@@ -358,7 +358,7 @@ The following documentation relates to the DevOps **Secure** stage:
...
@@ -358,7 +358,7 @@ The following documentation relates to the DevOps **Secure** stage:
| [Dependency Scanning](user/application_security/dependency_scanning/index.md)**(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dependency Scanning](user/application_security/dependency_scanning/index.md)**(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md)**(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md)**(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
| [Group Security Dashboard](user/application_security/security_dashboard/index.md)**(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. |
| [Group Security Dashboard](user/application_security/security_dashboard/index.md)**(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. |
| [License Management](user/application_security/license_management/index.md)**(ULTIMATE)** | Search your project's dependencies for their licenses. |
| [License Compliance](user/application_security/license_management/index.md)**(ULTIMATE)** | Search your project's dependencies for their licenses. |
| [Project Security Dashboard](user/application_security/security_dashboard/index.md)**(ULTIMATE)** | View the latest security reports for your project. |
| [Project Security Dashboard](user/application_security/security_dashboard/index.md)**(ULTIMATE)** | View the latest security reports for your project. |
| [Static Application Security Testing (SAST)](user/application_security/sast/index.md)**(ULTIMATE)** | Analyze source code for known vulnerabilities. |
| [Static Application Security Testing (SAST)](user/application_security/sast/index.md)**(ULTIMATE)** | Analyze source code for known vulnerabilities. |
@@ -131,7 +131,7 @@ Its feature set is listed on the table below according to DevOps stages.
...
@@ -131,7 +131,7 @@ Its feature set is listed on the table below according to DevOps stages.
| **Secure** ||
| **Secure** ||
| [Container Scanning](../user/application_security/container_scanning/index.md)**(ULTIMATE)** | Check your Docker containers for known vulnerabilities.|
| [Container Scanning](../user/application_security/container_scanning/index.md)**(ULTIMATE)** | Check your Docker containers for known vulnerabilities.|
| [Dependency Scanning](../user/application_security/dependency_scanning/index.md)**(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dependency Scanning](../user/application_security/dependency_scanning/index.md)**(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [License Management](../user/application_security/license_management/index.md)**(ULTIMATE)** | Search your project dependencies for their licenses. |
| [License Compliance](../user/application_security/license_management/index.md)**(ULTIMATE)** | Search your project dependencies for their licenses. |
| [Security Test reports](../user/project/merge_requests/index.md#security-reports-ultimate)**(ULTIMATE)** | Check for app vulnerabilities. |
| [Security Test reports](../user/project/merge_requests/index.md#security-reports-ultimate)**(ULTIMATE)** | Check for app vulnerabilities. |
@@ -94,7 +94,10 @@ This means that the value of the variable will be hidden in job logs,
...
@@ -94,7 +94,10 @@ This means that the value of the variable will be hidden in job logs,
though it must match certain requirements to do so:
though it must match certain requirements to do so:
- The value must be in a single line.
- The value must be in a single line.
- The value must only consist of characters from the Base64 alphabet ([RFC4648](https://tools.ietf.org/html/rfc4648)) with the addition of `@` and `:`.
- The value must only consist of characters from the Base64 alphabet (RFC4648).
is used to detect the languages/frameworks and in turn analyzes the licenses.
is used to detect the languages/frameworks and in turn analyzes the licenses.
The License Management settings can be changed through environment variables by using the
The License Compliance settings can be changed through environment variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. These variables are documented in the [License Management documentation](https://gitlab.com/gitlab-org/security-products/license-management#settings).
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. These variables are documented in the [License Compliance documentation](https://gitlab.com/gitlab-org/security-products/license-management#settings).
### Installing custom dependencies
### Installing custom dependencies
...
@@ -143,7 +143,7 @@ license_management:
...
@@ -143,7 +143,7 @@ license_management:
### Configuring Maven projects
### Configuring Maven projects
The License Management tool provides a `MAVEN_CLI_OPTS` environment variable which can hold
The License Compliance tool provides a `MAVEN_CLI_OPTS` environment variable which can hold
the command line arguments to pass to the `mvn install` command which is executed under the hood.
the command line arguments to pass to the `mvn install` command which is executed under the hood.
Feel free to use it for the customization of Maven execution. For example:
Feel free to use it for the customization of Maven execution. For example:
...
@@ -169,7 +169,7 @@ If you still need to run tests during `mvn install`, add `-DskipTests=false` to
...
@@ -169,7 +169,7 @@ If you still need to run tests during `mvn install`, add `-DskipTests=false` to
> [Introduced](https://gitlab.com/gitlab-org/security-products/license-management/merge_requests/36) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0.
> [Introduced](https://gitlab.com/gitlab-org/security-products/license-management/merge_requests/36) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0.
License Management uses Python 2.7 and pip 10.0 by default.
License Compliance uses Python 2.7 and pip 10.0 by default.
If your project requires Python 3, you can switch to Python 3.5 and pip 19.1
If your project requires Python 3, you can switch to Python 3.5 and pip 19.1
by setting the `LM_PYTHON_VERSION` environment variable to `3`.
by setting the `LM_PYTHON_VERSION` environment variable to `3`.