From 637510720db76245d18a2b28d13a3d61a4351b84 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 9 May 2024 21:18:12 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .gitlab/ci/frontend.gitlab-ci.yml             |  4 +-
 .../layout/space_in_lambda_literal.yml        | 11 ---
 .../components/sidebar/commit_block.vue       |  2 +-
 .../components/sidebar/stages_dropdown.vue    |  9 +-
 app/models/integration.rb                     |  1 +
 .../integrations/exclusions/base_service.rb   | 32 +++++++
 .../integrations/exclusions/create_service.rb | 32 +++++++
 .../exclusions/destroy_service.rb             | 29 ++++++
 app/views/search/results/_milestone.html.haml |  8 +-
 app/views/search/results/_note.html.haml      | 16 ++--
 .../native_header_anchors.yml                 |  9 --
 ...index_ci_pipeline_config_on_pipeline_id.rb | 18 ++++
 db/schema_migrations/20240508064453           |  1 +
 db/structure.sql                              |  2 -
 .../gitlab_agent_deployments/index.md         |  2 +-
 .../cloud_deployment/ecs/deploy_to_aws_ecs.md |  4 +-
 doc/ci/environments/index.md                  | 10 +-
 .../end_to_end_testing_webdriverio/index.md   |  4 +-
 doc/ci/examples/index.md                      |  4 +-
 doc/ci/testing/browser_performance_testing.md |  2 +-
 doc/ci/testing/load_performance_testing.md    |  2 +-
 doc/ci/yaml/index.md                          |  2 +-
 doc/development/documentation/review_apps.md  |  2 +-
 doc/development/pipelines/index.md            |  4 +-
 doc/development/pipelines/internals.md        |  2 +-
 .../end_to_end/test_pipelines.md              |  2 +-
 doc/topics/autodevops/customize.md            |  2 +-
 doc/topics/autodevops/index.md                |  2 +-
 .../multiple_clusters_auto_devops.md          |  2 +-
 doc/topics/autodevops/stages.md               |  2 +-
 doc/topics/release_your_application.md        |  2 +-
 .../api_fuzzing/configuration/requirements.md |  8 +-
 .../configuration/requirements.md             |  8 +-
 .../browser/configuration/requirements.md     |  8 +-
 doc/user/application_security/dast/index.md   |  8 +-
 .../application_security/dast/proxy-based.md  |  2 +-
 .../get-started-security.md                   |  2 +-
 .../vulnerability_report/index.md             |  7 +-
 doc/user/permissions.md                       |  2 +-
 doc/user/project/merge_requests/index.md      |  2 +-
 doc/user/project/merge_requests/widgets.md    |  8 +-
 .../filter/markdown_engines/glfm_markdown.rb  |  2 +-
 .../filter/table_of_contents_legacy_filter.rb |  2 +-
 .../filter/table_of_contents_tag_filter.rb    |  2 +-
 .../integrations/beyond_identity_check.rb     |  8 +-
 locale/gitlab.pot                             |  6 +-
 scripts/utils.sh                              |  8 +-
 .../adding_exclusions_for_projects_spec.rb    | 95 +++++++++++++++++++
 .../markdown_engines/glfm_markdown_spec.rb    | 15 ---
 .../table_of_contents_legacy_filter_spec.rb   |  8 +-
 .../beyond_identity_check_spec.rb             | 32 ++++++-
 .../exclusions/base_service_spec.rb           | 18 ++++
 .../exclusions/create_service_spec.rb         | 60 ++++++++++++
 .../exclusions/destroy_service_spec.rb        | 40 ++++++++
 .../exclusions/base_service_examples.rb       | 21 ++++
 55 files changed, 464 insertions(+), 132 deletions(-)
 create mode 100644 app/services/integrations/exclusions/base_service.rb
 create mode 100644 app/services/integrations/exclusions/create_service.rb
 create mode 100644 app/services/integrations/exclusions/destroy_service.rb
 delete mode 100644 config/feature_flags/gitlab_com_derisk/native_header_anchors.yml
 create mode 100644 db/post_migrate/20240508064453_drop_index_ci_pipeline_config_on_pipeline_id.rb
 create mode 100644 db/schema_migrations/20240508064453
 create mode 100644 spec/features/integrations/exclusions/adding_exclusions_for_projects_spec.rb
 create mode 100644 spec/services/integrations/exclusions/base_service_spec.rb
 create mode 100644 spec/services/integrations/exclusions/create_service_spec.rb
 create mode 100644 spec/services/integrations/exclusions/destroy_service_spec.rb
 create mode 100644 spec/support/shared_examples/integrations/exclusions/base_service_examples.rb

diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index 28e1fc34312..cc9150420c4 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -110,7 +110,7 @@ update-storybook-yarn-cache:
     - .shared:rules:update-cache
   stage: prepare
   script:
-    - yarn_install_script
+    - yarn_install_script_storybook
 
 retrieve-frontend-fixtures:
   variables:
@@ -420,7 +420,7 @@ bundle-size-review:
     - .frontend-test-base
     - .storybook-yarn-cache
   script:
-    - run_timed_command "retry yarn run storybook:install --frozen-lockfile"
+    - yarn_install_script_storybook
     - run_timed_command "yarn run storybook:build"
   needs: ["graphql-schema-dump"]
 
diff --git a/.rubocop_todo/layout/space_in_lambda_literal.yml b/.rubocop_todo/layout/space_in_lambda_literal.yml
index 178eca788dc..a3c3f5daf96 100644
--- a/.rubocop_todo/layout/space_in_lambda_literal.yml
+++ b/.rubocop_todo/layout/space_in_lambda_literal.yml
@@ -200,17 +200,6 @@ Layout/SpaceInLambdaLiteral:
     - 'ee/app/serializers/vulnerabilities/feedback_entity.rb'
     - 'ee/app/serializers/vulnerabilities/finding_entity.rb'
     - 'ee/app/serializers/vulnerability_note_entity.rb'
-    - 'ee/app/services/analytics/cycle_analytics/consistency_check_service.rb'
-    - 'ee/app/services/analytics/cycle_analytics/data_loader_service.rb'
-    - 'ee/app/services/audit_events/export_csv_service.rb'
-    - 'ee/app/services/ee/ci/register_job_service.rb'
-    - 'ee/app/services/groups/memberships/export_service.rb'
-    - 'ee/app/services/groups/seat_usage_export_service.rb'
-    - 'ee/app/services/historical_user_data/csv_service.rb'
-    - 'ee/app/services/user_permissions/export_service.rb'
-    - 'ee/app/services/vulnerability_exports/exporters/csv_service.rb'
-    - 'ee/app/workers/update_all_mirrors_worker.rb'
-    - 'ee/lib/api/entities/pending_member.rb'
     - 'ee/lib/ee/api/entities/ci/job_request/response.rb'
     - 'ee/lib/ee/api/entities/epic.rb'
     - 'ee/lib/ee/api/entities/issue.rb'
diff --git a/app/assets/javascripts/ci/job_details/components/sidebar/commit_block.vue b/app/assets/javascripts/ci/job_details/components/sidebar/commit_block.vue
index 5e826efbefb..2f971047e0f 100644
--- a/app/assets/javascripts/ci/job_details/components/sidebar/commit_block.vue
+++ b/app/assets/javascripts/ci/job_details/components/sidebar/commit_block.vue
@@ -45,6 +45,6 @@ export default {
       </span>
     </p>
 
-    <p class="gl-mb-0">{{ commit.title }}</p>
+    <p class="gl-mb-0 gl-break-all">{{ commit.title }}</p>
   </div>
 </template>
diff --git a/app/assets/javascripts/ci/job_details/components/sidebar/stages_dropdown.vue b/app/assets/javascripts/ci/job_details/components/sidebar/stages_dropdown.vue
index 413eba4fb52..867fc59536d 100644
--- a/app/assets/javascripts/ci/job_details/components/sidebar/stages_dropdown.vue
+++ b/app/assets/javascripts/ci/job_details/components/sidebar/stages_dropdown.vue
@@ -94,13 +94,10 @@ export default {
 </script>
 <template>
   <div class="dropdown">
-    <div
-      class="gl-display-flex gl-flex-wrap gl-align-items-center gl-gap-2 js-pipeline-info"
-      data-testid="pipeline-info"
-    >
+    <div class="gl-display-block js-pipeline-info" data-testid="pipeline-info">
       <gl-sprintf :message="pipelineInfo">
         <template #bold="{ content }">
-          <span class="gl-display-flex gl-font-weight-bold">{{ content }}</span>
+          <span class="gl-display-inline-flex gl-font-weight-bold">{{ content }}</span>
         </template>
         <template #id>
           <gl-link
@@ -128,7 +125,7 @@ export default {
         <template #ref>
           <gl-link
             :href="pipeline.ref.path"
-            class="link-commit ref-name"
+            class="link-commit ref-name gl-break-all"
             data-testid="source-ref-link"
             >{{ pipeline.ref.name }}</gl-link
           ><clipboard-button
diff --git a/app/models/integration.rb b/app/models/integration.rb
index 68852b0c8f2..fef64da0063 100644
--- a/app/models/integration.rb
+++ b/app/models/integration.rb
@@ -155,6 +155,7 @@ class Integration < ApplicationRecord
   scope :deployment, -> { where(category: 'deployment') }
   scope :group_mention_hooks, -> { where(group_mention_events: true, active: true) }
   scope :group_confidential_mention_hooks, -> { where(group_confidential_mention_events: true, active: true) }
+  scope :exclusions_for_project, ->(project) { where(project: project, active: false) }
 
   class << self
     private
diff --git a/app/services/integrations/exclusions/base_service.rb b/app/services/integrations/exclusions/base_service.rb
new file mode 100644
index 00000000000..14119560754
--- /dev/null
+++ b/app/services/integrations/exclusions/base_service.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Integrations
+  module Exclusions
+    class BaseService
+      def initialize(current_user:, integration_name:, projects:)
+        @user = current_user
+        @integration_name = integration_name
+        @projects = projects
+      end
+
+      def execute
+        return ServiceResponse.error(message: 'not authorized') unless allowed?
+        return ServiceResponse.error(message: 'not instance specific') unless instance_specific_integration?
+
+        yield
+      end
+
+      private
+
+      attr_reader :user, :integration_name, :projects
+
+      def allowed?
+        user.can?(:admin_all_resources)
+      end
+
+      def instance_specific_integration?
+        Integration::INSTANCE_SPECIFIC_INTEGRATION_NAMES.include?(integration_name)
+      end
+    end
+  end
+end
diff --git a/app/services/integrations/exclusions/create_service.rb b/app/services/integrations/exclusions/create_service.rb
new file mode 100644
index 00000000000..bcd40fb8eb1
--- /dev/null
+++ b/app/services/integrations/exclusions/create_service.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Integrations
+  module Exclusions
+    class CreateService < BaseService
+      def execute
+        super do
+          break ServiceResponse.success(payload: []) unless projects.present?
+
+          create_exclusions
+        end
+      end
+
+      private
+
+      def create_exclusions
+        integration_type = Integration.integration_name_to_type(integration_name)
+        integration_attrs = projects.map do |project|
+          {
+            project_id: project.id,
+            type_new: integration_type,
+            active: false,
+            inherit_from_id: nil
+          }
+        end
+
+        result = Integration.upsert_all(integration_attrs, unique_by: [:project_id, :type_new])
+        ServiceResponse.success(payload: Integration.id_in(result.rows.flatten))
+      end
+    end
+  end
+end
diff --git a/app/services/integrations/exclusions/destroy_service.rb b/app/services/integrations/exclusions/destroy_service.rb
new file mode 100644
index 00000000000..cee0af8f9c8
--- /dev/null
+++ b/app/services/integrations/exclusions/destroy_service.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Integrations
+  module Exclusions
+    class DestroyService < BaseService
+      def execute
+        super do
+          destroy_exclusions
+        end
+      end
+
+      private
+
+      def destroy_exclusions
+        integration_class = Integration.integration_name_to_model(integration_name)
+        exclusions = integration_class.exclusions_for_project(projects)
+
+        return ServiceResponse.success(payload: []) unless exclusions.present?
+
+        instance_integration = integration_class.for_instance.first
+
+        return ServiceResponse.success(payload: exclusions.destroy_all) unless instance_integration # rubocop: disable Cop/DestroyAll -- We load exclusions so we can have the deleted exclusions in the response
+
+        ::Integrations::Propagation::BulkUpdateService.new(instance_integration, exclusions).execute
+        ServiceResponse.success(payload: exclusions)
+      end
+    end
+  end
+end
diff --git a/app/views/search/results/_milestone.html.haml b/app/views/search/results/_milestone.html.haml
index d45f4eed1d8..73cf3a31311 100644
--- a/app/views/search/results/_milestone.html.haml
+++ b/app/views/search/results/_milestone.html.haml
@@ -1,7 +1,9 @@
 .search-result-row
-  %h4
-    = link_to project_milestone_path(milestone.project, milestone), data: {track_action: 'click_text', track_label: 'milestone_title', track_property: 'search_result'} do
-      %span.term.str-truncated= simple_search_highlight_and_truncate(milestone.title, @search_term)
+  = link_to project_milestone_path(milestone.project, milestone), class: 'gl-font-bold gl-text-black-normal', data: {track_action: 'click_text', track_label: 'milestone_title', track_property: 'search_result'} do
+    %span.term.str-truncated= simple_search_highlight_and_truncate(milestone.title, @search_term)
+
+  - if milestone.project_milestone?
+    .gl-mt-2= gl_badge_tag milestone.project.full_name, { variant: :muted }, { class: 'gl-white-space-normal gl-text-left' }
 
   - if milestone.description.present?
     .description.term
diff --git a/app/views/search/results/_note.html.haml b/app/views/search/results/_note.html.haml
index 128755ac3f2..10628b548f1 100644
--- a/app/views/search/results/_note.html.haml
+++ b/app/views/search/results/_note.html.haml
@@ -3,11 +3,12 @@
 - noteable_identifier = note.noteable.try(:iid) || note.noteable.try(:id)
 
 .search-result-row
-  %h5.note-search-caption.gl-max-w-full
-    %span.gl-display-inline-block.gl-text-truncate.search-max-w-inherit.gl-align-bottom
-      = sprite_icon('comment', css_class: 'gl-vertical-align-text-bottom')
-      = link_to_member(project, note.author, avatar: false)
-      = _("commented on %{link_to_project}").html_safe % { link_to_project: link_to(project.full_name, project) }
+  .note-search-caption.gl-max-w-full
+    .gl-font-sm.gl-text-secondary.gl-float-right= time_ago_with_tooltip(note.created_at, placement: 'bottom', html_class: 'note-created-ago')
+    .gl-display-inline-block.gl-text-truncate.search-max-w-inherit.gl-align-bottom
+      .gl-font-bold= link_to_member(project, note.author, avatar: true, extra_class: 'gl-text-black-normal')
+      .gl-text-secondary
+        = _("Commented on %{link_to_project}").html_safe % { link_to_project: link_to(project.full_name, project) }
     &middot;
 
     - if note.for_commit?
@@ -20,11 +21,6 @@
       &middot;
       = link_to note.noteable.title, note_url, data: {track_action: 'click_text', track_label: 'noteable_title', track_property: 'search_result'}
 
-    %span.note-headline-light.note-headline-meta
-      %span.system-note-separator
-        &middot;
-      %span.system-note-separator= time_ago_with_tooltip(note.created_at, placement: 'bottom', html_class: 'note-created-ago')
-
   .note-search-result
     .term
       = simple_search_highlight_and_truncate(note.note, @search_term)
diff --git a/config/feature_flags/gitlab_com_derisk/native_header_anchors.yml b/config/feature_flags/gitlab_com_derisk/native_header_anchors.yml
deleted file mode 100644
index 24f36fcd99f..00000000000
--- a/config/feature_flags/gitlab_com_derisk/native_header_anchors.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-name: native_header_anchors
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/440733
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144690
-rollout_issue_url:
-milestone: '17.0'
-group: group::project management
-type: gitlab_com_derisk
-default_enabled: false
diff --git a/db/post_migrate/20240508064453_drop_index_ci_pipeline_config_on_pipeline_id.rb b/db/post_migrate/20240508064453_drop_index_ci_pipeline_config_on_pipeline_id.rb
new file mode 100644
index 00000000000..a07bf3e2a9e
--- /dev/null
+++ b/db/post_migrate/20240508064453_drop_index_ci_pipeline_config_on_pipeline_id.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class DropIndexCiPipelineConfigOnPipelineId < Gitlab::Database::Migration[2.2]
+  milestone '17.1'
+
+  disable_ddl_transaction!
+
+  TABLE_NAME = :ci_pipelines_config
+  INDEX_NAME = :index_ci_pipelines_config_on_pipeline_id
+
+  def up
+    remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+
+  def down
+    add_concurrent_index(TABLE_NAME, :pipeline_id, name: INDEX_NAME)
+  end
+end
diff --git a/db/schema_migrations/20240508064453 b/db/schema_migrations/20240508064453
new file mode 100644
index 00000000000..50f3edb3c96
--- /dev/null
+++ b/db/schema_migrations/20240508064453
@@ -0,0 +1 @@
+198cd0c7bf89e14cd2c0cdbf1f4680184f35f9df5844df5470f6bc4873b3a616
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 682e647b584..91424dcb2da 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -24874,8 +24874,6 @@ CREATE INDEX index_ci_pipeline_schedules_on_owner_id_and_id_and_active ON ci_pip
 
 CREATE INDEX index_ci_pipeline_schedules_on_project_id ON ci_pipeline_schedules USING btree (project_id);
 
-CREATE INDEX index_ci_pipelines_config_on_pipeline_id ON ci_pipelines_config USING btree (pipeline_id);
-
 CREATE INDEX index_ci_pipelines_for_ondemand_dast_scans ON ci_pipelines USING btree (id) WHERE (source = 13);
 
 CREATE INDEX index_ci_pipelines_on_auto_canceled_by_id ON ci_pipelines USING btree (auto_canceled_by_id);
diff --git a/doc/architecture/blueprints/gitlab_agent_deployments/index.md b/doc/architecture/blueprints/gitlab_agent_deployments/index.md
index 79cf39aec2d..93ac8bb63f4 100644
--- a/doc/architecture/blueprints/gitlab_agent_deployments/index.md
+++ b/doc/architecture/blueprints/gitlab_agent_deployments/index.md
@@ -187,7 +187,7 @@ The microservice project setup can be improved by [Multi-Project Deployment Pipe
 - Environments can be created within the application projects. It gives more visibility of environments for developers.
 - Deployment Project can be managed under Operator group. More segregation of duties.
 - Users don't need to set up [RBAC to restrict CI/CD jobs](../../../user/clusters/agent/ci_cd_workflow.md#restrict-project-and-group-access-by-using-impersonation).
-- This is especitially helpful for [dynamic environments](../../../ci/environments/index.md#create-a-dynamic-environment), such as Review Apps.
+- This is especially helpful for [dynamic environments](../../../ci/environments/index.md#create-a-dynamic-environment) like review apps.
 
 ```mermaid
 flowchart LR
diff --git a/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md b/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md
index bfbe95c5ffa..920a94b01e2 100644
--- a/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md
+++ b/doc/ci/cloud_deployment/ecs/deploy_to_aws_ecs.md
@@ -244,9 +244,9 @@ NOTE:
 ECS deploy jobs wait for the rollout to complete before exiting. To disable this behavior,
 set `CI_AWS_ECS_WAIT_FOR_ROLLOUT_COMPLETE_DISABLED` to a non-empty value.
 
-## Set up Review Apps
+## Set up review apps
 
-To use [Review Apps](../../../development/testing_guide/review_apps.md) with ECS:
+To use [review apps](../../../development/testing_guide/review_apps.md) with ECS:
 
 1. Set up a new [service](#create-an-ecs-service).
 1. Use the `CI_AWS_ECS_SERVICE` variable to set the name.
diff --git a/doc/ci/environments/index.md b/doc/ci/environments/index.md
index fd5496c1954..6b25108088b 100644
--- a/doc/ci/environments/index.md
+++ b/doc/ci/environments/index.md
@@ -401,7 +401,7 @@ For example:
 #### Go from source files to public pages
 
 With GitLab [Route Maps](../review_apps/index.md#route-maps), you can go directly
-from source files to public pages in the environment set for Review Apps.
+from source files to public pages in the environment set for review apps.
 
 ### Stopping an environment
 
@@ -784,7 +784,9 @@ problematic deployment, they can roll back to a previous stable version.
 
 GitLab Auto Rollback eases this workflow by automatically triggering a rollback when a
 [critical alert](../../operations/incident_management/alerts.md)
-is detected. GitLab selects and redeploys the most recent successful deployment.
+is detected. 
+For GitLab to select the appropriate environment for the rollback, the alert should contain a `gitlab_environment_name` key with the name of the environment.
+GitLab selects and redeploys the most recent successful deployment.
 
 Limitations of GitLab Auto Rollback:
 
@@ -946,7 +948,7 @@ See [Deployment-only access to protected environments](protected_environments.md
 - [Dashboard for Kubernetes](kubernetes_dashboard.md)
 - [Downstream pipelines for deployments](../pipelines/downstream_pipelines.md#downstream-pipelines-for-deployments)
 - [Deploy to multiple environments with GitLab CI/CD (blog post)](https://about.gitlab.com/blog/2021/02/05/ci-deployment-and-environments/)
-- [Review Apps](../review_apps/index.md)
+- [Review apps](../review_apps/index.md)
 - [Protected environments](protected_environments.md)
 - [Environments Dashboard](../environments/environments_dashboard.md)
 - [Deployment safety](deployment_safety.md#restrict-write-access-to-a-critical-environment)
@@ -1048,7 +1050,7 @@ To fix this, use one of the following solutions:
 - Ensure the variable exists in the pipeline. Review the
   [limitation on supported variables](../variables/where_variables_can_be_used.md#gitlab-ciyml-file).
 
-#### If you get this error on Review Apps
+#### If you get this error on review apps
 
 For example, if you have the following in your `.gitlab-ci.yml`:
 
diff --git a/doc/ci/examples/end_to_end_testing_webdriverio/index.md b/doc/ci/examples/end_to_end_testing_webdriverio/index.md
index 68afd67fa1c..2d7c0636059 100644
--- a/doc/ci/examples/end_to_end_testing_webdriverio/index.md
+++ b/doc/ci/examples/end_to_end_testing_webdriverio/index.md
@@ -15,7 +15,7 @@ DETAILS:
 **Tier:** Free, Premium, Ultimate
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
-[Review Apps](../../review_apps/index.md) are great: for every merge request
+[Review apps](../../review_apps/index.md) are great: for every merge request
 (or branch, for that matter), the new code can be copied and deployed to a fresh production-like live
 environment, reducing the effort to assess the impact of changes. Thus, when we use a dependency manager like
 [Dependencies.io](https://www.dependencies.io/), it can submit a merge request with an updated dependency,
@@ -35,7 +35,7 @@ to write such end-to-end tests, and how to set up GitLab CI/CD to automatically
 against your new code, on a branch-by-branch basis. For the scope of this article, we will walk you
 through the process of setting up GitLab CI/CD for end-to-end testing JavaScript-based applications
 with WebdriverIO, but the general strategy should carry over to other languages.
-We assume you are familiar with GitLab, [GitLab CI/CD](../../index.md), [Review Apps](../../review_apps/index.md), and running your app locally, for example, on `localhost:8000`.
+We assume you are familiar with GitLab, [GitLab CI/CD](../../index.md), [review apps](../../review_apps/index.md), and running your app locally, for example, on `localhost:8000`.
 
 ## What to test
 
diff --git a/doc/ci/examples/index.md b/doc/ci/examples/index.md
index a45d7dd372b..5a22bbe81bc 100644
--- a/doc/ci/examples/index.md
+++ b/doc/ci/examples/index.md
@@ -17,7 +17,7 @@ Examples are available in several forms. As a collection of:
 
 - `.gitlab-ci.yml` [template files](#cicd-templates) maintained in GitLab, for many
   common frameworks and programming languages.
-- Repositories with [example projects](https://gitlab.com/gitlab-examples) for various languages. You can fork and adjust them to your own needs. Projects include an example of using [Review Apps with a static site served by NGINX](https://gitlab.com/gitlab-examples/review-apps-nginx/).
+- Repositories with [example projects](https://gitlab.com/gitlab-examples) for various languages. You can fork and adjust them to your own needs. Projects include an example of using [review apps with a static site served by NGINX](https://gitlab.com/gitlab-examples/review-apps-nginx/).
 - Examples and [other resources](#other-resources) listed below.
 
 ## CI/CD examples
@@ -160,7 +160,7 @@ For examples of others who have implemented GitLab CI/CD, see:
 - [GitBot - automating boring Git operations with CI](https://about.gitlab.com/blog/2017/11/02/automating-boring-git-operations-gitlab-ci/)
 - [How to use GitLab CI for Vue.js](https://about.gitlab.com/blog/2017/09/12/vuejs-app-gitlab/)
 - Video: [GitLab CI/CD Deep Dive](https://youtu.be/pBe4t1CD8Fc?t=195)
-- [Dockerizing GitLab Review Apps](https://about.gitlab.com/blog/2017/07/11/dockerizing-review-apps/)
+- [Dockerizing GitLab review apps](https://about.gitlab.com/blog/2017/07/11/dockerizing-review-apps/)
 - [Fast and natural continuous integration with GitLab CI](https://about.gitlab.com/blog/2017/05/22/fast-and-natural-continuous-integration-with-gitlab-ci/)
 - [Demo: CI/CD with GitLab in action](https://about.gitlab.com/blog/2017/03/13/ci-cd-demo/)
 
diff --git a/doc/ci/testing/browser_performance_testing.md b/doc/ci/testing/browser_performance_testing.md
index e84ae3f8f34..4212c6b2b93 100644
--- a/doc/ci/testing/browser_performance_testing.md
+++ b/doc/ci/testing/browser_performance_testing.md
@@ -132,7 +132,7 @@ browser_performance:
 
 The `Total Score` metric is based on sitespeed.io's [coach performance score](https://www.sitespeed.io/documentation/sitespeed.io/metrics/#performance-score). There is more information in [the coach documentation](https://www.sitespeed.io/documentation/coach/how-to/#what-do-the-coach-do).
 
-### Performance testing on Review Apps
+### Performance testing on review apps
 
 The above CI YAML configuration is great for testing against static environments, and it can
 be extended for dynamic environments, but a few extra steps are required:
diff --git a/doc/ci/testing/load_performance_testing.md b/doc/ci/testing/load_performance_testing.md
index ef1f74eb3f7..9daa1642fdb 100644
--- a/doc/ci/testing/load_performance_testing.md
+++ b/doc/ci/testing/load_performance_testing.md
@@ -147,7 +147,7 @@ summary values from the test.
 
 If [GitLab Pages](../../user/project/pages/index.md) is enabled, you can view the report directly in your browser.
 
-### Load Performance testing in Review Apps
+### Load Performance testing in review apps
 
 The CI/CD YAML configuration example above works for testing against static environments,
 but it can be extended to work with [review apps](../review_apps/index.md) or
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index b16e5a3140f..f8cbbe22be3 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -2385,7 +2385,7 @@ for inclusion in URLs. If the `deploy as review app` job runs in a branch named
 `pow`, this environment would be accessible with a URL like `https://review-pow.example.com/`.
 
 The common use case is to create dynamic environments for branches and use them
-as Review Apps. You can see an example that uses Review Apps at
+as review apps. You can see an example that uses review apps at
 <https://gitlab.com/gitlab-examples/review-apps-nginx/>.
 
 ### `extends`
diff --git a/doc/development/documentation/review_apps.md b/doc/development/documentation/review_apps.md
index 4b90fe47b4e..1209f8dcaa6 100644
--- a/doc/development/documentation/review_apps.md
+++ b/doc/development/documentation/review_apps.md
@@ -60,7 +60,7 @@ The following GitLab features are used among others:
 
 - [Manual jobs](../../ci/jobs/job_control.md#create-a-job-that-must-be-run-manually)
 - [Multi project pipelines](../../ci/pipelines/downstream_pipelines.md#multi-project-pipelines)
-- [Review Apps](../../ci/review_apps/index.md)
+- [Review apps](../../ci/review_apps/index.md)
 - [Artifacts](../../ci/yaml/index.md#artifacts)
 - [Merge request pipelines](../../ci/pipelines/merge_request_pipelines.md)
 
diff --git a/doc/development/pipelines/index.md b/doc/development/pipelines/index.md
index 538500d5716..bd063667c8b 100644
--- a/doc/development/pipelines/index.md
+++ b/doc/development/pipelines/index.md
@@ -243,7 +243,7 @@ When this label is assigned, the following steps of the CI/CD pipeline are skipp
 
 - The `e2e:package-and-test` job.
 - The `rspec:undercoverage` job.
-- The entire [Review Apps process](../testing_guide/review_apps.md).
+- The entire [review apps process](../testing_guide/review_apps.md).
 
 Apply the label to the merge request, and run a new pipeline for the MR.
 
@@ -283,7 +283,7 @@ the specific list of rules.
 If you want to force a Review App to be deployed regardless of your changes, you can add the
 `pipeline:run-review-app` label to the merge request.
 
-Consult the [Review Apps](../testing_guide/review_apps.md) dedicated page for more information.
+Consult the [review apps](../testing_guide/review_apps.md) dedicated page for more information.
 
 ### As-if-FOSS jobs and cross project downstream pipeline
 
diff --git a/doc/development/pipelines/internals.md b/doc/development/pipelines/internals.md
index 055b6841390..6286440f981 100644
--- a/doc/development/pipelines/internals.md
+++ b/doc/development/pipelines/internals.md
@@ -106,7 +106,7 @@ The current stages are:
 - `post-test`: This stage includes jobs that build reports or gather data from
   the `test` stage's jobs (for example, coverage, Knapsack metadata, and so on).
 - `review`: This stage includes jobs that build the CNG images, deploy them, and
-  run end-to-end tests against Review Apps (see [Review Apps](../testing_guide/review_apps.md) for details).
+  run end-to-end tests against review apps (see [review apps](../testing_guide/review_apps.md) for details).
   It also includes Docs Review App jobs.
 - `qa`: This stage includes jobs that perform QA tasks against the Review App
   that is deployed in stage `review`.
diff --git a/doc/development/testing_guide/end_to_end/test_pipelines.md b/doc/development/testing_guide/end_to_end/test_pipelines.md
index deaf7cbf163..4afe215383e 100644
--- a/doc/development/testing_guide/end_to_end/test_pipelines.md
+++ b/doc/development/testing_guide/end_to_end/test_pipelines.md
@@ -138,7 +138,7 @@ ee:my-new-job:
 ## `e2e:test-on-gdk`
 
 The `e2e:test-on-gdk` child pipeline supports development of the GitLab platform by providing feedback to engineers on
-end-to-end test execution faster than via `e2e:package-and-test` or [Review Apps](../review_apps.md).
+end-to-end test execution faster than via `e2e:package-and-test` or [review apps](../review_apps.md).
 
 This is achieved by running tests against the [GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit) (GDK),
 which can be built and installed in less time than when testing against [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab).
diff --git a/doc/topics/autodevops/customize.md b/doc/topics/autodevops/customize.md
index e1a49a0d84d..d6dd9ca7718 100644
--- a/doc/topics/autodevops/customize.md
+++ b/doc/topics/autodevops/customize.md
@@ -353,7 +353,7 @@ To use an external managed provider:
 
 1. Disable the built-in PostgreSQL installation for the required environments with
    environment-scoped [CI/CD variables](../../ci/environments/index.md#limit-the-environment-scope-of-a-cicd-variable).
-   Because the built-in PostgreSQL setup for Review Apps and staging is sufficient, you might only need to
+   Because the built-in PostgreSQL setup for review apps and staging is sufficient, you might only need to
    disable the installation for `production`.
 
    ![Auto Metrics](img/disable_postgres.png)
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index 7e1c7b19945..1cd6cba5ff2 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -15,7 +15,7 @@ that work together to support your software delivery process.
 
 Auto DevOps detects your programming language and uses [CI/CD templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates)
 to create and run default pipelines to build and test your application. Then, you can [configure deployments](requirements.md) to deploy your apps to staging
-and production, and set up [Review Apps](stages.md#auto-review-apps)
+and production, and set up [review apps](stages.md#auto-review-apps)
 to preview your changes per branch.
 
 You can use default settings to quickly ship your apps, and iterate and [customize](customize.md) later.
diff --git a/doc/topics/autodevops/multiple_clusters_auto_devops.md b/doc/topics/autodevops/multiple_clusters_auto_devops.md
index 2ae5ee9025f..c0c25b09e67 100644
--- a/doc/topics/autodevops/multiple_clusters_auto_devops.md
+++ b/doc/topics/autodevops/multiple_clusters_auto_devops.md
@@ -47,7 +47,7 @@ NOTE:
 
 | Cluster name | Cluster environment scope | `KUBE_INGRESS_BASE_DOMAIN` value | `KUBE CONTEXT` value               | Variable environment scope | Notes |
 | :------------| :-------------------------| :------------------------------- | :--------------------------------- | :--------------------------|:--|
-| review       | `review/*`                | `review.example.com`             | `path/to/project:review-agent`     | `review/*`                 | A review cluster that runs all [Review Apps](../../ci/review_apps/index.md).|
+| review       | `review/*`                | `review.example.com`             | `path/to/project:review-agent`     | `review/*`                 | A review cluster that runs all [review apps](../../ci/review_apps/index.md).|
 | staging      | `staging`                 | `staging.example.com`            | `path/to/project:staging-agent`    | `staging`                  | Optional. A staging cluster that runs the deployments of the staging environments. You must [enable it first](cicd_variables.md#deploy-policy-for-staging-and-production-environments). |
 | production   | `production`              | `example.com`                    | `path/to/project:production-agent` | `production`               | A production cluster that runs the production environment deployments. You can use [incremental rollouts](cicd_variables.md#incremental-rollout-to-production). |
 
diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md
index ef25ca062e1..15617feb382 100644
--- a/doc/topics/autodevops/stages.md
+++ b/doc/topics/autodevops/stages.md
@@ -225,7 +225,7 @@ This is an optional step, since many projects don't have a Kubernetes cluster
 available. If the [requirements](requirements.md) are not met, the job is
 silently skipped.
 
-[Review Apps](../../ci/review_apps/index.md) are temporary application environments based on the
+[Review apps](../../ci/review_apps/index.md) are temporary application environments based on the
 branch's code so developers, designers, QA, product managers, and other
 reviewers can actually see and interact with code changes as part of the review
 process. Auto Review Apps create a Review App for each branch.
diff --git a/doc/topics/release_your_application.md b/doc/topics/release_your_application.md
index 8dfebba647b..00680da1fe3 100644
--- a/doc/topics/release_your_application.md
+++ b/doc/topics/release_your_application.md
@@ -17,7 +17,7 @@ release features incrementally.
 - [Environments and deployments](../ci/environments/index.md)
 - [Releases](../user/project/releases/index.md)
 - [Packages and registries](../user/packages/index.md)
-- [Review Apps](../ci/review_apps/index.md)
+- [Review apps](../ci/review_apps/index.md)
 - [Feature flags](../operations/feature_flags.md)
 - [GitLab Pages](../user/project/pages/index.md)
 
diff --git a/doc/user/application_security/api_fuzzing/configuration/requirements.md b/doc/user/application_security/api_fuzzing/configuration/requirements.md
index 372c4875c62..1adc7adba0e 100644
--- a/doc/user/application_security/api_fuzzing/configuration/requirements.md
+++ b/doc/user/application_security/api_fuzzing/configuration/requirements.md
@@ -50,13 +50,13 @@ API Fuzzing requires a deployed application to be available to scan.
 Depending on the complexity of the target application, there are a few options as to how to deploy and configure
 the API Fuzzing template.
 
-### Review Apps
+### Review apps
 
-Review Apps are the most involved method of deploying your API Fuzzing target application. To assist in the process,
+Review apps are the most involved method of deploying your API Fuzzing target application. To assist in the process,
 we created a Review App deployment using Google Kubernetes Engine (GKE). This example can be found in our
-[Review Apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
+[Review apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
 instructions in the [README.md](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke/-/blob/master/README.md)
-on how to configure Review Apps for DAST.
+on how to configure review apps for DAST.
 
 ### Docker Services
 
diff --git a/doc/user/application_security/api_security_testing/configuration/requirements.md b/doc/user/application_security/api_security_testing/configuration/requirements.md
index a680e8c143c..6a960d7eecd 100644
--- a/doc/user/application_security/api_security_testing/configuration/requirements.md
+++ b/doc/user/application_security/api_security_testing/configuration/requirements.md
@@ -50,13 +50,13 @@ API security testing requires a deployed application to be available to scan.
 Depending on the complexity of the target application, there are a few options as to how to deploy and configure
 the API security testing template.
 
-### Review Apps
+### Review apps
 
-Review Apps are the most involved method of deploying your DAST target application. To assist in the process,
+Review apps are the most involved method of deploying your DAST target application. To assist in the process,
 we created a Review App deployment using Google Kubernetes Engine (GKE). This example can be found in our
-[Review Apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
+[Review apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
 instructions in the [README.md](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke/-/blob/master/README.md)
-on how to configure Review Apps for DAST.
+on how to configure review apps for DAST.
 
 ### Docker Services
 
diff --git a/doc/user/application_security/dast/browser/configuration/requirements.md b/doc/user/application_security/dast/browser/configuration/requirements.md
index 67c9b765b3a..aa608e108ae 100644
--- a/doc/user/application_security/dast/browser/configuration/requirements.md
+++ b/doc/user/application_security/dast/browser/configuration/requirements.md
@@ -42,13 +42,13 @@ Depending on the complexity of the target application, there are a few options a
 the DAST template. A set of example applications have been provided with their configurations in the
 [DAST demonstrations](https://gitlab.com/gitlab-org/security-products/demos/dast/) project.
 
-### Review Apps
+### Review apps
 
-Review Apps are the most involved method of deploying your DAST target application. To assist in the process,
+Review apps are the most involved method of deploying your DAST target application. To assist in the process,
 we created a Review App deployment using Google Kubernetes Engine (GKE). This example can be found in our
-[Review Apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
+[Review apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
 instructions in the [README.md](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke/-/blob/master/README.md)
-on how to configure Review Apps for DAST.
+on how to configure review apps for DAST.
 
 ### Docker Services
 
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 973f2e0c08a..d77c8f88898 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -142,13 +142,13 @@ Depending on the complexity of the target application, there are a few options a
 the DAST template. A set of example applications have been provided with their configurations in the
 [DAST demonstrations](https://gitlab.com/gitlab-org/security-products/demos/dast/) project.
 
-#### Review Apps
+#### Review apps
 
-Review Apps are the most involved method of deploying your DAST target application. To assist in the process,
+Review apps are the most involved method of deploying your DAST target application. To assist in the process,
 we created a Review App deployment using Google Kubernetes Engine (GKE). This example can be found in our
-[Review Apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
+[Review apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
 instructions in the [README.md](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke/-/blob/master/README.md)
-on how to configure Review Apps for DAST.
+on how to configure review apps for DAST.
 
 #### Docker Services
 
diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md
index 62965241d9b..6cc3562b897 100644
--- a/doc/user/application_security/dast/proxy-based.md
+++ b/doc/user/application_security/dast/proxy-based.md
@@ -35,7 +35,7 @@ The analyzer uses the [Software Security Project Zed Attack Proxy](https://www.z
   actively attack your application.
 - Passive and active (or full) scan. DAST can be [configured](#full-scan) to also perform an active scan
   to attack your application and produce a more extensive security report. It can be very
-  useful when combined with [Review Apps](../../../ci/review_apps/index.md).
+  useful when combined with [review apps](../../../ci/review_apps/index.md).
 
 ## Templates
 
diff --git a/doc/user/application_security/get-started-security.md b/doc/user/application_security/get-started-security.md
index df7110c994f..743d72f18ff 100644
--- a/doc/user/application_security/get-started-security.md
+++ b/doc/user/application_security/get-started-security.md
@@ -56,7 +56,7 @@ After you've gotten familiar with how scanning works, you can then choose to:
 1. Use [Compliance Pipelines](../group/compliance_pipelines.md)
    or [Scan Execution Policies](policies/scan-execution-policies.md) to enforce required scan types
    and ensure separation of duties between security and engineering.
-1. Consider enabling [Review Apps](../../development/testing_guide/review_apps.md) to allow for DAST
+1. Consider enabling [review apps](../../development/testing_guide/review_apps.md) to allow for DAST
    and [Web API fuzzing](api_fuzzing/index.md) on ephemeral test environments.
 1. Enable [operational container scanning](../../user/clusters/agent/vulnerabilities.md) to scan
    container images in your production cluster for security vulnerabilities.
diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md
index e53c8c55131..d13cc159179 100644
--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -90,13 +90,14 @@ To filter the list of vulnerabilities:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Secure > Vulnerability report**.
-1. Optional. To remove the default filters, select **Clear** (**{clear}**) in the filter field.
-1. Select the filter field.
+1. Optional. To remove the default filters, select **Clear** (**{clear}**).
+1. Above the list of vulnerabilities, select the filter bar.
 1. In the dropdown list that appears, select an attribute you want to filter by, then select the
    values from the dropdown list.
 1. Select outside the filter field. The vulnerability severity totals and list of matching
    vulnerabilities are updated.
-1. To filter by multiple attributes, repeat the three previous steps.
+1. To filter by multiple attributes, repeat the three previous steps. Multiple attributes are joined
+   by a logical AND.
 
 ### Tool filter
 
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 66ce21da59c..715847e5db9 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -163,7 +163,7 @@ The following table lists project permissions available for each role:
 | [Projects](project/index.md):<br>Create, edit, delete [milestones](project/milestones/index.md).                                                                                             |       | ✓        | ✓         | ✓          | ✓     |       |
 | [Projects](project/index.md):<br>Create, edit, delete [releases](project/releases/index.md)                                                                                                  |       |          | ✓         | ✓          | ✓     | If the [tag is protected](project/protected_tags.md), this depends on the access given to Developers and Maintainers. |
 | [Projects](project/index.md):<br>Create, edit [wiki](project/wiki/index.md) pages                                                                                                            |       |          | ✓         | ✓          | ✓     |       |
-| [Projects](project/index.md):<br>Enable [Review Apps](../ci/review_apps/index.md)                                                                                                            |       |          | ✓         | ✓          | ✓     |       |
+| [Projects](project/index.md):<br>Enable [review apps](../ci/review_apps/index.md)                                                                                                            |       |          | ✓         | ✓          | ✓     |       |
 | [Projects](project/index.md):<br>View project [Audit Events](../administration/audit_event_reports.md)                                                                                              |       |          | ✓         | ✓          | ✓     | Users can only view events based on their individual actions. |
 | [Projects](project/index.md):<br>Add [deploy keys](project/deploy_keys/index.md)                                                                                                             |       |          |           | ✓          | ✓     |       |
 | [Projects](project/index.md):<br>Add new [team members](project/members/index.md)                                                                                                            |       |          |           | ✓          | ✓     |       |
diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md
index 49c4f0565ca..20dd1815dd7 100644
--- a/doc/user/project/merge_requests/index.md
+++ b/doc/user/project/merge_requests/index.md
@@ -279,7 +279,7 @@ For a web developer writing a webpage for your company's website:
 
 1. You check out a new branch and submit a new page through a merge request.
 1. You gather feedback from your reviewers.
-1. You preview your changes with [Review Apps](../../../ci/review_apps/index.md).
+1. You preview your changes with [review apps](../../../ci/review_apps/index.md).
 1. You request your web designers for their implementation.
 1. You request the [approval](approvals/index.md) from your manager.
 1. Once approved, your merge request is [squashed and merged](squash_and_merge.md), and [deployed to staging with GitLab Pages](https://about.gitlab.com/blog/2021/02/05/ci-deployment-and-environments/).
diff --git a/doc/user/project/merge_requests/widgets.md b/doc/user/project/merge_requests/widgets.md
index e7effafdb9e..5c909288b9e 100644
--- a/doc/user/project/merge_requests/widgets.md
+++ b/doc/user/project/merge_requests/widgets.md
@@ -54,18 +54,18 @@ For more information, [read about pipelines](../../../ci/pipelines/index.md).
 Set a merge request that looks ready to merge to
 [merge automatically when CI pipeline succeeds](merge_when_pipeline_succeeds.md).
 
-## Live preview with Review Apps
+## Live preview with review apps
 
-If you configured [Review Apps](../../../ci/review_apps/index.md) for your project,
+If you configured [review apps](../../../ci/review_apps/index.md) for your project,
 you can preview the changes submitted to a feature branch through a merge request
 on a per-branch basis. You don't need to check out the branch, install, and preview locally.
-All your changes are available to preview by anyone with the Review Apps link.
+All your changes are available to preview by anyone with the review apps link.
 
 With GitLab [Route Maps](../../../ci/review_apps/index.md#route-maps) set, the
 merge request widget takes you directly to the pages changed, making it easier and
 faster to preview proposed modifications.
 
-[Read more about Review Apps](../../../ci/review_apps/index.md).
+[Read more about review apps](../../../ci/review_apps/index.md).
 
 ## License compliance
 
diff --git a/lib/banzai/filter/markdown_engines/glfm_markdown.rb b/lib/banzai/filter/markdown_engines/glfm_markdown.rb
index 8ccdea00ca5..d3f12047077 100644
--- a/lib/banzai/filter/markdown_engines/glfm_markdown.rb
+++ b/lib/banzai/filter/markdown_engines/glfm_markdown.rb
@@ -46,7 +46,7 @@ module Banzai
         end
 
         def headers_disabled?
-          context[:no_header_anchors] || Feature.disabled?(:native_header_anchors)
+          context[:no_header_anchors]
         end
       end
     end
diff --git a/lib/banzai/filter/table_of_contents_legacy_filter.rb b/lib/banzai/filter/table_of_contents_legacy_filter.rb
index 5f194de4b89..633d352e288 100644
--- a/lib/banzai/filter/table_of_contents_legacy_filter.rb
+++ b/lib/banzai/filter/table_of_contents_legacy_filter.rb
@@ -30,7 +30,7 @@ module Banzai
       XPATH = Gitlab::Utils::Nokogiri.css_to_xpath(CSS).freeze
 
       def call
-        return doc if MarkdownFilter.glfm_markdown?(context) && Feature.enabled?(:native_header_anchors)
+        return doc if MarkdownFilter.glfm_markdown?(context)
         return doc if context[:no_header_anchors]
 
         result[:toc] = +""
diff --git a/lib/banzai/filter/table_of_contents_tag_filter.rb b/lib/banzai/filter/table_of_contents_tag_filter.rb
index 73b91ce077a..9542621a805 100644
--- a/lib/banzai/filter/table_of_contents_tag_filter.rb
+++ b/lib/banzai/filter/table_of_contents_tag_filter.rb
@@ -44,7 +44,7 @@ module Banzai
 
       # Replace an entire `[TOC]` node
       def process_toc_tag(node)
-        build_toc if Feature.enabled?(:native_header_anchors)
+        build_toc
 
         # we still need to go one step up to also replace the surrounding <p></p>
         node.parent.replace(result[:toc].presence || '')
diff --git a/lib/gitlab/checks/integrations/beyond_identity_check.rb b/lib/gitlab/checks/integrations/beyond_identity_check.rb
index ad99c454dd7..3c1f009a42a 100644
--- a/lib/gitlab/checks/integrations/beyond_identity_check.rb
+++ b/lib/gitlab/checks/integrations/beyond_identity_check.rb
@@ -10,7 +10,6 @@ module Gitlab
 
         def initialize(integration_check)
           @changes_access = integration_check.changes_access
-          @integration = ::Integrations::BeyondIdentity.for_instance.first
         end
 
         def validate!
@@ -40,8 +39,6 @@ module Gitlab
 
         private
 
-        attr_reader :integration
-
         def skip_validation?
           return true unless integration&.activated?
           return true if updated_from_web?
@@ -71,6 +68,11 @@ module Gitlab
         rescue ::Gitlab::BeyondIdentity::Client::ApiError => _
           false
         end
+
+        def integration
+          project.beyond_identity_integration || ::Integrations::BeyondIdentity.for_instance.first
+        end
+        strong_memoize_attr :integration
       end
     end
   end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 12057aad2f4..0e07d1c7c2d 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -12771,6 +12771,9 @@ msgstr ""
 msgid "Comment/Reply (quoting selected text)"
 msgstr ""
 
+msgid "Commented on %{link_to_project}"
+msgstr ""
+
 msgid "Commenting on files that are only moved or renamed is not supported"
 msgstr ""
 
@@ -61014,9 +61017,6 @@ msgstr ""
 msgid "commented"
 msgstr ""
 
-msgid "commented on %{link_to_project}"
-msgstr ""
-
 msgid "commit"
 msgid_plural "commits"
 msgstr[0] ""
diff --git a/scripts/utils.sh b/scripts/utils.sh
index 5ac6277f8fa..3fec3e8b56a 100644
--- a/scripts/utils.sh
+++ b/scripts/utils.sh
@@ -122,9 +122,15 @@ function yarn_install_script() {
 
   retry yarn install --frozen-lockfile
 
+  section_end "yarn-install"
+}
+
+function yarn_install_script_storybook() {
+  section_start "yarn-install-storybook" "Installing Yarn packages for Storybook"
+
   retry yarn storybook:install --frozen-lockfile
 
-  section_end "yarn-install"
+  section_end "yarn-install-storybook"
 }
 
 function assets_compile_script() {
diff --git a/spec/features/integrations/exclusions/adding_exclusions_for_projects_spec.rb b/spec/features/integrations/exclusions/adding_exclusions_for_projects_spec.rb
new file mode 100644
index 00000000000..6dac5ae23b0
--- /dev/null
+++ b/spec/features/integrations/exclusions/adding_exclusions_for_projects_spec.rb
@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "Adding and removing exclusions to Beyond Identity integration", :sidekiq_inline, feature_category: :integrations do
+  let_it_be_with_reload(:project) { create(:project, :in_subgroup) }
+  let_it_be(:admin_user) { create :admin }
+
+  def create_exclusion
+    Integrations::Exclusions::CreateService.new(
+      current_user: admin_user,
+      integration_name: 'beyond_identity',
+      projects: [project]
+    ).execute
+  end
+
+  def destroy_exclusion
+    Integrations::Exclusions::DestroyService.new(
+      current_user: admin_user,
+      integration_name: 'beyond_identity',
+      projects: [project]
+    ).execute
+  end
+
+  context 'when the integration is active for the instance', :enable_admin_mode do
+    let(:instance_integration) { create :beyond_identity_integration }
+
+    before do
+      ::Integrations::PropagateService.new(instance_integration).execute
+    end
+
+    it { expect(project.reload.beyond_identity_integration).to be_activated }
+
+    context 'when the integration is deactivated' do
+      before do
+        instance_integration.update!(active: false)
+        ::Integrations::PropagateService.new(instance_integration).execute
+      end
+
+      it { expect(project.reload.beyond_identity_integration).not_to be_activated }
+    end
+
+    context 'and the project is excluded from the integration' do
+      before do
+        create_exclusion
+      end
+
+      it { expect(project.reload.beyond_identity_integration).not_to be_activated }
+
+      context 'and the exclusion is removed again' do
+        before do
+          destroy_exclusion
+        end
+
+        it { expect(project.reload.beyond_identity_integration).to be_activated }
+
+        context 'and the exclusion is added again' do
+          before do
+            create_exclusion
+          end
+
+          it { expect(project.reload.beyond_identity_integration).not_to be_activated }
+        end
+      end
+    end
+  end
+
+  context 'when the instance integration has not been activated', :enable_admin_mode do
+    context 'and an exclusion is created' do
+      before do
+        create_exclusion
+      end
+
+      it { expect(project.reload.beyond_identity_integration).not_to be_activated }
+
+      context 'and the integration is activated for the instance' do
+        let(:instance_integration) { create :beyond_identity_integration }
+
+        before do
+          ::Integrations::PropagateService.new(instance_integration).execute
+        end
+
+        it { expect(project.reload.beyond_identity_integration).not_to be_activated }
+      end
+
+      context 'and the exclusion is deleted' do
+        before do
+          destroy_exclusion
+        end
+
+        it { expect(project.reload.beyond_identity_integration).to be_nil }
+      end
+    end
+  end
+end
diff --git a/spec/lib/banzai/filter/markdown_engines/glfm_markdown_spec.rb b/spec/lib/banzai/filter/markdown_engines/glfm_markdown_spec.rb
index dfd7b8f0cce..c0d7b7e3aa4 100644
--- a/spec/lib/banzai/filter/markdown_engines/glfm_markdown_spec.rb
+++ b/spec/lib/banzai/filter/markdown_engines/glfm_markdown_spec.rb
@@ -29,19 +29,4 @@ RSpec.describe Banzai::Filter::MarkdownEngines::GlfmMarkdown, feature_category:
 
     expect(engine.render('# hi')).to eq expected
   end
-
-  context 'when feature flag is disabled' do
-    before do
-      stub_feature_flags(native_header_anchors: false)
-    end
-
-    it 'turns off header anchors' do
-      engine = described_class.new({ no_sourcepos: true })
-      expected = <<~TEXT
-        <h1>hi</h1>
-      TEXT
-
-      expect(engine.render('# hi')).to eq expected
-    end
-  end
 end
diff --git a/spec/lib/banzai/filter/table_of_contents_legacy_filter_spec.rb b/spec/lib/banzai/filter/table_of_contents_legacy_filter_spec.rb
index e6d2a394ea0..7f1f0fbb946 100644
--- a/spec/lib/banzai/filter/table_of_contents_legacy_filter_spec.rb
+++ b/spec/lib/banzai/filter/table_of_contents_legacy_filter_spec.rb
@@ -13,13 +13,7 @@ RSpec.describe Banzai::Filter::TableOfContentsLegacyFilter, feature_category: :t
     "<h#{level}>#{text}</h#{level}>\n"
   end
 
-  before do
-    stub_feature_flags(native_header_anchors: false)
-  end
-
-  # TODO: enable when feature flag is removed
-  # let_it_be(:context) { { markdown_engine: Banzai::Filter::MarkdownFilter::CMARK_ENGINE } }
-  let_it_be(:context) { {} }
+  let_it_be(:context) { { markdown_engine: Banzai::Filter::MarkdownFilter::CMARK_ENGINE } }
 
   it 'does nothing when :no_header_anchors is truthy' do
     exp = act = header(1, 'Header')
diff --git a/spec/lib/gitlab/checks/integrations/beyond_identity_check_spec.rb b/spec/lib/gitlab/checks/integrations/beyond_identity_check_spec.rb
index e82fc43b3ae..b45deefc8e0 100644
--- a/spec/lib/gitlab/checks/integrations/beyond_identity_check_spec.rb
+++ b/spec/lib/gitlab/checks/integrations/beyond_identity_check_spec.rb
@@ -4,16 +4,34 @@ require 'spec_helper'
 
 RSpec.describe Gitlab::Checks::Integrations::BeyondIdentityCheck, feature_category: :source_code_management do
   include_context 'changes access checks context'
-
-  let!(:beyond_identity_integration) { create(:beyond_identity_integration) }
-
   let(:integration_check) { Gitlab::Checks::IntegrationsCheck.new(changes_access) }
+  let!(:beyond_identity_integration) { create(:beyond_identity_integration) }
 
   subject(:check) { described_class.new(integration_check) }
 
   describe '#validate!' do
+    shared_examples_for 'exclusion from the check' do
+      context 'when the project is excluded from the check' do
+        let!(:integration_exclusion) do
+          create(:beyond_identity_integration, active: false, project: project, inherit_from_id: nil, instance: false)
+        end
+
+        it 'does not raise an error' do
+          expect { check.validate! }.not_to raise_error
+        end
+
+        context 'and the integration is not activated' do
+          let(:beyond_identity_integration) { nil }
+
+          it 'does not raise an error' do
+            expect { check.validate! }.not_to raise_error
+          end
+        end
+      end
+    end
+
     context 'when commit without GPG signature' do
-      let_it_be(:project) { create(:project, :repository) }
+      let_it_be_with_reload(:project) { create(:project, :repository) }
 
       let_it_be(:oldrev) { '1e292f8fedd741b75372e19097c76d327140c312' }
       let_it_be(:newrev) { '7b5160f9bb23a3d58a0accdbe89da13b96b1ece9' }
@@ -27,6 +45,8 @@ RSpec.describe Gitlab::Checks::Integrations::BeyondIdentityCheck, feature_catego
           .to raise_error(::Gitlab::GitAccess::ForbiddenError, 'Commit is not signed with a GPG signature')
       end
 
+      it_behaves_like 'exclusion from the check'
+
       context 'when the push happens from web' do
         let(:protocol) { 'web' }
 
@@ -56,7 +76,7 @@ RSpec.describe Gitlab::Checks::Integrations::BeyondIdentityCheck, feature_catego
     end
 
     context 'when a commit with GPG signature' do
-      let_it_be(:project) { create(:project, :repository) }
+      let_it_be_with_reload(:project) { create(:project, :repository) }
       let_it_be(:oldrev) { 'ddd0f15ae83993f5cb66a927a28673882e99100b' }
       let_it_be(:newrev) { 'f0a5ed60d24c98ec6d00ac010c1f3f01ee0a8373' }
       let!(:gpg_key) { create :gpg_key, externally_verified: true }
@@ -66,6 +86,8 @@ RSpec.describe Gitlab::Checks::Integrations::BeyondIdentityCheck, feature_catego
         project.repository.delete_branch('trailers')
       end
 
+      it_behaves_like 'exclusion from the check'
+
       context 'and the signature is unverified' do
         it 'is rejected' do
           expect { check.validate! }
diff --git a/spec/services/integrations/exclusions/base_service_spec.rb b/spec/services/integrations/exclusions/base_service_spec.rb
new file mode 100644
index 00000000000..401c44f6ea2
--- /dev/null
+++ b/spec/services/integrations/exclusions/base_service_spec.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Integrations::Exclusions::BaseService, feature_category: :integrations do
+  let(:integration_name) { 'beyond_identity' }
+  let_it_be(:admin_user) { create(:admin) }
+  let_it_be(:user) { create(:user) }
+  let(:current_user) { admin_user }
+  let_it_be(:project) { create(:project) }
+  let(:service) do
+    described_class.new(current_user: current_user, integration_name: integration_name, projects: [project])
+  end
+
+  subject(:execute) { service.execute }
+
+  it_behaves_like 'exclusions base service'
+end
diff --git a/spec/services/integrations/exclusions/create_service_spec.rb b/spec/services/integrations/exclusions/create_service_spec.rb
new file mode 100644
index 00000000000..3ab333beb64
--- /dev/null
+++ b/spec/services/integrations/exclusions/create_service_spec.rb
@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Integrations::Exclusions::CreateService, feature_category: :integrations do
+  let(:integration_name) { 'beyond_identity' }
+  let_it_be(:admin_user) { create(:admin) }
+  let_it_be(:user) { create(:user) }
+  let(:current_user) { admin_user }
+  let_it_be(:project) { create(:project) }
+  let(:projects) { [project] }
+  let(:service) do
+    described_class.new(current_user: current_user, integration_name: integration_name, projects: projects)
+  end
+
+  describe '#execute', :enable_admin_mode do
+    subject(:execute) { service.execute }
+
+    it_behaves_like 'exclusions base service'
+
+    context 'when there are existing custom settings' do
+      let!(:existing_integration) do
+        create(:beyond_identity_integration)
+      end
+
+      let!(:existing_integration2) do
+        create(
+          :beyond_identity_integration,
+          active: true,
+          project: project,
+          instance: false,
+          inherit_from_id: existing_integration.id
+        )
+      end
+
+      it 'updates those custom settings' do
+        execute
+        existing_integration2.reload
+        expect(existing_integration2.active).to be_falsey
+        expect(existing_integration2.inherit_from_id).to be_nil
+      end
+    end
+
+    it 'creates custom settings' do
+      expect { execute }.to change { Integration.count }.from(0).to(1)
+      created_integrations = execute.payload
+      expect(created_integrations.first.active).to be_falsey
+      expect(created_integrations.first.inherit_from_id).to be_nil
+    end
+
+    context 'when there are no projects passed' do
+      let(:projects) { [] }
+
+      it 'returns success response' do
+        expect(execute).to be_success
+        expect(execute.payload).to eq([])
+      end
+    end
+  end
+end
diff --git a/spec/services/integrations/exclusions/destroy_service_spec.rb b/spec/services/integrations/exclusions/destroy_service_spec.rb
new file mode 100644
index 00000000000..8e1d5105163
--- /dev/null
+++ b/spec/services/integrations/exclusions/destroy_service_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Integrations::Exclusions::DestroyService, feature_category: :integrations do
+  let(:integration_name) { 'beyond_identity' }
+  let_it_be(:admin_user) { create(:admin) }
+  let_it_be(:user) { create(:user) }
+  let(:current_user) { admin_user }
+  let_it_be(:project) { create(:project) }
+  let(:service) do
+    described_class.new(current_user: current_user, integration_name: integration_name, projects: [project])
+  end
+
+  describe '#execute', :enable_admin_mode do
+    subject(:execute) { service.execute }
+
+    it_behaves_like 'exclusions base service'
+
+    context 'when there are existing custom settings' do
+      let!(:exclusion) do
+        create(:beyond_identity_integration, active: false, project: project, instance: false, inherit_from_id: nil)
+      end
+
+      it 'deletes the exclusions' do
+        expect { execute }.to change { Integration.count }.from(1).to(0)
+        expect(execute.payload).to contain_exactly(exclusion)
+      end
+
+      context 'and the integration is active for the instance' do
+        let!(:instance_integration) { create(:beyond_identity_integration) }
+
+        it 'updates the exclusion integration to be active' do
+          expect { execute }.to change { exclusion.reload.active }.from(false).to(true)
+          expect(exclusion.inherit_from_id).to eq(instance_integration.id)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/support/shared_examples/integrations/exclusions/base_service_examples.rb b/spec/support/shared_examples/integrations/exclusions/base_service_examples.rb
new file mode 100644
index 00000000000..0027f19d102
--- /dev/null
+++ b/spec/support/shared_examples/integrations/exclusions/base_service_examples.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'exclusions base service' do
+  context 'when the integration is not instance specific', :enable_admin_mode do
+    let(:integration_name) { 'mock_ci' }
+
+    it 'returns an error response' do
+      expect(execute).to be_error
+      expect(execute.message).to eq('not instance specific')
+    end
+  end
+
+  context 'when the user is not authorized', :enable_admin_mode do
+    let(:current_user) { user }
+
+    it 'returns an error response' do
+      expect(execute).to be_error
+      expect(execute.message).to eq('not authorized')
+    end
+  end
+end