root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-06-17 21:11:08 +00:00
parent 22a5ad5901
commit ca0ea54efa
18 changed files with 96 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/api/dependency_list_export.md
View File

@ -71,6 +71,7 @@ Exports can be requested in different file formats. Some formats are only availa
| ----------- | ----------- | ------------- |
| `dependency_list` | A standard JSON object that lists the dependencies as key-value pairs. | Projects |
| `sbom` | A [CycloneDX](https://cyclonedx.org/) 1.4 bill of materials | Pipelines |
| `cyclonedx_1_6_json` | A [CycloneDX](https://cyclonedx.org/) 1.6 bill of materials | Projects |
| `json_array` | A flat JSON array that contains component objects. | Groups |
| `csv` | A comma-separated values (CSV) document. | Projects, Groups |

21
doc/api/project_templates.md
View File

@ -38,6 +38,13 @@ GET /projects/:id/templates/:type
| `id` | integer or string | Yes | The ID or [URL-encoded path of the project](rest/_index.md#namespaced-paths). |
| `type` | string | Yes | The type of the template. Accepted values are: `dockerfiles`, `gitignores`, `gitlab_ci_ymls`, `licenses`, `issues`, or `merge_requests`. |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/1/templates/licenses"
```
Example response (licenses):
```json
@ -108,6 +115,13 @@ GET /projects/:id/templates/:type/:name
| `project` | string | No | The project name to use when expanding placeholders in the template. Affects only licenses. |
| `source_template_project_id` | integer | No | The project ID where a given template is being stored. Helpful when multiple templates from different projects have the same name. If multiple templates have the same name, the match from `closest ancestor` is returned if `source_template_project_id` is not specified, |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/1/templates/dockerfiles/Binary"
```
Example response (Dockerfile):
```json
@ -117,6 +131,13 @@ Example response (Dockerfile):
}
```
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/1/templates/licenses/mit"
```
Example response (license):
```json

2
doc/api/rest/troubleshooting.md
View File

@ -3,7 +3,7 @@ stage: Foundations
group: Import and Integrate
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Programmatic interaction with GitLab.
title: REST API troubleshooting
title: Troubleshooting the REST API
---
{{< details >}}

2
doc/ci/pipelines/mr_pipeline_troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: Verify
group: Pipeline Execution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Merge request pipeline troubleshooting
title: Troubleshooting merge request pipelines
---
{{< details >}}

2
doc/editor_extensions/eclipse/troubleshooting.md
View File

@ -3,7 +3,7 @@ stage: Create
group: Editor Extensions
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Connect and use GitLab Duo in Eclipse.
title: Eclipse troubleshooting
title: Troubleshooting Eclipse
---
{{< details >}}

2
doc/editor_extensions/jetbrains_ide/jetbrains_troubleshooting.md
View File

@ -3,7 +3,7 @@ stage: Create
group: Editor Extensions
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Connect and use GitLab Duo in JetBrains IDEs.
title: JetBrains troubleshooting
title: Troubleshooting JetBrains
---
If the steps on this page don't solve your problem, check the

2
doc/editor_extensions/neovim/neovim_troubleshooting.md
View File

@ -3,7 +3,7 @@ stage: Create
group: Editor Extensions
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Connect and use GitLab Duo in Neovim.
title: Neovim troubleshooting
title: Troubleshooting Neovim
---
When troubleshooting the GitLab plugin for Neovim, you should confirm if an issue still occurs

2
doc/update/background_migrations_troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: Data Access
group: Database Frameworks
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting
title: Troubleshooting background migrations
---
{{< details >}}

2
doc/update/package/package_troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: GitLab Delivery
group: Self Managed
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting
title: Troubleshooting package installation
---
{{< details >}}

2
doc/user/application_security/api_fuzzing/troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: Application Security Testing
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting
title: Troubleshooting API Fuzzing jobs
---
## API Fuzzing job times out after N hours

2
doc/user/application_security/api_security_testing/troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: Application Security Testing
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting
title: Troubleshooting API security testing jobs
---
## API security testing job times out after N hours

6
doc/user/application_security/dast/browser/troubleshooting.md
View File

@ -3,7 +3,7 @@ type: reference, howto
stage: Application Security Testing
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshooting
title: Troubleshooting DAST scans
---
The following troubleshooting scenarios have been collected from customer support cases. If you
@ -167,7 +167,7 @@ The modules that can be configured for logging are as follows:
As a simpler alternative to configuring log modules with `DAST_LOG_FILE_CONFIG`, you can set `SECURE_LOG_LEVEL`:
- To any of the [supported log levels](#log-levels).
- To any of the [supported log levels](#log-levels).
When you do this, the specified level becomes the default log level in the log file for all modules.
- To `debug` or `trace` to enable the [auth report](configuration/authentication.md#configure-the-authentication-report).
- To `trace` to enable [DevTools logging](#chromium-devtools-logging).
@ -183,7 +183,7 @@ dast:
SECURE_LOG_LEVEL: "trace"
# is equivalent to:
# DAST_LOG_FILE_CONFIG: "loglevel:trace"
# DAST_LOG_DEVTOOLS_CONFIG: "Default:messageAndBody,truncate:2000"
# DAST_LOG_DEVTOOLS_CONFIG: "Default:messageAndBody,truncate:2000"
# DAST_AUTH_REPORT: "true"
```

57
doc/user/compliance/compliance_frameworks/compliance_standards.md
View File

@ -24,6 +24,63 @@ compliance standards.
The [Compliance Adherence Templates](https://gitlab.com/gitlab-org/software-supply-chain-security/compliance/engineering/compliance-adherence-templates) project
contains a library of JSON templates. Use these templates to quickly adopt predefined compliance frameworks.
## FedRAMP compliance requirements
FedRAMP (Federal Risk and Authorization Management Program) categorizes cloud services into three impact levels: Low, Moderate, and High, based on the potential impact of a data breach on government operations, assets, or individuals. These levels correspond to different sets of security controls and requirements that cloud service providers (CSPs) must meet to achieve FedRAMP authorization. Controls are available for FedRAMP Low, FedRAMP Moderate, and FedRAMP High compliance.
### FedRAMP Low compliance requirements
The following table lists the requirements supported by GitLab for FedRAMP Low and the controls for the requirements.
| FedRAMP Low requirement | Description | Supported controls |
|:-----------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------|
| CM-5: Access Restrictions for Change | Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. | <ul><li>Default branch protected</li><li>At least two approvals</li></ul> |
| CM-6: Configuration Settings | Establish and document configuration settings for components employed in the system that reflect the most restrictive mode consistent with operational requirements using organization-defined common secure configurations; implement the configuration settings; identify, document, and approve any deviations from established configuration settings for organization-defined system components based on organization-defined operational requirements; and monitor and control changes to the configuration settings in accordance with organizational policies and procedures. | <ul><li>Author approved merge request is forbidden</li></ul> |
| CM-7: Least Functionality | Configure the system to provide only organization-defined mission essential capabilities; and prohibit or restrict organization-defined functions, system ports, protocols, software, or services. | <ul><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-10: Software Usage Restrictions | Use software and associated documentation in accordance with contract agreements and copyright laws; track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. | <ul><li>License compliance running</li></ul> |
| IA-2(12): Acceptance of PIV Credentials | Accept and electronically verify Personal Identity Verification (PIV) credentials. | <ul><li>Auth SSO enabled</li></ul> |
| IA-8(1): Acceptance of PIV Credentials From Other Agencies | Accept and electronically verify Personal Identity Verification (PIV) credentials from other federal agencies. | <ul><li>Auth SSO enabled</li></ul> |
| RA-5: Vulnerability Monitoring and Scanning | Scan for vulnerabilities in the system and hosted applications; employ vulnerability scanning tools and techniques; analyze vulnerability scan reports and results; remediate legitimate vulnerabilities; and share vulnerability information. | <ul><li>Dependency scanning running</li><li>Container scanning running</li><li>DAST running</li><li>API security running</li><li>Fuzz testing running</li></ul> |
### FedRAMP Moderate compliance requirements
The following table lists the requirements supported by GitLab for FedRAMP Moderate and the controls for the requirements.
| FedRAMP Moderate requirement | Description | Supported controls |
|:-----------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------|
| AC-5: Separation of Duties | Separate duties of individuals to prevent malevolent activity without collusion; document separation of duties; and define system access authorizations to support separation of duties. | <ul><li>At least two approvals</li><li>Author approved merge request is forbidden</li><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-3: Configuration Change Control | Determine and document the types of changes to the system that are configuration-controlled; review proposed configuration-controlled changes and approve or disapprove such changes with explicit consideration for security and privacy impact analyses; document configuration change decisions; implement approved configuration-controlled changes to the system; retain records of configuration-controlled changes to the system for organization-defined time period; monitor and review activities associated with configuration-controlled changes to the system; and coordinate and provide oversight for configuration change control activities through organization-defined configuration change control element. | <ul><li>Default branch protected</li><li>At least two approvals</li><li>Author approved merge request is forbidden</li><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-5: Access Restrictions for Change | Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. | <ul><li>Default branch protected</li><li>At least two approvals</li></ul> |
| CM-6: Configuration Settings | Establish and document configuration settings for components employed in the system that reflect the most restrictive mode consistent with operational requirements using organization-defined common secure configurations; implement the configuration settings; identify, document, and approve any deviations from established configuration settings for organization-defined system components based on organization-defined operational requirements; and monitor and control changes to the configuration settings in accordance with organizational policies and procedures. | <ul><li>Author approved merge request is forbidden</li></ul> |
| CM-7: Least Functionality | Configure the system to provide only organization-defined mission essential capabilities; and prohibit or restrict organization-defined functions, system ports, protocols, software, or services. | <ul><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-10: Software Usage Restrictions | Use software and associated documentation in accordance with contract agreements and copyright laws; track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. | <ul><li>License compliance running</li></ul> |
| IA-2(12): Acceptance of PIV Credentials | Accept and electronically verify Personal Identity Verification (PIV) credentials. | <ul><li>Auth SSO enabled</li></ul> |
| IA-5(7): No Embedded Unencrypted Static Authenticators | Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage. | <ul><li>Secret detection running</li></ul> |
| IA-8(1): Acceptance of PIV Credentials From Other Agencies | Accept and electronically verify Personal Identity Verification (PIV) credentials from other federal agencies. | <ul><li>Auth SSO enabled</li></ul> |
| RA-5: Vulnerability Monitoring and Scanning | Scan for vulnerabilities in the system and hosted applications; employ vulnerability scanning tools and techniques; analyze vulnerability scan reports and results; remediate legitimate vulnerabilities; and share vulnerability information. | <ul><li>Dependency scanning running</li><li>Container scanning running</li><li>DAST running</li><li>API security running</li><li>Fuzz testing running</li></ul> |
| SA-11(1): Static Code Analysis | Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis. | <ul><li>SAST running</li></ul> |
| SA-11(8): Dynamic Code Analysis | Require the developer of the system, system component, or system service to employ dynamic code analysis tools to identify common flaws and document the results of the analysis. | <ul><li>DAST running</li><li>Fuzz testing running</li></ul> |
### FedRAMP High compliance requirements
The following table lists the requirements supported by GitLab for FedRAMP High and the controls for the requirements.
| FedRAMP High requirement | Description | Supported controls |
|:---------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------|
| AC-5: Separation of Duties | Separate duties of individuals to prevent malevolent activity without collusion; document separation of duties; and define system access authorizations to support separation of duties. | <ul><li>At least two approvals</li><li>Author approved merge request is forbidden</li><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-3: Configuration Change Control | Determine and document the types of changes to the system that are configuration-controlled; review proposed configuration-controlled changes and approve or disapprove such changes with explicit consideration for security and privacy impact analyses; document configuration change decisions; implement approved configuration-controlled changes to the system; retain records of configuration-controlled changes to the system for organization-defined time period; monitor and review activities associated with configuration-controlled changes to the system; and coordinate and provide oversight for configuration change control activities through organization-defined configuration change control element. | <ul><li>Default branch protected</li><li>At least two approvals</li><li>Author approved merge request is forbidden</li><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-3(1): Automated Documentation, Notification, and Prohibition of Changes | Use automated mechanisms to document proposed changes to the system; notify organization-defined approval authorities; highlight change approvals that have not been received by organization-defined time period; prohibit changes to the system until designated approvals are received; and document all changes to the system. | <ul><li>At least two approvals</li><li>Author approved merge request is forbidden</li><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-5: Access Restrictions for Change | Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. | <ul><li>Default branch protected</li><li>At least two approvals</li></ul> |
| CM-6: Configuration Settings | Establish and document configuration settings for components employed in the system that reflect the most restrictive mode consistent with operational requirements using organization-defined common secure configurations; implement the configuration settings; identify, document, and approve any deviations from established configuration settings for organization-defined system components based on organization-defined operational requirements; and monitor and control changes to the configuration settings in accordance with organizational policies and procedures. | <ul><li>Author approved merge request is forbidden</li></ul> |
| CM-7: Least Functionality | Configure the system to provide only organization-defined mission essential capabilities; and prohibit or restrict organization-defined functions, system ports, protocols, software, or services. | <ul><li>Committers approved merge request is forbidden</li><li>Merge requests approval rules prevent editing</li></ul> |
| CM-10: Software Usage Restrictions | Use software and associated documentation in accordance with contract agreements and copyright laws; track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. | <ul><li>License compliance running</li></ul> |
| IA-2(12): Acceptance of PIV Credentials | Accept and electronically verify Personal Identity Verification (PIV) credentials. | <ul><li>Auth SSO enabled</li></ul> |
| IA-5(7): No Embedded Unencrypted Static Authenticators | Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage. | <ul><li>Secret detection running</li></ul> |
| IA-8(1): Acceptance of PIV Credentials From Other Agencies | Accept and electronically verify Personal Identity Verification (PIV) credentials from other federal agencies. | <ul><li>Auth SSO enabled</li></ul> |
| RA-5: Vulnerability Monitoring and Scanning | Scan for vulnerabilities in the system and hosted applications; employ vulnerability scanning tools and techniques; analyze vulnerability scan reports and results; remediate legitimate vulnerabilities; and share vulnerability information. | <ul><li>Dependency scanning running</li><li>Container scanning running</li><li>DAST running</li><li>API security running</li><li>Fuzz testing running</li></ul> |
| SA-11(1): Static Code Analysis | Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis. | <ul><li>SAST running</li></ul> |
| SA-11(8): Dynamic Code Analysis | Require the developer of the system, system component, or system service to employ dynamic code analysis tools to identify common flaws and document the results of the analysis. | <ul><li>DAST running</li><li>Fuzz testing running</li></ul> |
## ISMAP compliance requirements
The Information system Security Management and Assessment Program (ISMAP) aims to secure the security level of the government's cloud service procurement

2
doc/user/duo_workflow/_index.md
View File

@ -10,7 +10,7 @@ title: GitLab Duo Workflow
- Tier: Ultimate
- Offering: GitLab.com
- Status: Private beta
- LLM: Anthropic [Claude 3.5 Sonnet](https://console.cloud.google.com/vertex-ai/publishers/anthropic/model-garden/claude-3-5-sonnet)
- LLM: Anthropic [Claude Sonnet 4](https://www.anthropic.com/claude/sonnet)
{{< /details >}}

2
doc/user/duo_workflow/troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: AI-powered
group: Duo Workflow
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Troubleshoot GitLab Duo Workflow
title: Troubleshooting GitLab Duo Workflow
---
{{< details >}}

2
doc/user/gitlab_duo_chat/agentic_chat.md
View File

@ -11,7 +11,7 @@ title: GitLab Duo Agentic Chat in VS Code
- Add-on: GitLab Duo Core, Pro, or Enterprise
- Offering: GitLab.com
- Status: Experiment
- LLMs: Anthropic [Claude 3.7 Sonnet](https://console.cloud.google.com/vertex-ai/publishers/anthropic/model-garden/claude-3-7-sonnet)
- LLMs: Anthropic [Claude Sonnet 4](https://console.cloud.google.com/vertex-ai/publishers/anthropic/model-garden/claude-sonnet-4)
{{< /details >}}

2
doc/user/gitlab_duo_chat/troubleshooting.md
View File

@ -2,7 +2,7 @@
stage: AI-powered
group: Duo Chat
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: GitLab Duo Chat troubleshooting
title: Troubleshooting GitLab Duo Chat
---
When working with GitLab Duo Chat, you might encounter the following issues.

2
doc/user/project/merge_requests/merge_request_troubleshooting.md
View File

@ -3,7 +3,7 @@ stage: Create
group: Code Review
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Troubleshooting help for merge requests.
title: Merge request troubleshooting
title: Troubleshooting merge requests
---
{{< details >}}