root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-12-17 00:28:34 +00:00
parent 5d19eb9b89
commit 77f15abfc5
218 changed files with 689 additions and 1679 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/assets/javascripts/ci/pipeline_mini_graph/graphql/queries/get_pipeline_stages.query.graphql
View File

@ -1,19 +0,0 @@
query getPipelineStages($fullPath: ID!, $iid: ID!) {
project(fullPath: $fullPath) {
id
pipeline(iid: $iid) {
id
stages {
nodes {
id
name
detailedStatus {
id
icon
group
}
}
}
}
}
}

21
app/assets/javascripts/merge_request_dashboard/components/assigned_users.vue
View File

@ -9,19 +9,23 @@ const MAX_VISIBLE_USERS = 3;
const REVIEW_STATE_ICONS = {
APPROVED: {
name: 'check-circle',
class: 'gl-bg-green-100 gl-text-green-500',
backgroundClass: 'gl-bg-status-success',
foregroundClass: 'gl-fill-status-success',
},
REQUESTED_CHANGES: {
name: 'error',
class: 'gl-bg-red-100 gl-text-red-500',
backgroundClass: 'gl-bg-status-danger',
foregroundClass: 'gl-fill-status-danger',
},
REVIEWED: {
name: 'comment-lines',
class: 'gl-bg-blue-100 gl-text-blue-500',
backgroundClass: 'gl-bg-status-info',
foregroundClass: 'gl-fill-status-info',
},
REVIEW_STARTED: {
name: 'comment-dots',
class: 'gl-bg-gray-100 gl-text-subtle',
backgroundClass: 'gl-bg-status-neutral',
foregroundClass: 'gl-fill-status-neutral',
},
};
const USER_TOOLTIP_TITLES = {
@ -147,10 +151,15 @@ export default {
<span
v-if="reviewStateIcon(user)"
class="gl-absolute -gl-bottom-2 -gl-right-2 gl-flex gl-h-5 gl-w-5 gl-items-center gl-justify-center gl-rounded-full gl-p-1"
:class="reviewStateIcon(user).class"
:class="reviewStateIcon(user).backgroundClass"
data-testid="review-state-icon"
>
<gl-icon :name="reviewStateIcon(user).name" class="gl-block" :size="12" />
<gl-icon
:name="reviewStateIcon(user).name"
class="gl-block"
:class="reviewStateIcon(user).foregroundClass"
:size="12"
/>
</span>
</gl-avatar-link>
</template>

1
app/assets/javascripts/merge_requests/list/queries/merge_request.fragment.graphql
View File

@ -9,6 +9,7 @@ fragment MergeRequestFragment on MergeRequest {
state
title
updatedAt
mergedAt
upvotes
resolvedDiscussionsCount @include(if: $isSignedIn)
resolvableDiscussionsCount @include(if: $isSignedIn)

31
app/assets/javascripts/ml/experiment_tracking/components/performance_graph.vue
View File

@ -1,10 +1,12 @@
<script>
import { GlLineChart } from '@gitlab/ui/dist/charts';
import { GlEmptyState } from '@gitlab/ui';
import { s__ } from '~/locale';
import { CREATE_EXPERIMENT_HELP_PATH } from '~/ml/experiment_tracking/routes/experiments/index/constants';
export default {
name: 'PerformanceGraph',
components: { GlLineChart },
components: { GlLineChart, GlEmptyState },
props: {
candidates: {
type: Array,
@ -14,6 +16,11 @@ export default {
type: Array,
required: true,
},
emptyStateSvgPath: {
type: String,
required: false,
default: '',
},
},
data() {
return {
@ -24,6 +31,11 @@ export default {
i18n: {
xAxisLabel: s__('ExperimentTracking|Candidate'),
yAxisLabel: s__('ExperimentTracking|Metric value'),
createNewCandidateLabel: s__('ExperimentTracking|Create candidate using MLflow'),
emptyStateLabel: s__('ExperimentTracking|No candidates'),
emptyStateDescriptionLabel: s__(
'ExperimentTracking|Performance graph will be shown when candidates with logged metrics are available',
),
},
computed: {
graphData() {
@ -55,6 +67,12 @@ export default {
toolbox: { show: true },
};
},
showGraph() {
return this.candidates.length > 0 && this.metricNames.length > 0;
},
},
constants: {
CREATE_EXPERIMENT_HELP_PATH,
},
methods: {
formatTooltipText(params) {
@ -70,6 +88,7 @@ export default {
<template>
<gl-line-chart
v-if="showGraph"
:data="graphData"
:option="graphOptions"
show-legend
@ -87,4 +106,14 @@ export default {
</div>
</template>
</gl-line-chart>
<gl-empty-state
v-else
:title="$options.i18n.emptyStateLabel"
:secondary-button-text="$options.i18n.createNewCandidateLabel"
:secondary-button-link="$options.constants.CREATE_EXPERIMENT_HELP_PATH"
:svg-path="emptyStateSvgPath"
:svg-height="null"
:description="$options.i18n.emptyStateDescriptionLabel"
class="gl-py-8"
/>
</template>

156
app/assets/javascripts/projects/commit_box/info/components/commit_box_pipeline_mini_graph.vue
View File

@ -1,156 +0,0 @@
<script>
import { GlLoadingIcon } from '@gitlab/ui';
import { createAlert } from '~/alert';
import { __ } from '~/locale';
import { getQueryHeaders, toggleQueryPollingByVisibility } from '~/ci/pipeline_details/graph/utils';
import { keepLatestDownstreamPipelines } from '~/ci/pipeline_details/utils/parsing_utils';
import LegacyPipelineMiniGraph from '~/ci/pipeline_mini_graph/legacy_pipeline_mini_graph/legacy_pipeline_mini_graph.vue';
import PipelineMiniGraph from '~/ci/pipeline_mini_graph/pipeline_mini_graph.vue';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import getLinkedPipelinesQuery from '~/ci/pipeline_details/graphql/queries/get_linked_pipelines.query.graphql';
import getPipelineStagesQuery from '~/ci/pipeline_mini_graph/graphql/queries/get_pipeline_stages.query.graphql';
import { formatStages } from '../utils';
import { COMMIT_BOX_POLL_INTERVAL } from '../constants';
export default {
i18n: {
linkedPipelinesFetchError: __('There was a problem fetching linked pipelines.'),
stageConversionError: __('There was a problem handling the pipeline data.'),
stagesFetchError: __('There was a problem fetching the pipeline stages.'),
},
components: {
GlLoadingIcon,
LegacyPipelineMiniGraph,
PipelineMiniGraph,
},
mixins: [glFeatureFlagsMixin()],
inject: {
fullPath: {
default: '',
},
iid: {
default: '',
},
graphqlResourceEtag: {
default: '',
},
},
props: {
stages: {
type: Array,
required: true,
},
},
apollo: {
pipeline: {
context() {
return getQueryHeaders(this.graphqlResourceEtag);
},
query: getLinkedPipelinesQuery,
pollInterval: COMMIT_BOX_POLL_INTERVAL,
skip() {
return !this.fullPath || !this.iid || this.isUsingPipelineMiniGraphQueries;
},
variables() {
return {
fullPath: this.fullPath,
iid: this.iid,
};
},
update({ project }) {
return project?.pipeline;
},
error() {
createAlert({ message: this.$options.i18n.linkedPipelinesFetchError });
},
},
pipelineStages: {
context() {
return getQueryHeaders(this.graphqlResourceEtag);
},
query: getPipelineStagesQuery,
pollInterval: COMMIT_BOX_POLL_INTERVAL,
skip() {
return this.isUsingPipelineMiniGraphQueries;
},
variables() {
return {
fullPath: this.fullPath,
iid: this.iid,
};
},
update({ project }) {
return project?.pipeline?.stages?.nodes || [];
},
error() {
createAlert({ message: this.$options.i18n.stagesFetchError });
},
},
},
data() {
return {
formattedStages: [],
pipeline: null,
pipelineStages: [],
};
},
computed: {
downstreamPipelines() {
const downstream = this.pipeline?.downstream?.nodes;
return keepLatestDownstreamPipelines(downstream);
},
isUsingPipelineMiniGraphQueries() {
return this.glFeatures.ciGraphqlPipelineMiniGraph;
},
pipelinePath() {
return this.pipeline?.path ?? '';
},
upstreamPipeline() {
return this.pipeline?.upstream;
},
},
watch: {
pipelineStages() {
// pipelineStages are from GraphQL
// stages are from REST
// we do this to use dropdown_path for fetching jobs on stage click
try {
this.formattedStages = formatStages(this.pipelineStages, this.stages);
} catch (error) {
createAlert({
message: this.$options.i18n.stageConversionError,
captureError: true,
error,
});
}
},
},
mounted() {
toggleQueryPollingByVisibility(this.$apollo.queries.pipelineStages);
toggleQueryPollingByVisibility(this.$apollo.queries.pipeline);
},
};
</script>
<template>
<div>
<gl-loading-icon v-if="$apollo.queries.pipeline.loading" />
<template v-else>
<pipeline-mini-graph
v-if="isUsingPipelineMiniGraphQueries"
data-testid="commit-box-pipeline-mini-graph"
:pipeline-etag="graphqlResourceEtag"
:full-path="fullPath"
:iid="iid"
/>
<legacy-pipeline-mini-graph
v-else
data-testid="commit-box-pipeline-mini-graph"
:downstream-pipelines="downstreamPipelines"
:pipeline-path="pipelinePath"
:stages="formattedStages"
:upstream-pipeline="upstreamPipeline"
/>
</template>
</div>
</template>

68
app/assets/javascripts/projects/commit_box/info/components/commit_box_pipeline_status.vue
View File

@ -1,68 +0,0 @@
<script>
import { GlLoadingIcon } from '@gitlab/ui';
import CiIcon from '~/vue_shared/components/ci_icon/ci_icon.vue';
import { createAlert } from '~/alert';
import { getQueryHeaders, toggleQueryPollingByVisibility } from '~/ci/pipeline_details/graph/utils';
import getLatestPipelineStatusQuery from '../graphql/queries/get_latest_pipeline_status.query.graphql';
import { COMMIT_BOX_POLL_INTERVAL, PIPELINE_STATUS_FETCH_ERROR } from '../constants';
export default {
PIPELINE_STATUS_FETCH_ERROR,
components: {
CiIcon,
GlLoadingIcon,
},
inject: {
fullPath: {
default: '',
},
iid: {
default: '',
},
graphqlResourceEtag: {
default: '',
},
},
apollo: {
pipelineStatus: {
context() {
return getQueryHeaders(this.graphqlResourceEtag);
},
query: getLatestPipelineStatusQuery,
pollInterval: COMMIT_BOX_POLL_INTERVAL,
variables() {
return {
fullPath: this.fullPath,
iid: this.iid,
};
},
update({ project }) {
return project?.pipeline?.detailedStatus || {};
},
error() {
createAlert({ message: this.$options.PIPELINE_STATUS_FETCH_ERROR });
},
},
},
data() {
return {
pipelineStatus: null,
};
},
computed: {
loading() {
return this.$apollo.queries.pipelineStatus.loading;
},
},
mounted() {
toggleQueryPollingByVisibility(this.$apollo.queries.pipelineStatus);
},
};
</script>
<template>
<div class="gl-mr-2 gl-inline-block gl-align-middle">
<gl-loading-icon v-if="loading" />
<ci-icon v-else-if="pipelineStatus" :status="pipelineStatus" />
</div>
</template>

6
app/assets/javascripts/projects/commit_box/info/constants.js
View File

@ -1,11 +1,5 @@
import { __, s__ } from '~/locale';
export const COMMIT_BOX_POLL_INTERVAL = 10000;
export const PIPELINE_STATUS_FETCH_ERROR = __(
'There was a problem fetching the latest pipeline status.',
);
export const BRANCHES = s__('Commit|Branches');
export const TAGS = s__('Commit|Tags');

13
app/assets/javascripts/projects/commit_box/info/graphql/queries/get_latest_pipeline_status.query.graphql
View File

@ -1,13 +0,0 @@
#import "~/graphql_shared/fragments/ci_icon.fragment.graphql"
query getLatestPipelineStatus($fullPath: ID!, $iid: ID!) {
project(fullPath: $fullPath) {
id
pipeline(iid: $iid) {
id
detailedStatus {
...CiIcon
}
}
}
}

44
app/assets/javascripts/projects/commit_box/info/init_commit_pipeline_mini_graph.js
View File

@ -1,44 +0,0 @@
import Vue from 'vue';
import VueApollo from 'vue-apollo';
import createDefaultClient from '~/lib/graphql';
Vue.use(VueApollo);
const apolloProvider = new VueApollo({
defaultClient: createDefaultClient(),
});
export const initCommitPipelineMiniGraph = async (selector = '.js-commit-pipeline-mini-graph') => {
const el = document.querySelector(selector);
if (!el) {
return;
}
const { stages, fullPath, iid, graphqlResourceEtag } = el.dataset;
// Some commits have no pipeline, code splitting to load the pipeline optionally
const { default: CommitBoxPipelineMiniGraph } = await import(
/* webpackChunkName: 'commitBoxPipelineMiniGraph' */ './components/commit_box_pipeline_mini_graph.vue'
);
// eslint-disable-next-line no-new
new Vue({
el,
apolloProvider,
provide: {
fullPath,
iid,
dataMethod: 'graphql',
graphqlResourceEtag,
},
render(createElement) {
return createElement(CommitBoxPipelineMiniGraph, {
props: {
// if stages do not exist for some reason, protect JSON.parse from erroring out
stages: stages ? JSON.parse(stages) : [],
},
});
},
});
};

15
app/assets/javascripts/projects/commit_box/info/utils.js
View File

@ -1,15 +0,0 @@
export const formatStages = (graphQLStages = [], restStages = []) => {
if (graphQLStages.length !== restStages.length) {
throw new Error('Rest stages and graphQl stages must be the same length');
}
return graphQLStages.map((stage, index) => {
return {
name: stage.name,
id: restStages[index]?.id,
status: stage.detailedStatus,
dropdown_path: restStages[index]?.dropdown_path || '',
title: restStages[index].title || '',
};
});
};

10
app/assets/javascripts/vue_shared/issuable/list/components/issuable_item.vue
View File

@ -166,6 +166,9 @@ export default {
isClosed() {
return [STATUS_CLOSED, STATE_CLOSED].includes(this.issuable.state);
},
statusTooltip() {
return this.issuable.mergedAt ? this.tooltipTitle(this.issuable.mergedAt) : '';
},
timestamp() {
return this.isClosed && this.issuable.closedAt
? this.issuable.closedAt
@ -495,7 +498,12 @@ export default {
<ul v-if="showIssuableMeta" class="controls gl-gap-3">
<!-- eslint-disable-next-line @gitlab/vue-prefer-dollar-scopedslots -->
<li v-if="$slots.status" data-testid="issuable-status" class="!gl-mr-0">
<gl-badge v-if="!isOpen" :variant="statusBadgeVariant">
<gl-badge
v-if="!isOpen"
v-gl-tooltip.top
:variant="statusBadgeVariant"
:title="statusTooltip"
>
<slot name="status"></slot>
</gl-badge>
<slot v-else name="status"></slot>

4
app/controllers/admin/slacks_controller.rb
View File

@ -2,10 +2,6 @@
module Admin
class SlacksController < Admin::ApplicationController
before_action do
render_404 if Feature.disabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta)
end
include ::Integrations::SlackControllerSettings
private

4
app/controllers/groups/settings/slacks_controller.rb
View File

@ -5,10 +5,6 @@ module Groups
class SlacksController < Groups::ApplicationController
before_action :authorize_admin_group!
before_action do
render_404 if Feature.disabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta)
end
include ::Integrations::SlackControllerSettings
layout 'group_settings'

12
app/models/concerns/integrations/base/integration.rb
View File

@ -228,8 +228,7 @@ module Integrations
def integration_names
names = INTEGRATION_NAMES.dup
unless Feature.enabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta) && # rubocop:disable Gitlab/FeatureFlagWithoutActor -- existing code moved as is
(Gitlab::CurrentSettings.slack_app_enabled || Gitlab.dev_or_test_env?)
unless Gitlab::CurrentSettings.slack_app_enabled || Gitlab.dev_or_test_env?
names.delete('gitlab_slack_application')
end
@ -251,14 +250,7 @@ module Integrations
end
def project_specific_integration_names
names = PROJECT_LEVEL_ONLY_INTEGRATION_NAMES.dup
if Feature.disabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta) && # rubocop:disable Gitlab/FeatureFlagWithoutActor -- existing code moved as is
(Gitlab::CurrentSettings.slack_app_enabled || Gitlab.dev_or_test_env?)
names << 'gitlab_slack_application'
end
names
PROJECT_LEVEL_ONLY_INTEGRATION_NAMES.dup
end
def project_and_group_specific_integration_names

6
app/services/import/reassign_placeholder_user_records_service.rb
View File

@ -236,8 +236,7 @@ module Import
health_context = Gitlab::Database::HealthStatus::Context.new(
DatabaseHealthStatusChecker.new(import_source_user.id, self.class.name),
nil,
[model.table_name],
nil
[model.table_name]
)
stop_signal = Gitlab::Database::HealthStatus
@ -253,8 +252,7 @@ module Import
health_context = Gitlab::Database::HealthStatus::Context.new(
DatabaseHealthStatusChecker.new(import_source_user.id, self.class.name),
Gitlab::Database.schemas_to_base_models[gitlab_schema].first,
nil,
gitlab_schema
nil
)
Gitlab::Database::HealthStatus

3
app/services/integrations/propagation/bulk_create_service.rb
View File

@ -17,8 +17,7 @@ module Integrations
bulk_insert_data_fields(inserted_ids) if integration.data_fields_present?
if integration.is_a?(GitlabSlackApplication) && integration.active? &&
Feature.enabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta)
if integration.is_a?(GitlabSlackApplication) && integration.active?
inserted_slack_ids = bulk_insert_slack_integrations(inserted_ids)
bulk_insert_slack_integration_scopes(inserted_slack_ids)
end

5
app/services/integrations/propagation/bulk_update_service.rb
View File

@ -22,9 +22,8 @@ module Integrations
)
end
if integration.is_a?(GitlabSlackApplication) &&
Feature.enabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta)
if integration.active? # rubocop: disable Cop/LineBreakAroundConditionalBlock -- Misidentified
if integration.is_a?(GitlabSlackApplication)
if integration.active?
bulk_update_slack_integrations
else
bulk_delete_slack_integrations

3
app/views/shared/integrations/gitlab_slack_application/_help.html.haml
View File

@ -6,5 +6,4 @@
%p
= s_("SlackIntegration|See the list of available commands in Slack after setting up this integration by entering")
%kbd.gl-inline-block /gitlab help
- if integration.project_level? || Feature.enabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta)
= render "shared/integrations/#{integration.to_param}/slack_integration_form", integration: integration
= render "shared/integrations/#{integration.to_param}/slack_integration_form", integration: integration

9
config/feature_flags/beta/gitlab_for_slack_app_instance_and_group_level.yml
View File

@ -1,9 +0,0 @@
---
name: gitlab_for_slack_app_instance_and_group_level
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/391526
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142868
rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17410
milestone: '16.10'
group: group::import and integrate
type: beta
default_enabled: true

6
doc/administration/settings/slack_app.md
View File

@ -74,11 +74,7 @@ To use Slash commands for a project, configure the [GitLab for Slack app](../../
> - Installation for a specific instance [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/391526) in GitLab 16.10 [with a flag](../../administration/feature_flags.md) named `gitlab_for_slack_app_instance_and_group_level`. Disabled by default.
> - [Enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147820) in GitLab 16.11.
FLAG:
On self-managed GitLab, by default this feature is available.
To hide the feature, an administrator can [disable the feature flag](../../administration/feature_flags.md) named `gitlab_for_slack_app_instance_and_group_level`.
On GitLab.com and GitLab Dedicated, this feature is available.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175803) in GitLab 17.8. Feature flag `gitlab_for_slack_app_instance_and_group_level` removed.
Prerequisites:

8
doc/api/graphql/reference/index.md
View File

@ -31540,7 +31540,7 @@ Project-level settings for product analytics provider.
| <a id="projectrequestaccessenabled"></a>`requestAccessEnabled` | [`Boolean`](#boolean) | Indicates if users can request member access to the project. |
| <a id="projectrequirementstatescount"></a>`requirementStatesCount` | [`RequirementStatesCount`](#requirementstatescount) | Number of requirements for the project by their state. |
| <a id="projectsastciconfiguration"></a>`sastCiConfiguration` | [`SastCiConfiguration`](#sastciconfiguration) | SAST CI configuration for the project. |
| <a id="projectsavedreplies"></a>`savedReplies` **{warning-solid}** | [`ProjectSavedReplyConnection`](#projectsavedreplyconnection) | **Introduced** in GitLab 16.11. **Status**: Experiment. Saved replies available to the project. Available only when feature flag `project_saved_replies_flag` is enabled. |
| <a id="projectsavedreplies"></a>`savedReplies` | [`ProjectSavedReplyConnection`](#projectsavedreplyconnection) | Saved replies available to the project. (see [Connections](#connections)) |
| <a id="projectsecuritydashboardpath"></a>`securityDashboardPath` | [`String`](#string) | Path to project's security dashboard. |
| <a id="projectsecuritypolicyproject"></a>`securityPolicyProject` | [`Project`](#project) | Security policy project assigned to the project, absent if assigned to a parent group. |
| <a id="projectsecuritypolicyprojectlinkedgroups"></a>`securityPolicyProjectLinkedGroups` | [`GroupConnection`](#groupconnection) | Groups linked to the project, when used as Security Policy Project. (see [Connections](#connections)) |
@ -33080,11 +33080,7 @@ four standard [pagination arguments](#pagination-arguments):
##### `Project.savedReply`
Saved reply in the project. Available only when feature flag `group_saved_replies_flag` is enabled.
DETAILS:
**Introduced** in GitLab 16.11.
**Status**: Experiment.
Saved reply in the project.
Returns [`ProjectSavedReply`](#projectsavedreply).

2
doc/ci/pipelines/merge_trains.md
View File

@ -197,7 +197,7 @@ To remove a merge request from a merge train:
## Skip the merge train and merge immediately
If you have a high-priority merge request, like a critical patch that must
be merged urgently, you can select **Merge Immediately**.
be merged urgently, you can select **Merge immediately**.
When you merge a merge request immediately:

10
doc/install/install_ai_gateway.md
View File

@ -188,3 +188,13 @@ Ensure that:
If access issues persist, check that authentication is correctly configured, and that the health check passes.
In case of persistent issues, the error message may suggest bypassing authentication with `AIGW_AUTH__BYPASS_EXTERNAL=true`, but only do this for troubleshooting.
You can also run a [health check](../user/gitlab_duo/setup.md#run-a-health-check-for-gitlab-duo) by going to **Admin > GitLab Duo**.
These tests are performed for offline environments:
| Test | Description |
|-----------------|-------------|
| Network | Tests whether: <br>- The environment variable `AI_GATEWAY_URL` has been set to a valid URL.<br> - Your instance can connect to the URL specified by `AI_GATEWAY_URL`.<br><br>If your instance cannot connect to the URL, ensure that your firewall or proxy server settings [allow connection](../user/gitlab_duo/setup.md). |
| License | Tests whether your license has the ability to access Code Suggestions feature. |
| System exchange | Tests whether Code Suggestions can be used in your instance. If the system exchange assessment fails, users might not be able to use GitLab Duo features. |

12
doc/subscriptions/subscription-add-ons.md
View File

@ -41,8 +41,8 @@ Prerequisites:
- You must have the Owner role.
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > Usage Quotas**.
1. Select the **GitLab Duo** tab.
1. Select **Settings > GitLab Duo**.
1. By **Seat utilization**, select **Assign seats**.
1. Select **Add seats**.
1. In the Customers Portal, in the **Add additional seats** field, enter the number of seats. The amount
cannot be higher than the number of seats in the subscription associated with your group namespace.
@ -85,7 +85,7 @@ To use GitLab Duo features in any project or group, you must assign the user to
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > GitLab Duo**.
1. Select **Assign seats** on the **Seat utilization** card.
1. By **Seat utilization**, select **Assign seats**.
1. To the right of the user, turn on the toggle to assign a GitLab Duo seat.
The user is sent a confirmation email.
@ -103,7 +103,7 @@ Prerequisites:
1. On the left sidebar, select **Subscription**.
1. In **Subscription details**, to the right of **Last sync**, select
synchronize subscription (**{retry}**).
1. Select **Assign seats** on the **Seat utilization** card.
1. By **Seat utilization**, select **Assign seats**.
1. To the right of the user, turn on the toggle to assign a GitLab Duo seat.
The user is sent a confirmation email.
@ -167,7 +167,7 @@ Prerequisites:
1. On the left sidebar, select **Search or go to** and find your group.
1. Select **Settings > GitLab Duo**.
1. Select **Assign seats** on the **Seat utilization** card.
1. By **Seat utilization**, select **Assign seats**.
1. From the filter bar, select **Assigned seat** and **Yes**.
1. User list is filtered to only users assigned a GitLab Duo seat.
@ -185,7 +185,7 @@ Prerequisites:
1. On the left sidebar, select **Subscription**.
1. In **Subscription details**, to the right of **Last sync**, select
synchronize subscription (**{retry}**).
1. Select **Assign seats** on the **Seat utilization** card.
1. By **Seat utilization**, select **Assign seats**.
1. To filter by users assigned to a GitLab Duo seat, in the **Filter users** bar, select **Assigned seat**, then select **Yes**.
1. User list is filtered to only users assigned a GitLab Duo seat.

178
doc/user/application_security/sast/advanced_sast_coverage.md
View File

@ -29,94 +29,96 @@ GitLab Advanced SAST finds the following types of weaknesses in each programming
<!-- Table contents are automatically produced by a job in https://gitlab.com/gitlab-org/security-products/oxeye/product/oxeye-rulez. -->
| CWE | CWE Description | C# | Go | Java | JavaScript, TypeScript | Python | Ruby |
|:-------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------|:-----------------------|:-----------------------|:-----------------------|:-------------------------|:-----------------------|:-----------------------|
| [CWE-15](https://cwe.mitre.org/data/definitions/15.html) | External Control of System or Configuration Setting | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-22](https://cwe.mitre.org/data/definitions/22.html) | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-23](https://cwe.mitre.org/data/definitions/23.html) | Relative Path Traversal | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-73](https://cwe.mitre.org/data/definitions/73.html) | External Control of File Name or Path | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-76](https://cwe.mitre.org/data/definitions/76.html) | Improper Neutralization of Equivalent Special Elements | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-77](https://cwe.mitre.org/data/definitions/77.html) | Improper Neutralization of Special Elements used in a Command ('Command Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-78](https://cwe.mitre.org/data/definitions/78.html) | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-79](https://cwe.mitre.org/data/definitions/79.html) | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-80](https://cwe.mitre.org/data/definitions/80.html) | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-88](https://cwe.mitre.org/data/definitions/88.html) | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-89](https://cwe.mitre.org/data/definitions/89.html) | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-90](https://cwe.mitre.org/data/definitions/90.html) | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-91](https://cwe.mitre.org/data/definitions/91.html) | XML Injection (aka Blind XPath Injection) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-94](https://cwe.mitre.org/data/definitions/94.html) | Improper Control of Generation of Code ('Code Injection') | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-95](https://cwe.mitre.org/data/definitions/95.html) | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-113](https://cwe.mitre.org/data/definitions/113.html) | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-116](https://cwe.mitre.org/data/definitions/116.html) | Improper Encoding or Escaping of Output | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-118](https://cwe.mitre.org/data/definitions/118.html) | Incorrect Access of Indexable Resource ('Range Error') | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-125](https://cwe.mitre.org/data/definitions/125.html) | Out-of-bounds Read | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-134](https://cwe.mitre.org/data/definitions/134.html) | Use of Externally-Controlled Format String | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-155](https://cwe.mitre.org/data/definitions/155.html) | Improper Neutralization of Wildcards or Matching Symbols | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-180](https://cwe.mitre.org/data/definitions/180.html) | Incorrect Behavior Order: Validate Before Canonicalize | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-182](https://cwe.mitre.org/data/definitions/182.html) | Collapse of Data into Unsafe Value | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-185](https://cwe.mitre.org/data/definitions/185.html) | Incorrect Regular Expression | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-190](https://cwe.mitre.org/data/definitions/190.html) | Integer Overflow or Wraparound | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-208](https://cwe.mitre.org/data/definitions/208.html) | Observable Timing Discrepancy | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-209](https://cwe.mitre.org/data/definitions/209.html) | Generation of Error Message Containing Sensitive Information | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-242](https://cwe.mitre.org/data/definitions/242.html) | Use of Inherently Dangerous Function | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-272](https://cwe.mitre.org/data/definitions/272.html) | Least Privilege Violation | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-276](https://cwe.mitre.org/data/definitions/276.html) | Incorrect Default Permissions | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-295](https://cwe.mitre.org/data/definitions/295.html) | Improper Certificate Validation | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-297](https://cwe.mitre.org/data/definitions/297.html) | Improper Validation of Certificate with Host Mismatch | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-306](https://cwe.mitre.org/data/definitions/306.html) | Missing Authentication for Critical Function | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-311](https://cwe.mitre.org/data/definitions/311.html) | Missing Encryption of Sensitive Data | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-319](https://cwe.mitre.org/data/definitions/319.html) | Cleartext Transmission of Sensitive Information | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-322](https://cwe.mitre.org/data/definitions/322.html) | Key Exchange without Entity Authentication | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-323](https://cwe.mitre.org/data/definitions/323.html) | Reusing a Nonce, Key Pair in Encryption | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-326](https://cwe.mitre.org/data/definitions/326.html) | Inadequate Encryption Strength | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-327](https://cwe.mitre.org/data/definitions/327.html) | Use of a Broken or Risky Cryptographic Algorithm | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-328](https://cwe.mitre.org/data/definitions/328.html) | Use of Weak Hash | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-338](https://cwe.mitre.org/data/definitions/338.html) | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-346](https://cwe.mitre.org/data/definitions/346.html) | Origin Validation Error | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-347](https://cwe.mitre.org/data/definitions/347.html) | Improper Verification of Cryptographic Signature | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-348](https://cwe.mitre.org/data/definitions/348.html) | Use of Less Trusted Source | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-352](https://cwe.mitre.org/data/definitions/352.html) | Cross-Site Request Forgery (CSRF) | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-358](https://cwe.mitre.org/data/definitions/358.html) | Improperly Implemented Security Check for Standard | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-369](https://cwe.mitre.org/data/definitions/369.html) | Divide By Zero | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-377](https://cwe.mitre.org/data/definitions/377.html) | Insecure Temporary File | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-409](https://cwe.mitre.org/data/definitions/409.html) | Improper Handling of Highly Compressed Data (Data Amplification) | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-489](https://cwe.mitre.org/data/definitions/489.html) | Active Debug Code | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-502](https://cwe.mitre.org/data/definitions/502.html) | Deserialization of Untrusted Data | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-521](https://cwe.mitre.org/data/definitions/521.html) | Weak Password Requirements | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-522](https://cwe.mitre.org/data/definitions/522.html) | Insufficiently Protected Credentials | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-552](https://cwe.mitre.org/data/definitions/552.html) | Files or Directories Accessible to External Parties | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-554](https://cwe.mitre.org/data/definitions/554.html) | ASP.NET Misconfiguration: Not Using Input Validation Framework | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-599](https://cwe.mitre.org/data/definitions/599.html) | Missing Validation of OpenSSL Certificate | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-601](https://cwe.mitre.org/data/definitions/601.html) | URL Redirection to Untrusted Site ('Open Redirect') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-606](https://cwe.mitre.org/data/definitions/606.html) | Unchecked Input for Loop Condition | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-611](https://cwe.mitre.org/data/definitions/611.html) | Improper Restriction of XML External Entity Reference | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-613](https://cwe.mitre.org/data/definitions/613.html) | Insufficient Session Expiration | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-614](https://cwe.mitre.org/data/definitions/614.html) | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-639](https://cwe.mitre.org/data/definitions/639.html) | Authorization Bypass Through User-Controlled Key | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-643](https://cwe.mitre.org/data/definitions/643.html) | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-704](https://cwe.mitre.org/data/definitions/704.html) | Incorrect Type Conversion or Cast | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-732](https://cwe.mitre.org/data/definitions/732.html) | Incorrect Permission Assignment for Critical Resource | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-749](https://cwe.mitre.org/data/definitions/749.html) | Exposed Dangerous Method or Function | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-754](https://cwe.mitre.org/data/definitions/754.html) | Improper Check for Unusual or Exceptional Conditions | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-757](https://cwe.mitre.org/data/definitions/757.html) | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-770](https://cwe.mitre.org/data/definitions/770.html) | Allocation of Resources Without Limits or Throttling | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-776](https://cwe.mitre.org/data/definitions/776.html) | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-780](https://cwe.mitre.org/data/definitions/780.html) | Use of RSA Algorithm without OAEP | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | Out-of-bounds Write | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-798](https://cwe.mitre.org/data/definitions/798.html) | Use of Hard-coded Credentials | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-913](https://cwe.mitre.org/data/definitions/913.html) | Improper Control of Dynamically-Managed Code Resources | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-915](https://cwe.mitre.org/data/definitions/915.html) | Improperly Controlled Modification of Dynamically-Determined Object Attributes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-917](https://cwe.mitre.org/data/definitions/917.html) | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-918](https://cwe.mitre.org/data/definitions/918.html) | Server-Side Request Forgery (SSRF) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-942](https://cwe.mitre.org/data/definitions/942.html) | Permissive Cross-domain Policy with Untrusted Domains | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-943](https://cwe.mitre.org/data/definitions/943.html) | Improper Neutralization of Special Elements in Data Query Logic | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1004](https://cwe.mitre.org/data/definitions/1004.html) | Sensitive Cookie Without 'HttpOnly' Flag | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-1104](https://cwe.mitre.org/data/definitions/1104.html) | Use of Unmaintained Third Party Components | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-1204](https://cwe.mitre.org/data/definitions/1204.html) | Generation of Weak Initialization Vector (IV) | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1275](https://cwe.mitre.org/data/definitions/1275.html) | Sensitive Cookie with Improper SameSite Attribute | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html) | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1327](https://cwe.mitre.org/data/definitions/1327.html) | Binding to an Unrestricted IP Address | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-1390](https://cwe.mitre.org/data/definitions/1390.html) | Weak Authentication | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| CWE | CWE Description | C# | Go | Java | JavaScript, TypeScript | Python | Ruby |
|:-------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------|:-----------------------|:-----------------------|:-----------------------|:-----------------------|:-----------------------|:-----------------------|
| [CWE-15](https://cwe.mitre.org/data/definitions/15.html) | External Control of System or Configuration Setting | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-22](https://cwe.mitre.org/data/definitions/22.html) | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-23](https://cwe.mitre.org/data/definitions/23.html) | Relative Path Traversal | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-73](https://cwe.mitre.org/data/definitions/73.html) | External Control of File Name or Path | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-76](https://cwe.mitre.org/data/definitions/76.html) | Improper Neutralization of Equivalent Special Elements | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-77](https://cwe.mitre.org/data/definitions/77.html) | Improper Neutralization of Special Elements used in a Command ('Command Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-78](https://cwe.mitre.org/data/definitions/78.html) | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-79](https://cwe.mitre.org/data/definitions/79.html) | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-80](https://cwe.mitre.org/data/definitions/80.html) | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-88](https://cwe.mitre.org/data/definitions/88.html) | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-89](https://cwe.mitre.org/data/definitions/89.html) | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-90](https://cwe.mitre.org/data/definitions/90.html) | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-91](https://cwe.mitre.org/data/definitions/91.html) | XML Injection (aka Blind XPath Injection) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-94](https://cwe.mitre.org/data/definitions/94.html) | Improper Control of Generation of Code ('Code Injection') | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-95](https://cwe.mitre.org/data/definitions/95.html) | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-113](https://cwe.mitre.org/data/definitions/113.html) | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-116](https://cwe.mitre.org/data/definitions/116.html) | Improper Encoding or Escaping of Output | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-117](https://cwe.mitre.org/data/definitions/117.html) | Improper Output Neutralization for Logs | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-118](https://cwe.mitre.org/data/definitions/118.html) | Incorrect Access of Indexable Resource ('Range Error') | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-125](https://cwe.mitre.org/data/definitions/125.html) | Out-of-bounds Read | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-134](https://cwe.mitre.org/data/definitions/134.html) | Use of Externally-Controlled Format String | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-155](https://cwe.mitre.org/data/definitions/155.html) | Improper Neutralization of Wildcards or Matching Symbols | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-180](https://cwe.mitre.org/data/definitions/180.html) | Incorrect Behavior Order: Validate Before Canonicalize | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-182](https://cwe.mitre.org/data/definitions/182.html) | Collapse of Data into Unsafe Value | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-185](https://cwe.mitre.org/data/definitions/185.html) | Incorrect Regular Expression | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-190](https://cwe.mitre.org/data/definitions/190.html) | Integer Overflow or Wraparound | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-208](https://cwe.mitre.org/data/definitions/208.html) | Observable Timing Discrepancy | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-209](https://cwe.mitre.org/data/definitions/209.html) | Generation of Error Message Containing Sensitive Information | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-242](https://cwe.mitre.org/data/definitions/242.html) | Use of Inherently Dangerous Function | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-272](https://cwe.mitre.org/data/definitions/272.html) | Least Privilege Violation | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-276](https://cwe.mitre.org/data/definitions/276.html) | Incorrect Default Permissions | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-295](https://cwe.mitre.org/data/definitions/295.html) | Improper Certificate Validation | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-297](https://cwe.mitre.org/data/definitions/297.html) | Improper Validation of Certificate with Host Mismatch | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-306](https://cwe.mitre.org/data/definitions/306.html) | Missing Authentication for Critical Function | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-311](https://cwe.mitre.org/data/definitions/311.html) | Missing Encryption of Sensitive Data | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-319](https://cwe.mitre.org/data/definitions/319.html) | Cleartext Transmission of Sensitive Information | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-322](https://cwe.mitre.org/data/definitions/322.html) | Key Exchange without Entity Authentication | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-323](https://cwe.mitre.org/data/definitions/323.html) | Reusing a Nonce, Key Pair in Encryption | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-326](https://cwe.mitre.org/data/definitions/326.html) | Inadequate Encryption Strength | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-327](https://cwe.mitre.org/data/definitions/327.html) | Use of a Broken or Risky Cryptographic Algorithm | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-328](https://cwe.mitre.org/data/definitions/328.html) | Use of Weak Hash | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-338](https://cwe.mitre.org/data/definitions/338.html) | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-346](https://cwe.mitre.org/data/definitions/346.html) | Origin Validation Error | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-347](https://cwe.mitre.org/data/definitions/347.html) | Improper Verification of Cryptographic Signature | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-348](https://cwe.mitre.org/data/definitions/348.html) | Use of Less Trusted Source | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-352](https://cwe.mitre.org/data/definitions/352.html) | Cross-Site Request Forgery (CSRF) | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-358](https://cwe.mitre.org/data/definitions/358.html) | Improperly Implemented Security Check for Standard | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-369](https://cwe.mitre.org/data/definitions/369.html) | Divide By Zero | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-377](https://cwe.mitre.org/data/definitions/377.html) | Insecure Temporary File | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-409](https://cwe.mitre.org/data/definitions/409.html) | Improper Handling of Highly Compressed Data (Data Amplification) | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-470](https://cwe.mitre.org/data/definitions/470.html) | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-489](https://cwe.mitre.org/data/definitions/489.html) | Active Debug Code | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-502](https://cwe.mitre.org/data/definitions/502.html) | Deserialization of Untrusted Data | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-521](https://cwe.mitre.org/data/definitions/521.html) | Weak Password Requirements | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-522](https://cwe.mitre.org/data/definitions/522.html) | Insufficiently Protected Credentials | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-552](https://cwe.mitre.org/data/definitions/552.html) | Files or Directories Accessible to External Parties | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-554](https://cwe.mitre.org/data/definitions/554.html) | ASP.NET Misconfiguration: Not Using Input Validation Framework | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-599](https://cwe.mitre.org/data/definitions/599.html) | Missing Validation of OpenSSL Certificate | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-601](https://cwe.mitre.org/data/definitions/601.html) | URL Redirection to Untrusted Site ('Open Redirect') | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-606](https://cwe.mitre.org/data/definitions/606.html) | Unchecked Input for Loop Condition | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-611](https://cwe.mitre.org/data/definitions/611.html) | Improper Restriction of XML External Entity Reference | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-613](https://cwe.mitre.org/data/definitions/613.html) | Insufficient Session Expiration | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-614](https://cwe.mitre.org/data/definitions/614.html) | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-639](https://cwe.mitre.org/data/definitions/639.html) | Authorization Bypass Through User-Controlled Key | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-643](https://cwe.mitre.org/data/definitions/643.html) | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-704](https://cwe.mitre.org/data/definitions/704.html) | Incorrect Type Conversion or Cast | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-732](https://cwe.mitre.org/data/definitions/732.html) | Incorrect Permission Assignment for Critical Resource | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-749](https://cwe.mitre.org/data/definitions/749.html) | Exposed Dangerous Method or Function | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-754](https://cwe.mitre.org/data/definitions/754.html) | Improper Check for Unusual or Exceptional Conditions | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-757](https://cwe.mitre.org/data/definitions/757.html) | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-770](https://cwe.mitre.org/data/definitions/770.html) | Allocation of Resources Without Limits or Throttling | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-776](https://cwe.mitre.org/data/definitions/776.html) | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-780](https://cwe.mitre.org/data/definitions/780.html) | Use of RSA Algorithm without OAEP | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | Out-of-bounds Write | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-798](https://cwe.mitre.org/data/definitions/798.html) | Use of Hard-coded Credentials | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-913](https://cwe.mitre.org/data/definitions/913.html) | Improper Control of Dynamically-Managed Code Resources | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-915](https://cwe.mitre.org/data/definitions/915.html) | Improperly Controlled Modification of Dynamically-Determined Object Attributes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-917](https://cwe.mitre.org/data/definitions/917.html) | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-918](https://cwe.mitre.org/data/definitions/918.html) | Server-Side Request Forgery (SSRF) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
| [CWE-942](https://cwe.mitre.org/data/definitions/942.html) | Permissive Cross-domain Policy with Untrusted Domains | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-943](https://cwe.mitre.org/data/definitions/943.html) | Improper Neutralization of Special Elements in Data Query Logic | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1004](https://cwe.mitre.org/data/definitions/1004.html) | Sensitive Cookie Without 'HttpOnly' Flag | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes |
| [CWE-1104](https://cwe.mitre.org/data/definitions/1104.html) | Use of Unmaintained Third Party Components | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-1204](https://cwe.mitre.org/data/definitions/1204.html) | Generation of Weak Initialization Vector (IV) | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1275](https://cwe.mitre.org/data/definitions/1275.html) | Sensitive Cookie with Improper SameSite Attribute | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html) | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No |
| [CWE-1327](https://cwe.mitre.org/data/definitions/1327.html) | Binding to an Unrestricted IP Address | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No |
| [CWE-1390](https://cwe.mitre.org/data/definitions/1390.html) | Weak Authentication | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | **{dotted-circle}** No |
NOTE:
Did this page answer the question you had? If not, please comment on [epic 15343](https://gitlab.com/groups/gitlab-org/-/epics/15343) to share your use case.

16
doc/user/clusters/agent/vulnerabilities.md
View File

@ -131,9 +131,11 @@ By default the scanner pod's default resource requirements are:
requests:
cpu: 100m
memory: 100Mi
ephemeral_storage: 1Gi
limits:
cpu: 500m
memory: 500Mi
ephemeral_storage: 3Gi
```
You can customize it with a `resource_requirements` field.
@ -144,15 +146,19 @@ container_scanning:
requests:
cpu: '0.2'
memory: 200Mi
ephemeral_storage: 2Gi
limits:
cpu: '0.7'
memory: 700Mi
ephemeral_storage: 4Gi
```
When using a fractional value for CPU, format the value as a string.
NOTE:
Resource requirements can only be set up using the agent configuration. If you enabled `Operational Container Scanning` through `scan execution policies`, you would need to define the resource requirements within the agent configuration file.
- Resource requirements can only be set by using the agent configuration. If you enabled Operational Container Scanning through scan execution policies and need to configure resource requirements, you should do so via the agent configuration file.
- When using Google Kubernetes Engine (GKE) for Kubernetes orchestration, [the ephemeral storage limit value will always be set to equal the request value](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#resource-limits). This is enforced by GKE.
## Custom repository for Trivy K8s Wrapper
@ -237,6 +243,14 @@ OCS might fail with an OOM error if there are too many resources to be scanned o
To resolve this, [configure the resource requirement](#configure-scanner-resource-requirements) to increase the amount of memory available.
### `Pod ephemeral local storage usage exceeds the total limit of containers`
OCS scans could fail for Kubernetes clusters that have low default ephemeral storage. For example, [GKE autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#defaults) sets the default ephemeral storage to 1GB. This is an issue for OCS when scanning namespaces with large images, as there may not be enough space to store all data necessary for OCS.
To resolve this, [configure the resource requirement](#configure-scanner-resource-requirements) to increase the amount of ephemeral storage available.
Another message indicative of this issue may be: `OCS Scanning pod evicted due to low resources. Please configure higher resource limits.`
### `Error running Trivy scan due to context timeout`
OCS might fail to complete a scan if it takes Trivy too long to complete the scan. The default scan timeout is 5 minutes, with an extra 15 minutes for the agent to read the results and transmit the vulnerabilities.

2
doc/user/get_started/getting_started_gitlab_duo.md
View File

@ -32,7 +32,7 @@ For more information, see:
- [Features included in Duo Pro and Duo Enterprise](https://about.gitlab.com/gitlab-duo/#pricing).
- [List of GitLab Duo features and their language models](../gitlab_duo/index.md).
- [Self-hosted models](../../administration/self_hosted_models/index.md).
- [Health check details](../gitlab_duo/turn_on_off.md#run-a-health-check-for-gitlab-duo).
- [Health check details](../gitlab_duo/setup.md#run-a-health-check-for-gitlab-duo).
## Step 2: Try Duo Chat in the UI

99
doc/user/gitlab_duo/setup.md Normal file
View File

@ -0,0 +1,99 @@
---
stage: AI-powered
group: AI Framework
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Configure GitLab Duo on a self-managed instance
DETAILS:
**Offering:** Self-managed, GitLab Dedicated
**Tier:** Premium, Ultimate
GitLab Duo is powered by large language models (LLMs), with data sent through an AI gateway.
To use GitLab Duo on a self-managed instance, you can:
1. Use the LLMs and the cloud-based AI gateway that's hosted by GitLab. This option is the default.
1. [Use LLMs from the supported list and self-host the AI gateway and LLMs](../../administration/self_hosted_models/index.md).
This option provides full control over your data and security.
This page focuses on how to configure a self-managed instance if you're using the default, GitLab-hosted option.
## Prerequisites
- You must ensure both [outbound](#allow-outbound-connections-from-the-gitlab-instance)
and [inbound](#allow-inbound-connections-from-clients-to-the-gitlab-instance) connectivity exists.
Network firewalls can cause lag or delay.
- [Silent Mode](../../administration/silent_mode/index.md) must not be turned on.
- You must [activate your instance with an activation code](../../administration/license.md#activate-gitlab-ee).
- GitLab Duo requires GitLab 17.2 and later for the best user experience and results. Earlier versions may continue to work, however the experience may be degraded.
GitLab Duo features that are experimental or beta are turned off by default
and [must be turned on](turn_on_off.md#turn-on-beta-and-experimental-features).
## Allow outbound connections from the GitLab instance
Check both your outbound and inbound settings:
- Your firewalls and HTTP/S proxy servers must allow outbound connections
to `cloud.gitlab.com` and `customers.gitlab.com` on port `443` both with `https://`.
These hosts are protected by Cloudflare. Update your firewall settings to allow traffic to
all IP addresses in the [list of IP ranges Cloudflare publishes](https://www.cloudflare.com/ips/).
- To use an HTTP/S proxy, both `gitLab_workhorse` and `gitLab_rails` must have the necessary
[web proxy environment variables](https://docs.gitlab.com/omnibus/settings/environment-variables.html) set.
- In multi-node GitLab installations, configure the HTTP/S proxy on all **Rails** and **Sidekiq** nodes.
## Allow inbound connections from clients to the GitLab instance
- GitLab instances must allow inbound connections from Duo clients ([IDEs](../../editor_extensions/index.md),
Code Editors, and GitLab Web Frontend) on port 443 with `https://` and `wss://`.
- Both `HTTP2` and the `'upgrade'` header must be allowed, because GitLab Duo
uses both REST and WebSockets.
- Check for restrictions on WebSocket (`wss://`) traffic to `wss://gitlab.example.com/-/cable` and other `.com` domains.
Network policy restrictions on `wss://` traffic can cause issues with some GitLab Duo Chat
services. Consider policy updates to allow these services.
- If you use reverse proxies, such as Apache, you might see GitLab Duo Chat connection issues in your
logs, like **WebSocket connection to .... failures**.
To resolve this problem, try editing your Apache proxy settings:
```apache
# Enable WebSocket reverse Proxy
# Needs proxy_wstunnel enabled
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:8181/$1" [P,L]
```
## Run a health check for GitLab Duo
DETAILS:
**Status:** Beta
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161997) in GitLab 17.3.
> - [Download health check report added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/165032) in GitLab 17.5.
You can determine if your instance meets the requirements to use GitLab Duo.
When the health check completes, it displays a pass or fail result and the types of issues.
If the health check fails any of the tests, users might not be able to use GitLab Duo features in your instance.
This is a [beta](../../policy/development_stages_support.md) feature.
Prerequisites:
- You must be an administrator.
To run a health check:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **GitLab Duo**.
1. On the upper-right corner, select **Run health check**.
1. Optional. In GitLab 17.5 and later, after the health check is complete, you can select **Download report** to save a detailed report of the health check results.
These tests are performed:
| Test | Description |
|-----------------|-------------|
| Network | Tests whether your instance can connect to `customers.gitlab.com` and `cloud.gitlab.com`.<br><br>If your instance cannot connect to either destination, ensure that your firewall or proxy server settings [allow connection](setup.md). |
| Synchronization | Tests whether your subscription: <br>- Has been activated with an activation code and can be synchronized with `customers.gitlab.com`.<br>- Has correct access credentials.<br>- Has been synchronized recently. If it hasn't or the access credentials are missing or expired, you can [manually synchronize](../../subscriptions/self_managed/index.md#manually-synchronize-subscription-data) your subscription data. |
| System exchange | Tests whether Code Suggestions can be used in your instance. If the system exchange assessment fails, users might not be able to use GitLab Duo features. |

96
doc/user/gitlab_duo/troubleshooting.md Normal file
View File

@ -0,0 +1,96 @@
---
stage: AI-powered
group: AI Framework
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Troubleshooting GitLab Duo
When working with GitLab Duo, you might encounter issues.
Start by [running a health check](setup.md#run-a-health-check-for-gitlab-duo)
to determine if your instance meets the requirements to use GitLab Duo.
If the health check does not resolve your problem, review these troubleshooting steps.
## GitLab Duo features do not work on self-managed
In addition to [ensuring GitLab Duo features are turned on](turn_on_off.md),
you can also do the following:
1. As administrator, run a health check for GitLab Duo.
::Tabs
:::TabTitle In 17.5 and later
In GitLab 17.5 and later, you can use the UI to run health checks and download a detailed report that helps identify and troubleshoot issues.
:::TabTitle In 17.4
In GitLab 17.4, you can run the health check Rake task to generate a detailed report that helps identify and troubleshoot issues.
```shell
sudo gitlab-rails 'cloud_connector:health_check(root,report.json)'
```
:::TabTitle In 17.3 and earlier
In GitLab 17.3 and earlier, you can download and run the `health_check` script to generate a detailed report that helps identify and troubleshoot issues.
1. Download the health check script:
```shell
wget https://gitlab.com/gitlab-org/gitlab/-/snippets/3734617/raw/main/health_check.rb
```
1. Run the script using Rails Runner:
```shell
gitlab-rails runner [full_path/to/health_check.rb] --debug --username [username] --output-file [report.txt]
```
```shell
Usage: gitlab-rails runner full_path/to/health_check.rb
--debug Enable debug mode
--output-file FILE Write a report to FILE
--username USERNAME Provide a username to test seat assignments
--skip [CHECK] Skip specific check (options: access_data, token, license, host, features, end_to_end)
```
::EndTabs
1. Verify that the GitLab instance can reach the [required GitLab.com endpoints](setup.md).
You can use command-line tools such as `curl` to verify the connectivity.
```shell
curl --verbose "https://cloud.gitlab.com"
curl --verbose "https://customers.gitlab.com"
```
If an HTTP/S proxy is configured for the GitLab instance, include the `proxy` parameter in the `curl` command.
```shell
# https proxy for curl
curl --verbose --proxy "http://USERNAME:PASSWORD@example.com:8080" "https://cloud.gitlab.com"
curl --verbose --proxy "http://USERNAME:PASSWORD@example.com:8080" "https://customers.gitlab.com"
```
1. Optional. If you are using a [proxy server](setup.md#allow-outbound-connections-from-the-gitlab-instance) between the GitLab
application and the public internet,
[disable DNS rebinding protection](../../security/webhooks.md#enforce-dns-rebinding-attack-protection).
1. [Manually synchronize subscription data](../../subscriptions/self_managed/index.md#manually-synchronize-subscription-data).
- Verify that the GitLab instance [synchronizes your subscription data with GitLab](https://about.gitlab.com/pricing/licensing-faq/cloud-licensing/).
## GitLab Duo features not available for users
In addition to [turning on GitLab Duo features](turn_on_off.md),
you can also do the following:
1. Verify that [subscription seats have been purchased](../../subscriptions/subscription-add-ons.md#purchase-gitlab-duo).
1. Ensure that [seats are assigned to users](../../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats).
1. For IDE users with the [GitLab Duo extension](../../user/project/repository/code_suggestions/supported_extensions.md#supported-editor-extensions):
- Verify that the extension is up-to-date.
- Run extension setting health checks, and test the authentication.

189
doc/user/gitlab_duo/turn_on_off.md
View File

@ -11,106 +11,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w
GitLab Duo features that are generally available are automatically turned on for all users that have access.
## Prerequisites
- If you have self-managed GitLab:
- You must [allow connectivity](#configure-gitlab-duo-on-a-self-managed-instance).
- [Silent Mode](../../administration/silent_mode/index.md) must not be turned on.
- You must [activate your instance with an activation code](../../administration/license.md#activate-gitlab-ee).
- GitLab Duo requires GitLab 17.2 and later for the best user experience and results. Earlier versions may continue to work, however the experience may be degraded.
- If you have GitLab Dedicated, you must have [GitLab Duo Pro or Enterprise](../../subscriptions/subscription-add-ons.md).
- You must have an [GitLab Duo Pro or Enterprise add-on subscription](../../subscriptions/subscription-add-ons.md).
- For some generally available features, like [Code Suggestions](../project/repository/code_suggestions/index.md),
[you must assign seats](../../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats)
[you must also assign seats](../../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats)
to the users you want to have access.
GitLab Duo features that are experimental or beta are turned off by default
and [must be turned on](#turn-on-beta-and-experimental-features).
## Configure GitLab Duo on a self-managed instance
To use GitLab Duo on a self-managed instance, you must ensure both outbound and inbound connectivity exists.
For example, network firewalls can cause lag or delay. Check both your outbound and inbound settings:
### Allow outbound connections from the GitLab instance
- Your firewalls and HTTP/S proxy servers must allow outbound connections
to `cloud.gitlab.com` and `customers.gitlab.com` on port `443` both with `https://`.
These hosts are protected by Cloudflare. Update your firewall settings to allow traffic to
all IP addresses in the [list of IP ranges Cloudflare publishes](https://www.cloudflare.com/ips/).
- To use an HTTP/S proxy, both `gitLab_workhorse` and `gitLab_rails` must have the necessary
[web proxy environment variables](https://docs.gitlab.com/omnibus/settings/environment-variables.html) set.
- In multi-node GitLab installations, configure the HTTP/S proxy on all **Rails** and **Sidekiq** nodes.
### Allow inbound connections from clients to the GitLab instance
- GitLab instances must allow inbound connections from Duo clients ([IDEs](../../editor_extensions/index.md),
Code Editors, and GitLab Web Frontend) on port 443 with `https://` and `wss://`.
- Both `HTTP2` and the `'upgrade'` header must be allowed, because GitLab Duo
uses both REST and WebSockets.
- Check for restrictions on WebSocket (`wss://`) traffic to `wss://gitlab.example.com/-/cable` and other `.com` domains.
Network policy restrictions on `wss://` traffic can cause issues with some GitLab Duo Chat
services. Consider policy updates to allow these services.
- If you use reverse proxies, such as Apache, you might see GitLab Duo Chat connection issues in your logs, like **WebSocket connection to .... failures**.
To resolve this problem, try editing your Apache proxy settings:
```apache
# Enable WebSocket reverse Proxy
# Needs proxy_wstunnel enabled
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:8181/$1" [P,L]
```
## Run a health check for GitLab Duo
DETAILS:
**Offering:** Self-managed, GitLab Dedicated
**Tier:** Premium, Ultimate
**Status:** Beta
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161997) in GitLab 17.3.
> - [Download health check report added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/165032) in GitLab 17.5.
Run a health check to test if your instance meets the requirements to use GitLab Duo.
When the health check completes, it displays a pass or fail result and the types of issues.
If the health check fails any of the tests, users might not be able to use GitLab Duo features in your instance.
This is a [beta](../../policy/development_stages_support.md) feature.
Prerequisites:
- You must be an administrator.
To run a health check:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **GitLab Duo**.
1. On the upper-right corner, select **Run health check**.
1. Optional. In GitLab 17.5 and later, after the health check is complete, you can select **Download report** to save a detailed report of the health check results.
### Health check tests
To verify if your instance meets the requirements to use GitLab Duo, the health check performs tests
for online and offline environments.
#### For online environments
| Test | Description |
|-----------------|-------------|
| Network | Tests whether your instance can connect to `customers.gitlab.com` and `cloud.gitlab.com`.<br><br>If your instance cannot connect to either destination, ensure that your firewall or proxy server settings [allow connection](#configure-gitlab-duo-on-a-self-managed-instance). |
| Synchronization | Tests whether your subscription: <br>- Has been activated with an activation code and can be synchronized with `customers.gitlab.com`.<br>- Has correct access credentials.<br>- Has been synchronized recently. If it hasn't or the access credentials are missing or expired, you can [manually synchronize](../../subscriptions/self_managed/index.md#manually-synchronize-subscription-data) your subscription data. |
| System exchange | Tests whether Code Suggestions can be used in your instance. If the system exchange assessment fails, users might not be able to use GitLab Duo features. |
#### For offline environments
| Test | Description |
|-----------------|-------------|
| Network | Tests whether: <br>- The environment variable `AI_GATEWAY_URL` has been set to a valid URL.<br> - Your instance can connect to the URL specified by `AI_GATEWAY_URL`.<br><br>If your instance cannot connect to the URL, ensure that your firewall or proxy server settings [allow connection](#configure-gitlab-duo-on-a-self-managed-instance). |
| License | Tests whether your license has the ability to access Code Suggestions feature. |
| System exchange | Tests whether Code Suggestions can be used in your instance. If the system exchange assessment fails, users might not be able to use GitLab Duo features. |
## Turn off GitLab Duo features
You can turn off GitLab Duo for a group, project, or instance.
@ -259,6 +164,12 @@ To turn off GitLab Duo for an instance:
In GitLab 17.3 and earlier, follow these instructions to turn off GitLab Duo for an instance.
Prerequisites:
- You must be an administrator.
To turn off GitLab Duo for an instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Settings > General**
1. Expand **AI-powered features**.
@ -346,87 +257,3 @@ where GitLab Duo Chat is not yet generally available, see the
[GitLab Duo Chat documentation](../gitlab_duo_chat/turn_on_off.md#for-self-managed).
::EndTabs
## Troubleshooting
### GitLab Duo features do not work on self-managed
In addition to [turning on GitLab Duo features](turn_on_off.md#prerequisites),
you can also do the following:
1. As administrator, [run a health check for GitLab Duo](#run-a-health-check-for-gitlab-duo).
::Tabs
:::TabTitle In 17.5 and later
In GitLab 17.5 and later, you can use the UI to run health checks and download a detailed report that helps identify and troubleshoot issues.
:::TabTitle In 17.4
In GitLab 17.4, you can run the health check Rake task to generate a detailed report that helps identify and troubleshoot issues.
```shell
sudo gitlab-rails 'cloud_connector:health_check(root,report.json)'
```
:::TabTitle In 17.3 and earlier
In GitLab 17.3 and earlier, you can download and run the `health_check` script to generate a detailed report that helps identify and troubleshoot issues.
1. Download the health check script:
```shell
wget https://gitlab.com/gitlab-org/gitlab/-/snippets/3734617/raw/main/health_check.rb
```
1. Run the script using Rails Runner:
```shell
gitlab-rails runner [full_path/to/health_check.rb] --debug --username [username] --output-file [report.txt]
```
```shell
Usage: gitlab-rails runner full_path/to/health_check.rb
--debug Enable debug mode
--output-file FILE Write a report to FILE
--username USERNAME Provide a username to test seat assignments
--skip [CHECK] Skip specific check (options: access_data, token, license, host, features, end_to_end)
```
::EndTabs
1. Verify that the GitLab instance can reach the [required GitLab.com endpoints](#configure-gitlab-duo-on-a-self-managed-instance).
You can use command-line tools such as `curl` to verify the connectivity.
```shell
curl --verbose "https://cloud.gitlab.com"
curl --verbose "https://customers.gitlab.com"
```
If an HTTP/S proxy is configured for the GitLab instance, include the `proxy` parameter in the `curl` command.
```shell
# https proxy for curl
curl --verbose --proxy "http://USERNAME:PASSWORD@example.com:8080" "https://cloud.gitlab.com"
curl --verbose --proxy "http://USERNAME:PASSWORD@example.com:8080" "https://customers.gitlab.com"
```
1. Optional. If you are using a [proxy server](#allow-outbound-connections-from-the-gitlab-instance) between the GitLab
application and the public internet,
[disable DNS rebinding protection](../../security/webhooks.md#enforce-dns-rebinding-attack-protection).
1. [Manually synchronize subscription data](../../subscriptions/self_managed/index.md#manually-synchronize-subscription-data).
- Verify that the GitLab instance [synchronizes your subscription data with GitLab](https://about.gitlab.com/pricing/licensing-faq/cloud-licensing/).
### GitLab Duo features not available for users
In addition to [turning on GitLab Duo features](turn_on_off.md#prerequisites),
you can also do the following:
1. Verify that [subscription seats have been purchased](../../subscriptions/subscription-add-ons.md#purchase-gitlab-duo).
1. Ensure that [seats are assigned to users](../../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats).
1. For IDE users with the [GitLab Duo extension](../../user/project/repository/code_suggestions/supported_extensions.md#supported-editor-extensions):
- Verify that the extension is up-to-date.
- Run extension setting health checks, and test the authentication.

2
doc/user/gitlab_duo_chat/turn_on_off.md
View File

@ -27,7 +27,7 @@ Prerequisites:
- GitLab Duo requires GitLab 17.2 and later for the best user experience and results. Earlier versions may continue to work, however the experience may be degraded.
- You must have a Premium or Ultimate subscription that is [synchronized with GitLab](https://about.gitlab.com/pricing/licensing-faq/cloud-licensing/). To make sure GitLab Duo Chat works immediately, administrators can
[manually synchronize your subscription](#manually-synchronize-your-subscription).
- You must have [enabled network connectivity](../gitlab_duo/turn_on_off.md#configure-gitlab-duo-on-a-self-managed-instance).
- You must have [enabled network connectivity](../gitlab_duo/setup.md).
- [Silent Mode](../../administration/silent_mode/index.md) must not be turned on.
- All of the users in your instance must have the latest version of their IDE extension.

1
doc/user/profile/comment_templates.md
View File

@ -18,6 +18,7 @@ DETAILS:
> - Group-level saved replies [enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/440817) on GitLab.com and self-managed in GitLab 16.11.
> - Group-level saved replies [generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148958) in GitLab 17.0. Feature flag `group_saved_replies_flag` removed.
> - Project-level saved replies [introduced](https://gitlab.com/groups/gitlab-org/-/epics/12669) in GitLab 17.0 [with a flag](../../administration/feature_flags.md) named `project_saved_replies_flag`. Enabled by default.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/504028) in GitLab 17.7. Feature flag `project_saved_replies_flag` removed.
FLAG:
The availability of Project-level saved replies is controlled by a feature flag.

12
doc/user/project/integrations/gitlab_slack_application.md
View File

@ -34,11 +34,7 @@ Although functionality has not changed, you should [reinstall the app](#reinstal
> - Installation at the group level [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/391526) in GitLab 16.10 [with a flag](../../../administration/feature_flags.md) named `gitlab_for_slack_app_instance_and_group_level`. Disabled by default.
> - [Enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147820) in GitLab 16.11.
FLAG:
On self-managed GitLab, by default this feature is available.
To hide the feature, an administrator can [disable the feature flag](../../../administration/feature_flags.md) named `gitlab_for_slack_app_instance_and_group_level`.
On GitLab.com and GitLab Dedicated, this feature is available.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175803) in GitLab 17.8. Feature flag `gitlab_for_slack_app_instance_and_group_level` removed.
To install the GitLab for Slack app from the project or group settings:
@ -200,11 +196,7 @@ The following GitLab events can trigger notifications in Slack:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/391526) in GitLab 16.10 [with a flag](../../../administration/feature_flags.md) named `gitlab_for_slack_app_instance_and_group_level`. Disabled by default.
> - [Enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147820) in GitLab 16.11.
FLAG:
On self-managed GitLab, by default this feature is available.
To hide the feature, an administrator can [disable the feature flag](../../../administration/feature_flags.md) named `gitlab_for_slack_app_instance_and_group_level`.
On GitLab.com and GitLab Dedicated, this feature is available.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175803) in GitLab 17.8. Feature flag `gitlab_for_slack_app_instance_and_group_level` removed.
To trigger a [notification event](#notification-events) for a group mention, use `@<group_name>` in:

3
lib/gitlab/database/background_migration/batched_migration.rb
View File

@ -279,8 +279,7 @@ module Gitlab
@health_context ||= Gitlab::Database::HealthStatus::Context.new(
self,
connection,
[table_name],
gitlab_schema.to_sym
[table_name]
)
end

5
lib/gitlab/database/health_status/context.rb
View File

@ -4,15 +4,14 @@ module Gitlab
module Database
module HealthStatus
class Context
attr_reader :status_checker, :connection, :tables, :gitlab_schema
attr_reader :status_checker, :connection, :tables
# status_checker: the caller object which checks for database health status
# eg: BackgroundMigration::BatchedMigration or DeferJobs::DatabaseHealthStatusChecker
def initialize(status_checker, connection, tables, gitlab_schema)
def initialize(status_checker, connection, tables)
@status_checker = status_checker
@connection = connection
@tables = tables
@gitlab_schema = gitlab_schema
end
def status_checker_info

8
lib/gitlab/database/health_status/indicators/prometheus_alert_indicator.rb
View File

@ -13,7 +13,7 @@ module Gitlab
}.freeze
def initialize(context)
@gitlab_schema = context.gitlab_schema.to_sym
@connection = context.connection
end
def evaluate
@ -34,7 +34,7 @@ module Gitlab
private
attr_reader :gitlab_schema
attr_reader :connection
def indicator_name
self.class.name.demodulize
@ -107,7 +107,7 @@ module Gitlab
gitlab_main_cell: prometheus_alert_db_indicators_settings[sli_query_key][:main_cell],
gitlab_ci: prometheus_alert_db_indicators_settings[sli_query_key][:ci],
gitlab_sec: gitlab_sec_query
}.fetch(gitlab_schema)
}.fetch(:"gitlab_#{connection.load_balancer.name}", nil)
end
strong_memoize_attr :sli_query
@ -121,7 +121,7 @@ module Gitlab
gitlab_main_cell: prometheus_alert_db_indicators_settings[slo_key][:main_cell],
gitlab_ci: prometheus_alert_db_indicators_settings[slo_key][:ci],
gitlab_sec: gitlab_sec_query
}.fetch(gitlab_schema)
}.fetch(:"gitlab_#{connection.load_balancer.name}", nil)
end
strong_memoize_attr :slo

3
lib/gitlab/sidekiq_middleware/skip_jobs.rb
View File

@ -96,8 +96,7 @@ module Gitlab
health_context = Gitlab::Database::HealthStatus::Context.new(
DatabaseHealthStatusChecker.new(job['jid'], worker_class.name),
job_base_model.connection,
tables,
schema
tables
)
Gitlab::Database::HealthStatus.evaluate(health_context).any?(&:stop?)

27
locale/gitlab.pot
View File

@ -5230,6 +5230,9 @@ msgstr ""
msgid "AiPowered|Features are not available. However, any group, subgroup, or project can turn them on."
msgstr ""
msgid "AiPowered|GitLab Duo seat assignment is now located in GitLab Duo settings."
msgstr ""
msgid "AiPowered|GitLab Duo settings have moved"
msgstr ""
@ -5260,6 +5263,9 @@ msgstr ""
msgid "AiPowered|Purchase seats"
msgstr ""
msgid "AiPowered|Seat assignment for GitLab Duo has moved"
msgstr ""
msgid "AiPowered|Self-hosted AI models"
msgstr ""
@ -22932,12 +22938,21 @@ msgstr ""
msgid "ExperimentTracking|Candidate"
msgstr ""
msgid "ExperimentTracking|Create candidate using MLflow"
msgstr ""
msgid "ExperimentTracking|Metric value"
msgstr ""
msgid "ExperimentTracking|No candidates"
msgstr ""
msgid "ExperimentTracking|Performance"
msgstr ""
msgid "ExperimentTracking|Performance graph will be shown when candidates with logged metrics are available"
msgstr ""
msgid "Experiments"
msgstr ""
@ -56466,9 +56481,6 @@ msgstr ""
msgid "There was a problem fetching latest labels."
msgstr ""
msgid "There was a problem fetching linked pipelines."
msgstr ""
msgid "There was a problem fetching milestones."
msgstr ""
@ -56502,9 +56514,6 @@ msgstr ""
msgid "There was a problem fetching the keep latest artifacts setting."
msgstr ""
msgid "There was a problem fetching the latest pipeline status."
msgstr ""
msgid "There was a problem fetching the merge pipeline."
msgstr ""
@ -56517,18 +56526,12 @@ msgstr ""
msgid "There was a problem fetching the pipeline stage jobs."
msgstr ""
msgid "There was a problem fetching the pipeline stages."
msgstr ""
msgid "There was a problem fetching the projects"
msgstr ""
msgid "There was a problem fetching users."
msgstr ""
msgid "There was a problem handling the pipeline data."
msgstr ""
msgid "There was a problem loading this project's readme content."
msgstr ""

4
qa/qa/specs/features/api/12_systems/gitaly/automatic_failover_and_recovery_spec.rb
View File

@ -23,7 +23,7 @@ module QA
praefect_manager.wait_for_replication(project.id)
end
it 'automatically fails over', :blocking,
it 'automatically fails over',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347830' do
# stop other nodes, so we can control which node the commit is sent to
praefect_manager.stop_node(praefect_manager.secondary_node)
@ -59,7 +59,7 @@ module QA
end
context 'when recovering from dataloss after failover' do
it 'automatically reconciles', :blocking,
it 'automatically reconciles',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347831' do
# Start the old primary node again
praefect_manager.start_node(praefect_manager.primary_node)

2
qa/qa/specs/features/api/12_systems/gitaly/backend_node_recovery_spec.rb
View File

@ -21,7 +21,7 @@ module QA
praefect_manager.start_all_nodes
end
it 'recovers from dataloss', :blocking,
it 'recovers from dataloss',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347832' do
# Create a new project with a commit and wait for it to replicate
praefect_manager.wait_for_replication(project.id)

4
qa/qa/specs/features/api/12_systems/gitaly/distributed_reads_spec.rb
View File

@ -19,7 +19,7 @@ module QA
praefect_manager.wait_for_replication(project.id)
end
it 'reads from each node', :blocking,
it 'reads from each node',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347833' do
pre_read_data = praefect_manager.query_read_distribution
@ -44,7 +44,7 @@ module QA
praefect_manager.start_node(praefect_manager.secondary_node)
end
it 'does not read from the unhealthy node', :blocking,
it 'does not read from the unhealthy node',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347834' do
pre_read_data = praefect_manager.query_read_distribution

2
qa/qa/specs/features/api/12_systems/gitaly/praefect_replication_queue_spec.rb
View File

@ -22,7 +22,7 @@ module QA
praefect_manager.clear_replication_queue
end
it 'allows replication of different repository after interruption', :blocking,
it 'allows replication of different repository after interruption',
quarantine: {
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/489130',
type: :investigating

2
qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb
View File

@ -10,7 +10,7 @@ module QA
end
context 'when imported via api' do
it 'imports project', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347670' do
it 'imports project', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347670' do
expect_project_import_finished_successfully
aggregate_failures do

13
qa/qa/specs/features/api/1_manage/integrations/webhook_events_spec.rb
View File

@ -21,8 +21,7 @@ module QA
let(:session) { SecureRandom.hex(5) }
let(:tag_name) { SecureRandom.hex(5) }
it 'sends a push event',
:blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348945' do
it 'sends a push event', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348945' do
Resource::ProjectWebHook.setup(session: session, push: true) do |webhook, smocker|
Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = webhook.project
@ -32,8 +31,7 @@ module QA
end
end
it 'sends a merge request event',
:blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/349720' do
it 'sends a merge request event', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/349720' do
Resource::ProjectWebHook.setup(session: session, merge_requests: true) do |webhook, smocker|
create(:merge_request, project: webhook.project)
@ -41,8 +39,7 @@ module QA
end
end
it 'sends a wiki page event',
:blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/349722' do
it 'sends a wiki page event', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/349722' do
Resource::ProjectWebHook.setup(session: session, wiki_page: true) do |webhook, smocker|
create(:project_wiki_page, project: webhook.project)
@ -50,7 +47,7 @@ module QA
end
end
it 'sends an issues and note event', :blocking,
it 'sends an issues and note event',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/349723' do
Resource::ProjectWebHook.setup(session: session, issues: true, note: true) do |webhook, smocker|
issue = create(:issue, project: webhook.project)
@ -72,7 +69,7 @@ module QA
end
end
it 'sends a tag event', :blocking,
it 'sends a tag event',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/383577' do
Resource::ProjectWebHook.setup(session: session, tag_push: true) do |webhook, smocker|
project_push = Resource::Repository::ProjectPush.fabricate! do |project_push|

2
qa/qa/specs/features/api/1_manage/migration/gitlab_migration_group_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe "Manage", :blocking, product_group: :import_and_integrate do
RSpec.describe "Manage", product_group: :import_and_integrate do
include_context "with gitlab group migration"
describe "Gitlab migration" do

4
qa/qa/specs/features/api/1_manage/migration/gitlab_migration_members_spec.rb
View File

@ -25,7 +25,7 @@ module QA
end
it(
'member retains indirect membership in imported project', :blocking,
'member retains indirect membership in imported project',
quarantine: {
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/508994',
type: :stale
@ -47,7 +47,7 @@ module QA
end
it(
'member retains direct membership in imported project', :blocking,
'member retains direct membership in imported project',
quarantine: {
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/508993',
type: :stale

2
qa/qa/specs/features/api/1_manage/migration/gitlab_migration_pipeline_spec.rb
View File

@ -43,7 +43,7 @@ module QA
end
it(
'successfully imports ci pipeline', :blocking,
'successfully imports ci pipeline',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/354650'
) do
expect_project_import_finished_successfully

2
qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
View File

@ -119,7 +119,7 @@ module QA
end
it(
'successfully imports project wiki', :blocking,
'successfully imports project wiki',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347567'
) do
expect_project_import_finished_successfully

2
qa/qa/specs/features/api/1_manage/rate_limits_spec.rb
View File

@ -4,7 +4,7 @@ module QA
RSpec.describe 'Manage', :requires_admin, :skip_live_env, only: {
condition: -> { ENV['QA_RUN_TYPE']&.match?("e2e-test-on-omnibus") }
} do
describe 'rate limits', :blocking, product_group: :import_and_integrate do
describe 'rate limits', product_group: :import_and_integrate do
let(:rate_limited_user) { create(:user, :with_personal_access_token) }
let(:api_client) { rate_limited_user.api_client }
let!(:request) { Runtime::API::Request.new(api_client, '/users') }

2
qa/qa/specs/features/api/2_plan/closes_issue_via_pushing_a_commit_spec.rb
View File

@ -7,7 +7,7 @@ module QA
describe 'Issue', product_group: :project_management do
let(:issue) { create(:issue, project: create(:project, :with_readme)) }
it 'closes via pushing a commit', :blocking,
it 'closes via pushing a commit',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347947' do
Resource::Repository::ProjectPush.fabricate! do |push|
push.commit_message = "Closes ##{issue.iid}"

2
qa/qa/specs/features/api/3_create/merge_request/push_options_mwps_spec.rb
View File

@ -16,7 +16,7 @@ module QA
runner.remove_via_api!
end
it 'sets merge when pipeline succeeds', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347843' do
it 'sets merge when pipeline succeeds', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347843' do
create(:commit, project: project, commit_message: 'Add .gitlab-ci.yml', actions: [
{
action: 'create',

2
qa/qa/specs/features/api/3_create/merge_request/push_options_remove_source_branch_spec.rb
View File

@ -2,7 +2,7 @@
module QA
RSpec.describe 'Create' do
describe 'Merge request push options', :blocking, product_group: :code_review do
describe 'Merge request push options', product_group: :code_review do
# If run locally on GDK, push options need to be enabled on the host with the following command:
#
# git config --global receive.advertisepushoptions true

3
qa/qa/specs/features/api/3_create/merge_request/view_merge_requests_spec.rb
View File

@ -10,8 +10,7 @@ module QA
context 'with a malformed URL' do
let(:path) { %(/-/merge_requests?sort=created_date&state=<th:t=\"%24{dfb}%23foreach) }
it 'returns 400 or 302',
:blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/426509' do
it 'returns 400 or 302', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/426509' do
# Ruby's URI module automatically encodes query parameters:
# https://github.com/ruby/uri/blob/f4999b61daa40f2c99fdc7159e2c85c036b22c67/lib/uri/generic.rb#L849
#

2
qa/qa/specs/features/api/3_create/repository/commit_to_templated_project_spec.rb
View File

@ -5,7 +5,7 @@ module QA
describe 'Create a new project from a template', product_group: :source_code do
let(:project) { create(:project, name: 'templated-project', template_name: 'dotnetcore') }
it 'commits via the api', :blocking,
it 'commits via the api',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/357234' do
expect do
create(:commit, project: project, actions: [

4
qa/qa/specs/features/api/3_create/repository/default_branch_name_setting_spec.rb
View File

@ -11,7 +11,7 @@ module QA
Runtime::ApplicationSettings.restore_application_settings(:default_branch_name)
end
it 'sets the default branch name for a new project', :blocking,
it 'sets the default branch name for a new project',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347837' do
project = create(:project, :with_readme, name: 'default-branch-name')
@ -28,7 +28,7 @@ module QA
end
end
it 'allows a project to be created via the CLI with a different default branch name', :blocking,
it 'allows a project to be created via the CLI with a different default branch name',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347838' do
project_name = "default-branch-name-via-cli-#{SecureRandom.hex(8)}"
group = create(:group)

4
qa/qa/specs/features/api/3_create/repository/files_spec.rb
View File

@ -13,7 +13,7 @@ module QA
# this file path deliberately includes a subdirectory which matches the file name to verify file/dir matching logic
let(:file_path) { CGI.escape("føo/#{file_name}/føo/#{file_name}") }
it 'user creates a project with a file and deletes them afterwards', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347745' do
it 'user creates a project with a file and deletes them afterwards', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347745' do
create_project_request = Runtime::API::Request.new(api_client, '/projects')
response = Support::API.post(create_project_request.url, path: project_name, name: project_name)
response_body = parse_body(response)
@ -94,7 +94,7 @@ module QA
SVG
end
it 'sets no-cache headers as expected', :blocking,
it 'sets no-cache headers as expected',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347746' do
create_project_request = Runtime::API::Request.new(api_client, '/projects')
response = Support::API.post(create_project_request.url, path: project_name, name: project_name)

2
qa/qa/specs/features/api/3_create/repository/project_archive_compare_spec.rb
View File

@ -23,7 +23,7 @@ module QA
end
end
it 'download archives of each user project then check they are different', :blocking,
it 'download archives of each user project then check they are different',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347748' do
archive_checksums = {}

2
qa/qa/specs/features/api/3_create/repository/push_postreceive_idempotent_spec.rb
View File

@ -8,7 +8,7 @@ module QA
let(:project) { create(:project, :with_readme, name: 'push-postreceive-idempotent') }
it 'pushes and creates a single push event three times', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347680' do
it 'pushes and creates a single push event three times', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347680' do
verify_single_event_per_push(repeat: 3)
end

2
qa/qa/specs/features/api/3_create/repository/storage_size_spec.rb
View File

@ -16,7 +16,7 @@ module QA
#
# There are unit tests to verify the accuracy of GitLab's determination of repo size, so for this test we
# attempt to detect large differences that could indicate a regression to previous behavior.
it 'matches cloned repo usage to reported usage', :blocking,
it 'matches cloned repo usage to reported usage',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/365196' do
shared_data = SecureRandom.random_bytes(500000)

2
qa/qa/specs/features/api/3_create/repository/tag_revision_trigger_prereceive_hook_spec.rb
View File

@ -19,7 +19,7 @@ module QA
project.change_path("project-reject-prereceive-#{SecureRandom.hex(8)}")
end
it 'returns a custom server hook error', :blocking, :skip_live_env,
it 'returns a custom server hook error', :skip_live_env,
except: { job: 'review-qa-*' },
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/369053' do
expect { project.create_repository_tag('v1.2.3') }

2
qa/qa/specs/features/api/4_verify/api_variable_inheritance_with_forward_pipeline_variables_spec.rb
View File

@ -11,7 +11,7 @@ module QA
end
it(
'is determined based on forward:pipeline_variables condition', :blocking,
'is determined based on forward:pipeline_variables condition',
:aggregate_failures,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/360745'
) do

2
qa/qa/specs/features/api/4_verify/cancel_pipeline_when_block_user_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Verify', :requires_admin, :blocking, product_group: :pipeline_execution do
RSpec.describe 'Verify', :requires_admin, product_group: :pipeline_execution do
describe 'When user is blocked' do
let(:user) { create(:user).tap(&:create_personal_access_token!) }
let(:admin_user) { Runtime::User::Store.admin_user }

2
qa/qa/specs/features/api/4_verify/file_variable_spec.rb
View File

@ -74,7 +74,7 @@ module QA
end
it(
'can read file variable content with cat', :blocking,
'can read file variable content with cat',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/386409'
) do
job = create(:job, project: project, id: project.job_by_name('job_cat')[:id])

2
qa/qa/specs/features/api/4_verify/job_downloads_artifacts_spec.rb
View File

@ -65,7 +65,7 @@ module QA
runner.remove_via_api!
end
it 'are not downloaded when dependencies array is set to empty', :blocking,
it 'are not downloaded when dependencies array is set to empty',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/424958' do
# If this job fails, the 'failed' status of pipeline is no longer helpful
# We should exit the test case here

4
qa/qa/specs/features/api/8_monitor/metrics_spec.rb
View File

@ -26,7 +26,7 @@ module QA
let(:port) { '8083' }
let(:path) { '/metrics' }
it 'returns 200 OK and serves metrics', :blocking,
it 'returns 200 OK and serves metrics',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/362912' do
expect(response.code).to be(200)
expect(response.body).to match(/^puma_/)
@ -39,7 +39,7 @@ module QA
let(:port) { '8082' }
let(:path) { '/metrics' }
it 'returns 200 OK and serves metrics', :blocking,
it 'returns 200 OK and serves metrics',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/362913' do
expect(response.code).to be(200)
expect(response.body).to match(/^sidekiq_/)

7
qa/qa/specs/features/api/9_data_stores/user_inherited_access_spec.rb
View File

@ -27,7 +27,6 @@ module QA
it(
'is allowed to push code to sub-group project via the CLI',
:blocking,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363345'
) do
expect do
@ -44,7 +43,6 @@ module QA
it(
'is allowed to create a file in sub-group project via the API',
:blocking,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363348'
) do
# Retry is needed due to delays with project authorization updates
@ -61,7 +59,7 @@ module QA
end
it(
'is allowed to commit to sub-group project via the API', :blocking,
'is allowed to commit to sub-group project via the API',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363349'
) do
# Retry is needed due to delays with project authorization updates
@ -99,7 +97,6 @@ module QA
it(
'is not allowed to push code to parent group project via the CLI',
:blocking,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363344'
) do
expect do
@ -116,7 +113,6 @@ module QA
it(
'is not allowed to create a file in parent group project via the API',
:blocking,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363343'
) do
expect do
@ -129,7 +125,6 @@ module QA
it(
'is not allowed to commit to parent group project via the API',
:blocking,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363342'
) do
expect do

2
qa/qa/specs/features/browser_ui/10_govern/login/2fa_recovery_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Govern', :requires_admin, :skip_live_env, :blocking do
RSpec.describe 'Govern', :requires_admin, :skip_live_env do
describe '2FA', product_group: :authentication do
let(:owner_user) { Runtime::User::Store.test_user }
let(:owner_api_client) { owner_user.api_client }

2
qa/qa/specs/features/browser_ui/10_govern/login/2fa_ssh_recovery_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Govern', :blocking, :requires_admin, :skip_live_env,
RSpec.describe 'Govern', :requires_admin, :skip_live_env,
product_group: :authentication do
describe '2FA' do
let!(:user) { Runtime::User::Store.test_user }

2
qa/qa/specs/features/browser_ui/10_govern/login/log_in_with_2fa_spec.rb
View File

@ -32,7 +32,7 @@ module QA
end
it(
'allows enforcing 2FA via UI and logging in with 2FA', :blocking,
'allows enforcing 2FA via UI and logging in with 2FA',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347931'
) do
enforce_two_factor_authentication_on_group(group)

2
qa/qa/specs/features/browser_ui/10_govern/login/log_into_gitlab_via_ldap_spec.rb
View File

@ -3,7 +3,7 @@
module QA
RSpec.describe 'Govern', :orchestrated, :ldap_no_tls, :ldap_tls, product_group: :authentication do
describe 'LDAP login' do
it 'user logs into GitLab using LDAP credentials', :blocking,
it 'user logs into GitLab using LDAP credentials',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347892' do
Flow::Login.sign_in

2
qa/qa/specs/features/browser_ui/10_govern/login/log_into_mattermost_via_gitlab_spec.rb
View File

@ -3,7 +3,7 @@
module QA
RSpec.describe 'Govern', :orchestrated, :mattermost, product_group: :authentication do
describe 'Mattermost login' do
it 'user logs into Mattermost using GitLab OAuth', :blocking,
it 'user logs into Mattermost using GitLab OAuth',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347891' do
Flow::Login.sign_in

2
qa/qa/specs/features/browser_ui/10_govern/login/login_via_instance_wide_saml_sso_spec.rb
View File

@ -4,7 +4,7 @@ module QA
RSpec.describe 'Govern', :orchestrated, :instance_saml, product_group: :authentication do
describe 'Instance wide SAML SSO' do
it(
'user logs in to gitlab with SAML SSO', :blocking,
'user logs in to gitlab with SAML SSO',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347895'
) do
Runtime::Browser.visit(:gitlab, Page::Main::Login)

2
qa/qa/specs/features/browser_ui/10_govern/login/oauth_login_with_github_spec.rb
View File

@ -3,7 +3,7 @@
module QA
RSpec.describe 'Govern', :orchestrated, :oauth, product_group: :authentication do
describe 'OAuth' do
it 'connects and logs in with GitHub OAuth', :blocking,
it 'connects and logs in with GitHub OAuth',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/402405' do
Runtime::Browser.visit(:gitlab, Page::Main::Login)

2
qa/qa/specs/features/browser_ui/10_govern/user/impersonation_token_spec.rb
View File

@ -8,7 +8,7 @@ module QA
let!(:user) { create(:user, :hard_delete, api_client: admin_api_client) }
it(
'can be created and revoked via the UI', :blocking,
'can be created and revoked via the UI',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/368888'
) do
impersonation_token = QA::Resource::ImpersonationToken.fabricate_via_browser_ui! do |impersonation_token|

6
qa/qa/specs/features/browser_ui/10_govern/user/user_access_termination_spec.rb
View File

@ -19,7 +19,7 @@ module QA
sandbox.remove_member(user)
end
it 'is not allowed to push code via the CLI', :blocking,
it 'is not allowed to push code via the CLI',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347863' do
QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do
expect do
@ -36,7 +36,7 @@ module QA
end
end
it 'is not allowed to create a file via the API', :blocking,
it 'is not allowed to create a file via the API',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347864' do
QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do
expect do
@ -48,7 +48,7 @@ module QA
end
end
it 'is not allowed to commit via the API', :blocking,
it 'is not allowed to commit via the API',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347865' do
QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do
expect do

2
qa/qa/specs/features/browser_ui/14_analytics/performance_bar_spec.rb
View File

@ -21,7 +21,7 @@ module QA
end
it(
'shows results for the original request and AJAX requests', :blocking,
'shows results for the original request and AJAX requests',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348030'
) do
# Issue pages always make AJAX requests

2
qa/qa/specs/features/browser_ui/14_analytics/service_ping_default_enabled_spec.rb
View File

@ -12,7 +12,7 @@ module QA
end
it(
'has service ping toggle enabled', :blocking,
'has service ping toggle enabled',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348335'
) do
Page::Admin::Settings::MetricsAndProfiling.perform do |setting|

2
qa/qa/specs/features/browser_ui/14_analytics/service_ping_disabled_spec.rb
View File

@ -12,7 +12,7 @@ module QA
end
it(
'has service ping toggle is disabled', :blocking,
'has service ping toggle is disabled',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/348340'
) do
Page::Admin::Settings::MetricsAndProfiling.perform do |settings|

2
qa/qa/specs/features/browser_ui/1_manage/integrations/jenkins/jenkins_build_status_spec.rb
View File

@ -36,7 +36,7 @@ module QA
toggle_local_requests(false)
end
it 'integrates and displays build status for MR pipeline in GitLab', :blocking,
it 'integrates and displays build status for MR pipeline in GitLab',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347788' do
setup_project_integration

4
qa/qa/specs/features/browser_ui/1_manage/integrations/jira/jira_basic_integration_spec.rb
View File

@ -33,7 +33,7 @@ module QA
expect(page).not_to have_text("Requests to the local network are not allowed") # rubocop:disable RSpec/ExpectInHook
end
it 'closes an issue via pushing a commit', :blocking,
it 'closes an issue via pushing a commit',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347794' do
issue_key = Vendor::Jira::JiraAPI.perform do |jira_api|
jira_api.create_issue(jira_project_key)
@ -44,7 +44,7 @@ module QA
expect_issue_done(issue_key)
end
it 'closes an issue via a merge request', :blocking,
it 'closes an issue via a merge request',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347795' do
issue_key = Vendor::Jira::JiraAPI.perform do |jira_api|
jira_api.create_issue(jira_project_key)

2
qa/qa/specs/features/browser_ui/1_manage/integrations/jira/jira_issue_import_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Manage', :blocking do
RSpec.describe 'Manage' do
describe 'Jira issue import', :jira, :orchestrated, :requires_admin, product_group: :import_and_integrate do
let(:jira_project_key) { "JITD" }
let(:jira_issue_title) { "[#{jira_project_key}-1] Jira to GitLab Test Issue" }

6
qa/qa/specs/features/browser_ui/1_manage/integrations/pipeline_status_emails_spec.rb
View File

@ -41,13 +41,11 @@ module QA
setup_pipeline_emails(emails)
end
describe 'when pipeline passes',
:blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/366240' do
describe 'when pipeline passes', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/366240' do
include_examples 'notifies on a pipeline', 0
end
describe 'when pipeline fails',
:blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/366241' do
describe 'when pipeline fails', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/366241' do
include_examples 'notifies on a pipeline', 1
end

2
qa/qa/specs/features/browser_ui/1_manage/migration/gitlab_migration_group_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
describe 'Manage', :blocking, product_group: :import_and_integrate do
describe 'Manage', product_group: :import_and_integrate do
describe 'Gitlab migration' do
include_context "with gitlab group migration"

2
qa/qa/specs/features/browser_ui/2_plan/design_management/add_design_content_spec.rb
View File

@ -18,7 +18,7 @@ module QA
Flow::Login.sign_in
end
it 'user adds a design and annotates it', :blocking,
it 'user adds a design and annotates it',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347822' do
issue.visit!

2
qa/qa/specs/features/browser_ui/2_plan/design_management/archive_design_content_spec.rb
View File

@ -24,7 +24,7 @@ module QA
end
it(
'user archives a design', :blocking,
'user archives a design',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347713'
) do
third_design.issue.visit!

2
qa/qa/specs/features/browser_ui/2_plan/design_management/modify_design_content_spec.rb
View File

@ -14,7 +14,7 @@ module QA
end
it(
'user adds a design and modifies it', :blocking,
'user adds a design and modifies it',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347712'
) do
design.issue.visit!

2
qa/qa/specs/features/browser_ui/2_plan/email/trigger_email_notification_spec.rb
View File

@ -13,7 +13,7 @@ module QA
Flow::Login.sign_in
end
it 'is received by a user for project invitation', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347961' do
it 'is received by a user for project invitation', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347961' do
project.visit!
Page::Project::Menu.perform(&:go_to_members)

2
qa/qa/specs/features/browser_ui/2_plan/issue/collapse_comments_in_discussions_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, product_group: :project_management do
RSpec.describe 'Plan', product_group: :project_management do
describe 'collapse comments in issue discussions' do
let(:my_first_reply) { 'My first reply' }
let(:one_reply) { '1 reply' }

2
qa/qa/specs/features/browser_ui/2_plan/issue/custom_issue_template_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, product_group: :project_management do
RSpec.describe 'Plan', product_group: :project_management do
describe 'Custom issue templates' do
let(:template_name) { 'custom_issue_template' }
let(:template_content) { 'This is a custom issue template test' }

2
qa/qa/specs/features/browser_ui/2_plan/issue/export_as_csv_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, product_group: :project_management do
RSpec.describe 'Plan', product_group: :project_management do
describe 'Issues list' do
let(:project) { create(:project, name: 'project-to-test-export-issues-as-csv') }

2
qa/qa/specs/features/browser_ui/2_plan/issue/issue_suggestions_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, product_group: :project_management do
RSpec.describe 'Plan', product_group: :project_management do
describe 'issue suggestions' do
let(:issue_title) { 'Issue Lists are awesome' }

2
qa/qa/specs/features/browser_ui/2_plan/issue/real_time_assignee_spec.rb
View File

@ -14,7 +14,7 @@ module QA
project.add_member(user2)
end
it 'update without refresh', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347941' do
it 'update without refresh', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347941' do
issue = create(:issue, project: project, assignee_ids: [user1.id])
issue.visit!

2
qa/qa/specs/features/browser_ui/2_plan/issue_boards/focus_mode_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, product_group: :project_management do
RSpec.describe 'Plan', product_group: :project_management do
describe 'Issue board focus mode' do
let(:project) { create(:project, name: 'sample-project-issue-board-focus-mode') }

2
qa/qa/specs/features/browser_ui/2_plan/milestone/create_group_milestone_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, :db_migrate, product_group: :project_management do
RSpec.describe 'Plan', :db_migrate, product_group: :project_management do
describe 'Group milestone' do
include Support::Dates

6
qa/qa/specs/features/browser_ui/2_plan/project_wiki/project_based_content_creation_spec.rb
View File

@ -16,7 +16,7 @@ module QA
Flow::Login.sign_in
end
it 'by adding a home page to the wiki', :blocking,
it 'by adding a home page to the wiki',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347809' do
project.visit!
@ -37,7 +37,7 @@ module QA
end
end
it 'by adding a second page to the wiki', :blocking,
it 'by adding a second page to the wiki',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347808' do
wiki.visit!
@ -91,7 +91,7 @@ module QA
end
end
it 'by adding a wiki page with spaces in the path using git push', :blocking,
it 'by adding a wiki page with spaces in the path using git push',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/442387' do
Resource::Repository::WikiPush.fabricate! do |push|
push.file_name = "#{new_wiki_page_with_spaces_in_the_path}.md"

2
qa/qa/specs/features/browser_ui/2_plan/project_wiki/project_based_content_manipulation_spec.rb
View File

@ -16,7 +16,7 @@ module QA
Flow::Login.sign_in
end
it 'by manipulating content on the page', :blocking,
it 'by manipulating content on the page',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347810' do
wiki.visit!

2
qa/qa/specs/features/browser_ui/2_plan/project_wiki/project_based_directory_management_spec.rb
View File

@ -10,7 +10,7 @@ module QA
Flow::Login.sign_in
end
it 'can change the directory path of a page', :blocking,
it 'can change the directory path of a page',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347821' do
initial_wiki.visit!

2
qa/qa/specs/features/browser_ui/2_plan/project_wiki/project_based_file_upload_spec.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
module QA
RSpec.describe 'Plan', :blocking, product_group: :knowledge do
RSpec.describe 'Plan', product_group: :knowledge do
describe 'Testing project wiki file upload' do
let(:initial_wiki) { create(:project_wiki_page) }
let(:page_title) { 'Content Editor Page' }

4
qa/qa/specs/features/browser_ui/2_plan/project_wiki/project_based_list_spec.rb
View File

@ -15,7 +15,7 @@ module QA
end
context 'with Wiki Sidebar' do
it 'has all expected links that work', :blocking,
it 'has all expected links that work',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347814' do
small_wiki.visit!
@ -36,7 +36,7 @@ module QA
end
context 'with Wiki Page List' do
it 'has all expected links that work', :blocking,
it 'has all expected links that work',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347813' do
large_wiki.visit!

2
qa/qa/specs/features/browser_ui/2_plan/project_wiki/project_based_page_deletion_spec.rb
View File

@ -12,7 +12,7 @@ module QA
Flow::Login.sign_in
end
it 'can delete a page', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347815' do
it 'can delete a page', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347815' do
initial_wiki.visit!
Page::Project::Wiki::Show.perform(&:click_edit)

Some files were not shown because too many files have changed in this diff Show More