -| [Project Security Dashboard](user/application_security/security_dashboard/index.md) **(ULTIMATE)** | View the latest security reports for your project. | +| [Pipeline Security Dashboard](user/application_security/security_dashboard/index.md#pipeline-security-dashboard) **(ULTIMATE)** | View the security reports for your project's pipelines. | +| [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)** | View the latest security reports for your project. | | [Static Application Security Testing (SAST)](user/application_security/sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. | ## New to Git and GitLab? diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index a030f8d96ef7ced033877c3755f226dd95afd9b7..c3f80c6a0fd05b243d20b14a7dbbce1ed92f48e2 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -127,7 +127,7 @@ build: ## Security Dashboard The Security Dashboard is a good place to get an overview of all the security -vulnerabilities in your groups and projects. Read more about the +vulnerabilities in your groups, projects and pipelines. Read more about the [Security Dashboard](../security_dashboard/index.md). ## Interacting with the vulnerabilities diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index 86c6f8c167cebfb8a452363143243c4cd698d857..2d9f522c4f02a5135fed7e69f3f78859be1b96d0 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -198,7 +198,7 @@ variable value. ## Security Dashboard The Security Dashboard is a good place to get an overview of all the security -vulnerabilities in your groups and projects. Read more about the +vulnerabilities in your groups, projects and pipelines. Read more about the [Security Dashboard](../security_dashboard/index.md). ## Interacting with the vulnerabilities diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index 3276dc40dc008adf3227ca64c4ad8827c985f72d..fa2df667031d426171e02a520192d1de44787633 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -314,7 +314,7 @@ the report JSON unless stated otherwise. Presence of optional fields depends on ## Security Dashboard The Security Dashboard is a good place to get an overview of all the security -vulnerabilities in your groups and projects. Read more about the +vulnerabilities in your groups, projects and pipelines. Read more about the [Security Dashboard](../security_dashboard/index.md). ## Interacting with the vulnerabilities diff --git a/doc/user/application_security/sast/img/security_report.png b/doc/user/application_security/sast/img/security_report.png deleted file mode 100644 index ba41b707238fec35dbf1b8bf0ef44e5c4318d1c1..0000000000000000000000000000000000000000 Binary files a/doc/user/application_security/sast/img/security_report.png and /dev/null differ diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 5e7bc4142fb70f0ebb5987b36d5584136b4ba128..fbc130689e029cd155085174f2027307d2663c3d 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -333,20 +333,10 @@ CI/CD configuration file to turn it on. Results are available in the SAST report GitLab currently includes [Gitleaks](https://github.com/zricethezav/gitleaks) and [TruffleHog](https://github.com/dxa4481/truffleHog) checks. -## Security report under pipelines - -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/3776) -in [GitLab Ultimate](https://about.gitlab.com/pricing) 10.6. - -Visit any pipeline page which has a `sast` job and you will be able to see -the security report tab with the listed vulnerabilities (if any). - -![Security Report](img/security_report.png) - ## Security Dashboard The Security Dashboard is a good place to get an overview of all the security -vulnerabilities in your groups and projects. Read more about the +vulnerabilities in your groups, projects and pipelines. Read more about the [Security Dashboard](../security_dashboard/index.md). ## Interacting with the vulnerabilities diff --git a/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png b/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png new file mode 100644 index 0000000000000000000000000000000000000000..0b2dfecd9e73d7afb8c50b01444608066a300746 Binary files /dev/null and b/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png differ diff --git a/doc/user/application_security/security_dashboard/index.md b/doc/user/application_security/security_dashboard/index.md index e7cda35eb9892d919aea1abc6cfe3b772fe5ff67..a98ca1fb338f2b9f4b37491836d7aa9bb7844dd1 100644 --- a/doc/user/application_security/security_dashboard/index.md +++ b/doc/user/application_security/security_dashboard/index.md @@ -5,7 +5,7 @@ type: reference, howto # GitLab Security Dashboard **(ULTIMATE)** The Security Dashboard is a good place to get an overview of all the security -vulnerabilities in your groups and projects. +vulnerabilities in your groups, projects and pipelines. You can also drill down into a vulnerability and get extra information, see which project it comes from, the file it's in, and various metadata to help you analyze @@ -26,7 +26,7 @@ The Security Dashboard supports the following reports: ## Requirements -To use the project or group security dashboard: +To use the group, project or pipeline security dashboard: 1. At least one project inside a group must be configured with at least one of the [supported reports](#supported-reports). @@ -34,6 +34,16 @@ To use the project or group security dashboard: 1. [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 or newer must be used. If you're using the shared Runners on GitLab.com, this is already the case. +## Pipeline Security Dashboard + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/13496) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.3. + +At the pipeline level, the Security Dashboard displays the vulnerabilities present in the branch of the project the pipeline was run against. + +Visit the page for any pipeline which has run any of the [supported reports](#supported-reports). Click the **Security** tab to view the Security Dashboard. + +![Pipeline Security Dashboard](img/pipeline_security_dashboard_v12_3.png) + ## Project Security Dashboard > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.1. @@ -46,8 +56,7 @@ for your project. Use it to find and fix vulnerabilities affecting the ## Group Security Dashboard -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6709) in -> [GitLab Ultimate](https://about.gitlab.com/pricing) 11.5. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6709) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.5. The group Security Dashboard gives an overview of the vulnerabilities of all the projects in a group and its subgroups. diff --git a/doc/user/project/import/gemnasium.md b/doc/user/project/import/gemnasium.md index cf48189fa6e7e4b45af5a40e943d03ebb90cf68d..3217bbc4772c7f18a4c34d8a82abc25811c43ecd 100644 --- a/doc/user/project/import/gemnasium.md +++ b/doc/user/project/import/gemnasium.md @@ -98,7 +98,7 @@ back to both GitLab and GitHub when completed. 1. The result of the job will be visible directly from the pipeline view: - ![security report](img/gemnasium/report.png) + ![Security Dashboard](../../application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png) NOTE: **Note:** If you don't commit very often to your project, you may want to use diff --git a/doc/user/project/import/img/gemnasium/report.png b/doc/user/project/import/img/gemnasium/report.png deleted file mode 100644 index 5c4d58662c0483042ed7015d3b17a5a8609242e2..0000000000000000000000000000000000000000 Binary files a/doc/user/project/import/img/gemnasium/report.png and /dev/null differ