Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

GitLab.org
GitLab
Merge requests
!108363

Docs: Reframe SAST config steps, link to enforcement

Review changes
Download
Patches
Plain diff

Connor Gilbert requested to merge connorgilbert/reframe-sast-configuration into master Jan 07, 2023

Overview 3
Commits 2
Pipelines 5
Changes 2

What does this MR do?

When we introduce SAST configuration steps, also link to the details of how to use Scan Execution Policies or Compliance Frameworks. I've encountered a number of customers who aren't aware of these options, which avoid the requirement of having to go individually to every project to enable SAST.
Reframe "manually" to "in your CI/CD YAML". The existing framing, in my opinion, unnecessarily casts shade on the CI/CD template modification by describing it as a "manual" process. In reality, because the template is easy to include and the UI flow has certain limitations, CI/CD YAML-based configuration is not an option we should discourage.
Introduce some of the context around how SAST scanning works before diving in to the steps and options.

Once this MR goes through, I can carry the changes forward to other Secure pages. It felt more efficient to review first before copying.

Related issues

N/A

Author's checklist

Optional. Consider taking the GitLab Technical Writing Fundamentals course.
Follow the:
If you're adding or changing the main heading of the page (H1), ensure that the product tier badge is added.
If you are a GitLab team member, request a review based on:
- The documentation page's metadata.
- The associated Technical Writer.

If you are a GitLab team member and only adding documentation, do not add any of the following labels:

~"frontend"
~"backend"
~"type::bug"
~"database"

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

If the content requires it, ensure the information is reviewed by a subject matter expert.
Technical writer review items:
- Ensure docs metadata is present and up-to-date.
- Ensure the appropriate labels are added to this MR.
- Ensure a release milestone is set.
- If relevant to this MR, ensure content topic type principles are in use, including:
  - The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
  - The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
  - Any task steps should be written as a numbered list.
  - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.

Edited Jan 07, 2023 by Connor Gilbert

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking