Add latest changes from gitlab-org/gitlab@master

.gitlab/CODEOWNERS

@@ -248,15 +248,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/administration/object_storage.md @axil
 /doc/administration/operations/ @axil
 /doc/administration/operations/moving_repositories.md @eread
+/doc/administration/operations/fast_ssh_key_lookup.md @aqualls
 /doc/administration/operations/sidekiq_memory_killer.md @sselhorn
 /doc/administration/package_information/ @axil
 /doc/administration/packages/ @claytoncornell
 /doc/administration/pages/index.md @aqualls
 /doc/administration/pages/source.md @aqualls
 /doc/administration/polling.md @axil
-/doc/administration/postgresql/ @sselhorn
+/doc/administration/postgresql/ @aqualls
 /doc/administration/pseudonymizer.md @axil
 /doc/administration/raketasks/ @axil
+/doc/administration/raketasks/ldap.md @eread
 /doc/administration/raketasks/praefect.md @eread
 /doc/administration/read_only_gitlab.md @axil
 /doc/administration/redis/ @axil
@@ -277,8 +279,9 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/administration/terraform_state.md @sselhorn
 /doc/administration/timezone.md @axil
 /doc/administration/troubleshooting/ @axil
-/doc/administration/troubleshooting/elasticsearch.md @rdickenson
-/doc/administration/troubleshooting/postgresql.md @sselhorn
+/doc/administration/troubleshooting/elasticsearch.md @sselhorn
+/doc/administration/troubleshooting/group_saml_scim.md @eread
+/doc/administration/troubleshooting/postgresql.md @aqualls
 /doc/administration/uploads.md @axil
 /doc/administration/user_settings.md @eread
 /doc/administration/whats-new.md @kpaizee
@@ -437,7 +440,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/api/vulnerability_findings.md @claytoncornell
 /doc/api/wikis.md @aqualls
 /doc/architecture/blueprints/container_registry_metadata_database/index.md @claytoncornell
-/doc/architecture/blueprints/database/scalability/patterns/ @sselhorn
+/doc/architecture/blueprints/database/scalability/patterns/ @aqualls
 /doc/architecture/blueprints/gitlab_to_kubernetes_communication/index.md @sselhorn
 /doc/ci/caching/index.md @marcel.amirault
 /doc/ci/chatops/index.md @sselhorn
@@ -479,6 +482,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/ci/review_apps/index.md @marcel.amirault
 /doc/ci/runners/ @sselhorn
 /doc/ci/secrets/index.md @marcel.amirault
+/doc/ci/secure_files/index.md @marcel.amirault
 /doc/ci/services/ @sselhorn
 /doc/ci/ssh_keys/index.md @marcel.amirault
 /doc/ci/test_cases/index.md @msedlakjakubowski
@@ -487,14 +491,13 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/ci/unit_test_reports.md @marcel.amirault
 /doc/ci/variables/ @marcel.amirault
 /doc/ci/yaml/ @marcel.amirault
-/doc/development/adding_database_indexes.md @sselhorn
+/doc/development/adding_database_indexes.md @aqualls
 /doc/development/application_limits.md @axil
 /doc/development/approval_rules.md @aqualls
 /doc/development/audit_event_guide/index.md @eread
 /doc/development/auto_devops.md @sselhorn
-/doc/development/backend/create_source_code_be/index.md @aqualls
+/doc/development/backend/create_source_code_be/ @aqualls
 /doc/development/backend/ruby_style_guide.md @sselhorn
-/doc/development/batched_background_migrations.md @sselhorn
 /doc/development/build_test_package.md @axil
 /doc/development/bulk_import.md @eread
 /doc/development/cached_queries.md @sselhorn
@@ -507,23 +510,19 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/code_intelligence/index.md @aqualls
 /doc/development/contributing/ @sselhorn
 /doc/development/contributing/merge_request_workflow.md @aqualls
-/doc/development/creating_enums.md @sselhorn
-/doc/development/database_debugging.md @sselhorn
-/doc/development/database_query_comments.md @sselhorn
-/doc/development/database_review.md @sselhorn
-/doc/development/database/ @sselhorn
-/doc/development/database/multiple_databases.md @sselhorn
-/doc/development/db_dump.md @sselhorn
+/doc/development/creating_enums.md @aqualls
+/doc/development/database_debugging.md @aqualls
+/doc/development/database_query_comments.md @aqualls
+/doc/development/database_review.md @aqualls
+/doc/development/database/ @aqualls
+/doc/development/db_dump.md @aqualls
 /doc/development/developing_with_solargraph.md @aqualls
 /doc/development/diffs.md @aqualls
 /doc/development/distributed_tracing.md @msedlakjakubowski
-/doc/development/documentation/feature_flags.md @sselhorn
-/doc/development/documentation/graphql_styleguide.md @sselhorn
+/doc/development/documentation/ @sselhorn
 /doc/development/documentation/index.md @dianalogan
 /doc/development/documentation/redirects.md @dianalogan
 /doc/development/documentation/review_apps.md @dianalogan
-/doc/development/documentation/structure.md @sselhorn
-/doc/development/documentation/styleguide/ @sselhorn
 /doc/development/documentation/testing.md @dianalogan
 /doc/development/elasticsearch.md @sselhorn
 /doc/development/experiment_guide/gitlab_experiment.md @kpaizee
@@ -537,19 +536,21 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/feature_flags/controls.md @sselhorn
 /doc/development/feature_flags/index.md @sselhorn
 /doc/development/filtering_by_label.md @msedlakjakubowski
-/doc/development/foreign_keys.md @sselhorn
+/doc/development/foreign_keys.md @aqualls
 /doc/development/geo.md @axil
 /doc/development/geo/framework.md @axil
 /doc/development/git_object_deduplication.md @eread
 /doc/development/gitaly.md @eread
+/doc/development/gitlab_flavored_markdown/index.md @aqualls
+/doc/development/gitlab_flavored_markdown/specification_guide/index.md @aqualls
 /doc/development/graphql_guide/ @kpaizee
-/doc/development/graphql_guide/batchloader.md @sselhorn
-/doc/development/hash_indexes.md @sselhorn
+/doc/development/graphql_guide/batchloader.md @aqualls
+/doc/development/hash_indexes.md @aqualls
 /doc/development/i18n/ @eread
 /doc/development/image_scaling.md @sselhorn
 /doc/development/import_export.md @eread
 /doc/development/index.md @sselhorn
-/doc/development/insert_into_tables_in_batches.md @sselhorn
+/doc/development/insert_into_tables_in_batches.md @aqualls
 /doc/development/integrations/ @kpaizee
 /doc/development/integrations/codesandbox.md @sselhorn
 /doc/development/integrations/secure_partner_integration.md @rdickenson
@@ -558,7 +559,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/internal_users.md @sselhorn
 /doc/development/issuable-like-models.md @msedlakjakubowski
 /doc/development/issue_types.md @msedlakjakubowski
-/doc/development/iterating_tables_in_batches.md @sselhorn
+/doc/development/iterating_tables_in_batches.md @aqualls
 /doc/development/kubernetes.md @sselhorn
 /doc/development/lfs.md @aqualls
 /doc/development/licensed_feature_availability.md @sselhorn
@@ -567,30 +568,30 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/new_fe_guide/modules/widget_extensions.md @aqualls
 /doc/development/new_fe_guide/tips.md @sselhorn
 /doc/development/omnibus.md @axil
-/doc/development/ordering_table_columns.md @sselhorn
+/doc/development/ordering_table_columns.md @aqualls
 /doc/development/packages.md @claytoncornell
 /doc/development/permissions.md @eread
 /doc/development/policies.md @eread
 /doc/development/product_qualified_lead_guide/index.md @kpaizee
 /doc/development/project_templates.md @fneill
 /doc/development/prometheus_metrics.md @msedlakjakubowski
-/doc/development/query_performance.md @sselhorn
-/doc/development/query_recorder.md @sselhorn
+/doc/development/query_performance.md @aqualls
+/doc/development/query_recorder.md @aqualls
 /doc/development/real_time.md @msedlakjakubowski
 /doc/development/secure_coding_guidelines.md @sselhorn
-/doc/development/serializing_data.md @sselhorn
+/doc/development/serializing_data.md @aqualls
 /doc/development/service_ping/ @claytoncornell
-/doc/development/single_table_inheritance.md @sselhorn
+/doc/development/single_table_inheritance.md @aqualls
 /doc/development/snowplow/ @claytoncornell
 /doc/development/spam_protection_and_captcha/ @eread
-/doc/development/sql.md @sselhorn
-/doc/development/swapping_tables.md @sselhorn
+/doc/development/sql.md @aqualls
+/doc/development/swapping_tables.md @aqualls
 /doc/development/testing_guide/best_practices.md @sselhorn
 /doc/development/testing_guide/end_to_end/best_practices.md @sselhorn
-/doc/development/understanding_explain_plans.md @sselhorn
+/doc/development/understanding_explain_plans.md @aqualls
 /doc/development/value_stream_analytics.md @fneill
 /doc/development/value_stream_analytics/value_stream_analytics_aggregated_backend.md @fneill
-/doc/development/verifying_database_capabilities.md @sselhorn
+/doc/development/verifying_database_capabilities.md @aqualls
 /doc/development/wikis.md @aqualls
 /doc/development/work_items_widgets.md @msedlakjakubowski
 /doc/development/work_items.md @msedlakjakubowski
@@ -612,7 +613,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/operations/ @msedlakjakubowski
 /doc/operations/feature_flags.md @rdickenson
 /doc/operations/product_analytics.md @claytoncornell
-/doc/policy/ @axil
+/doc/policy/alpha-beta-support.md @axil
+/doc/policy/maintenance.md @axil
 /doc/raketasks/ @axil
 /doc/raketasks/generate_sample_prometheus_data.md @msedlakjakubowski
 /doc/raketasks/migrate_snippets.md @aqualls
@@ -624,11 +626,12 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/topics/autodevops/ @sselhorn
 /doc/topics/git/ @aqualls
 /doc/topics/gitlab_flow.md @aqualls
-/doc/topics/offline/ @axil
+/doc/topics/offline/index.md @axil
+/doc/topics/offline/quick_start_guide.md @axil
 /doc/topics/plan_and_track.md @msedlakjakubowski
 /doc/update/ @axil
-/doc/update/mysql_to_postgresql.md @sselhorn
-/doc/update/upgrading_postgresql_using_slony.md @sselhorn
+/doc/update/mysql_to_postgresql.md @aqualls
+/doc/update/upgrading_postgresql_using_slony.md @aqualls
 /doc/user/admin_area/analytics/ @fneill
 /doc/user/admin_area/broadcast_messages.md @kpaizee
 /doc/user/admin_area/credentials_inventory.md @eread
@@ -637,10 +640,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/admin_area/geo_nodes.md @axil
 /doc/user/admin_area/labels.md @msedlakjakubowski
 /doc/user/admin_area/license_file.md @sselhorn
-/doc/user/admin_area/license.md @kpaizee
+/doc/user/admin_area/license.md @sselhorn
 /doc/user/admin_area/merge_requests_approvals.md @aqualls
 /doc/user/admin_area/moderate_users.md @eread
-/doc/user/admin_area/monitoring/background_migrations.md @sselhorn
+/doc/user/admin_area/monitoring/background_migrations.md @aqualls
 /doc/user/admin_area/monitoring/health_check.md @msedlakjakubowski
 /doc/user/admin_area/reporting/spamcheck.md @axil
 /doc/user/admin_area/review_abuse_reports.md @eread
@@ -660,19 +663,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/admin_area/settings/push_event_activities_limit.md @aqualls
 /doc/user/admin_area/settings/rate_limit_on_issues_creation.md @msedlakjakubowski
 /doc/user/admin_area/settings/rate_limit_on_notes_creation.md @msedlakjakubowski
-/doc/user/admin_area/settings/rate_limit_on_users_api.md @eread
 /doc/user/admin_area/settings/third_party_offers.md @fneill
+/doc/user/admin_area/settings/usage_statistics.md @claytoncornell
 /doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls
 /doc/user/analytics/ @fneill
 /doc/user/analytics/ci_cd_analytics.md @rdickenson
 /doc/user/application_security/ @rdickenson
 /doc/user/application_security/cluster_image_scanning/index.md @claytoncornell
 /doc/user/application_security/container_scanning/index.md @claytoncornell
-/doc/user/application_security/coverage_fuzzing/index.md @rdickenson
 /doc/user/application_security/cve_id_request.md @claytoncornell
 /doc/user/application_security/policies/ @claytoncornell
 /doc/user/application_security/security_dashboard/index.md @claytoncornell
-/doc/user/application_security/threat_monitoring/index.md @claytoncornell
 /doc/user/application_security/vulnerabilities/index.md @claytoncornell
 /doc/user/application_security/vulnerabilities/severities.md @claytoncornell
 /doc/user/application_security/vulnerability_report/index.md @claytoncornell
@@ -717,6 +718,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md @msedlakjakubowski
 /doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @sselhorn
 /doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md @msedlakjakubowski
+/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md @sselhorn
 /doc/user/infrastructure/iac/ @sselhorn
 /doc/user/infrastructure/index.md @sselhorn
 /doc/user/markdown.md @aqualls
@@ -759,12 +761,15 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/project/merge_requests/csv_export.md @eread
 /doc/user/project/merge_requests/fail_fast_testing.md @marcel.amirault
 /doc/user/project/merge_requests/load_performance_testing.md @marcel.amirault
-/doc/user/project/merge_requests/reviews/index.md @aqualls
 /doc/user/project/merge_requests/status_checks.md @eread
 /doc/user/project/merge_requests/test_coverage_visualization.md @marcel.amirault
 /doc/user/project/merge_requests/testing_and_reports_in_merge_requests.md @marcel.amirault
-/doc/user/project/milestones/ @msedlakjakubowski
+/doc/user/project/milestones/burndown_and_burnup_charts.md @msedlakjakubowski
+/doc/user/project/milestones/index.md @msedlakjakubowski
 /doc/user/project/pages/ @aqualls
+/doc/user/project/protected_branches.md @aqualls
+/doc/user/project/protected_tags.md @aqualls
+/doc/user/project/push_options.md @aqualls
 /doc/user/project/quick_actions.md @msedlakjakubowski
 /doc/user/project/releases/index.md @rdickenson
 /doc/user/project/releases/release_cli.md @rdickenson
@@ -784,6 +789,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/public_access.md @fneill
 /doc/user/reserved_names.md @fneill
 /doc/user/search/advanced_search.md @sselhorn
+/doc/user/search/global_search/advanced_search_syntax.md @sselhorn
 /doc/user/search/index.md @aqualls
 /doc/user/shortcuts.md @aqualls
 /doc/user/snippets.md @aqualls

app/views/admin/application_settings/ci_cd.html.haml

@@ -8,7 +8,7 @@
   .settings-content
     - if ci_variable_protected_by_default?
       %p.settings-message.text-center
-        - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable') }
+        - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protected-cicd-variables') }
         = s_('Environment variables on this GitLab instance are configured to be %{link_start}protected%{link_end} by default.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
     #js-instance-variables{ data: { endpoint: admin_ci_variables_path, group: 'true', maskable_regex: ci_variable_maskable_regex, protected_by_default: ci_variable_protected_by_default?.to_s} }
 

app/views/ci/variables/_index.html.haml

@@ -2,7 +2,7 @@
 
 - if ci_variable_protected_by_default?
   %p.settings-message.text-center
-    - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable') }
+    - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protected-cicd-variables') }
     = s_('Environment variables are configured by your administrator to be %{link_start}protected%{link_end} by default.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
 
 - is_group = !@group.nil?
@@ -17,7 +17,7 @@
   aws_tip_commands_link: help_page_path('ci/cloud_deployment/index.md', anchor: 'run-aws-commands-from-gitlab-cicd'),
   aws_tip_learn_link: help_page_path('ci/cloud_deployment/index.md', anchor: 'aws'),
   contains_variable_reference_link: help_page_path('ci/variables/index', anchor: 'use-variables-in-other-variables'),
-  protected_environment_variables_link: help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable'),
+  protected_environment_variables_link: help_page_path('ci/variables/index', anchor: 'protected-cicd-variables'),
   masked_environment_variables_link: help_page_path('ci/variables/index', anchor: 'mask-a-cicd-variable'),
   environment_scope_link: help_page_path('ci/environments/index', anchor: 'scope-environments-with-specs') } }
 

doc/ci/cloud_deployment/index.md

@@ -59,7 +59,7 @@ Some credentials are required to be able to run `aws` commands:
    | `AWS_DEFAULT_REGION`           | Your region code       |
 
    NOTE:
-   When you create a variable it's set to be [protected by default](../variables/index.md#protect-a-cicd-variable). If you want to use the `aws` commands on branches or tags that are not protected, make sure to uncheck the **Protect variable** checkbox.
+   When you create a variable it's set to be [protected by default](../variables/index.md#protected-cicd-variables). If you want to use the `aws` commands on branches or tags that are not protected, make sure to uncheck the **Protect variable** checkbox.
 
 1. You can now use `aws` commands in the `.gitlab-ci.yml` file of this project:
 

doc/ci/environments/deployment_safety.md

@@ -111,7 +111,7 @@ for an explanation of these roles and the permissions of each.
 
 Production secrets are needed to deploy successfully. For example, when deploying to the cloud,
 cloud providers require these secrets to connect to their services. In the project settings, you can
-define and protect CI/CD variables for these secrets. [Protected variables](../variables/index.md#protect-a-cicd-variable)
+define and protect CI/CD variables for these secrets. [Protected variables](../variables/index.md#protected-cicd-variables)
 are only passed to pipelines running on [protected branches](../../user/project/protected_branches.md)
 or [protected tags](../../user/project/protected_tags.md).
 The other pipelines don't get the protected variable. You can also

doc/ci/migration/jenkins.md

@@ -305,7 +305,7 @@ my_job:
 
 In GitLab, we use the [`variables` keyword](../yaml/index.md#variables) to define different variables at runtime.
 These can also be set up through the GitLab UI, under CI/CD settings. See also our [general documentation on variables](../variables/index.md),
-including the section on [protected variables](../variables/index.md#protect-a-cicd-variable) which can be used
+including the section on [protected variables](../variables/index.md#protected-cicd-variables) which can be used
 to limit access to certain variables to certain environments or runners:
 
 ```yaml

doc/ci/pipelines/merge_request_pipelines.md

@@ -20,7 +20,7 @@ Branch pipelines:
 - Run when you push a new commit to a branch.
 - Are the default type of pipeline.
 - Have access to [some predefined variables](../variables/predefined_variables.md).
-- Have access to [protected variables](../variables/index.md#protect-a-cicd-variable) and [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
+- Have access to [protected variables](../variables/index.md#protected-cicd-variables) and [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
 
 Merge request pipelines:
 
@@ -33,7 +33,7 @@ Merge request pipelines:
 - Do not run by default. The jobs in the CI/CD configuration file [must be configured](#prerequisites)
   to run in merge request pipelines.
 - Have access to [more predefined variables](#available-predefined-variables).
-- Do not have access to [protected variables](../variables/index.md#protect-a-cicd-variable) or [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
+- Do not have access to [protected variables](../variables/index.md#protected-cicd-variables) or [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
 
 Both of these types of pipelines can appear on the **Pipelines** tab of a merge request.
 

doc/ci/variables/index.md

@@ -367,16 +367,20 @@ a large value to the trace log has the potential to be [revealed](https://gitlab
 When using GitLab Runner 14.2, only the tail of the variable, characters beyond 4KiB in length, have the potential to
 be revealed.
 
-### Protect a CI/CD variable
+### Protected CI/CD variables
 
-You can protect a project, group or instance CI/CD variable so it is only passed
+You can configure a project, group or instance CI/CD variable to be only available
 to pipelines running on [protected branches](../../user/project/protected_branches.md)
 or [protected tags](../../user/project/protected_tags.md).
 
-[Merge request pipelines](../pipelines/merge_request_pipelines.md) do not have access to protected variables.
-An [issue exists](https://gitlab.com/gitlab-org/gitlab/-/issues/28002) regarding this limitation.
+These variables are only exported to CI environments running on protected refs. Therefore,
+[merged results pipelines](../pipelines/merge_request_pipelines.md#types-of-merge-request-pipelines), which run on a
+merge commit at the head of the merge request ref, will not have access to these variables.
 
-To protect a variable:
+Pipelines that run directly on the merge request's source branch, with no added merge commit, can access
+these variables if the source branch is a protected branch.
+
+To mark a variable as protected:
 
 1. Go to **Settings > CI/CD** in the project, group or instance admin area.
 1. Expand the **Variables** section.
@@ -729,7 +733,7 @@ the variable can be available for.
 To learn more about scoping environments, see [Scoping environments with specs](../environments/index.md#scope-environments-with-specs).
 
 To learn more about ensuring CI/CD variables are only exposed in pipelines running from protected
-branches or tags, see [Protect a CI/CD Variable](#protect-a-cicd-variable).
+branches or tags, see [Protect a CI/CD Variable](#protected-cicd-variables).
 
 ## Deployment variables
 

doc/ci/yaml/index.md

@@ -3800,7 +3800,7 @@ deploy_review_job:
 
 - All YAML-defined variables are also set to any linked [Docker service containers](../services/index.md).
 - YAML-defined variables are meant for non-sensitive project configuration. Store sensitive information
-  in [protected variables](../variables/index.md#protect-a-cicd-variable) or [CI/CD secrets](../secrets/index.md).
+  in [protected variables](../variables/index.md#protected-cicd-variables) or [CI/CD secrets](../secrets/index.md).
 - [Manual pipeline variables](../variables/index.md#override-a-defined-cicd-variable)
   and [scheduled pipeline variables](../pipelines/schedules.md#add-a-pipeline-schedule)
   are not passed to downstream pipelines by default. Use [trigger:forward](#triggerforward)

doc/development/dangerbot.md

@@ -201,5 +201,5 @@ Contributors can configure Danger for their forks with the following steps:
 to your fork that has the `api` scope set.
 1. Making the variable [masked](../ci/variables/index.md#mask-a-cicd-variable) makes sure it
 doesn't show up in the job logs. The variable cannot be
-[protected](../ci/variables/index.md#protect-a-cicd-variable), as it needs
+[protected](../ci/variables/index.md#protected-cicd-variables), as it needs
 to be present for all feature branches.

doc/development/secure_coding_guidelines.md

@@ -1271,7 +1271,7 @@ This sensitive data must be handled carefully to avoid leaks which could lead to
 - Never commit credentials to repositories.
   - The [Gitleaks Git hook](https://gitlab.com/gitlab-com/gl-security/security-research/gitleaks-endpoint-installer) is recommended for preventing credentials from being committed.
 - Never log credentials under any circumstance. Issue [#353857](https://gitlab.com/gitlab-org/gitlab/-/issues/353857) is an example of credential leaks through log file.
-- When credentials are required in a CI/CD job, use [masked variables](../ci/variables/index.md#mask-a-cicd-variable) to help prevent accidental exposure in the job logs. Be aware that when [debug logging](../ci/variables/index.md#debug-logging) is enabled, all masked CI/CD variables are visible in job logs. Also consider using [protected variables](../ci/variables/index.md#protect-a-cicd-variable) when possible so that sensitive CI/CD variables are only available to pipelines running on protected branches or protected tags.
+- When credentials are required in a CI/CD job, use [masked variables](../ci/variables/index.md#mask-a-cicd-variable) to help prevent accidental exposure in the job logs. Be aware that when [debug logging](../ci/variables/index.md#debug-logging) is enabled, all masked CI/CD variables are visible in job logs. Also consider using [protected variables](../ci/variables/index.md#protected-cicd-variables) when possible so that sensitive CI/CD variables are only available to pipelines running on protected branches or protected tags.
 - Proper scanners must be enabled depending on what data those credentials are protecting. See the [Application Security Inventory Policy](https://about.gitlab.com/handbook/engineering/security/security-engineering-and-research/application-security/inventory.html#policies) and our [Data Classification Standards](https://about.gitlab.com/handbook/engineering/security/data-classification-standard.html#data-classification-standards).
 - To store and/or share credentials between teams, refer to [1Password for Teams](https://about.gitlab.com/handbook/security/#1password-for-teams) and follow [the 1Password Guidelines](https://about.gitlab.com/handbook/security/#1password-guidelines).
 - If you need to share a secret with a team member, use 1Password. Do not share a secret over email, Slack, or other service on the Internet.

doc/user/admin_area/settings/continuous_integration.md

@@ -170,7 +170,7 @@ For the value set for GitLab.com, see [Scheduled job archiving](../../gitlab_com
 ## Protect CI/CD variables by default
 
 To set all new [CI/CD variables](../../../ci/variables/index.md) as
-[protected](../../../ci/variables/index.md#protect-a-cicd-variable) by default:
+[protected](../../../ci/variables/index.md#protected-cicd-variables) by default:
 
 1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > CI/CD**.

doc/user/compliance/license_compliance/index.md

@@ -506,7 +506,7 @@ example:
 }
 ```
 
-If credentials are required to authenticate then you can configure a [protected CI/CD variable](../../../ci/variables/index.md#protect-a-cicd-variable)
+If credentials are required to authenticate then you can configure a [protected CI/CD variable](../../../ci/variables/index.md#protected-cicd-variables)
 following the naming convention described in the [`CONAN_LOGIN_USERNAME` documentation](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name).
 
 #### Custom root certificates for Conan

doc/user/infrastructure/clusters/manage/management_project_applications/runner.md

@@ -35,7 +35,7 @@ These values can be specified using [CI/CD variables](../../../../../ci/variable
 
 The methods of specifying these values are mutually exclusive. Either specify variables `GITLAB_RUNNER_REGISTRATION_TOKEN` and `CI_SERVER_URL` as CI variables (recommended) or provide values for `runnerRegistrationToken:` and `gitlabUrl:` in `applications/gitlab-runner/values.yaml.gotmpl`.
 
-The runner registration token allows connection to a project by a runner and therefore should be treated as a secret to prevent malicious use and code exfiltration through a runner. For this reason, we recommend that you specify the runner registration token as a [protected variable](../../../../../ci/variables/index.md#protect-a-cicd-variable) and [masked variable](../../../../../ci/variables/index.md#mask-a-cicd-variable) and do not commit them to the Git repository in the `values.yaml.gotmpl` file.
+The runner registration token allows connection to a project by a runner and therefore should be treated as a secret to prevent malicious use and code exfiltration through a runner. For this reason, we recommend that you specify the runner registration token as a [protected variable](../../../../../ci/variables/index.md#protected-cicd-variables) and [masked variable](../../../../../ci/variables/index.md#mask-a-cicd-variable) and do not commit them to the Git repository in the `values.yaml.gotmpl` file.
 
 You can customize the installation of GitLab Runner by defining
 `applications/gitlab-runner/values.yaml.gotmpl` file in your cluster

lib/tasks/gitlab/tw/codeowners.rake

@@ -17,16 +17,16 @@ namespace :tw do
       CodeOwnerRule.new('Code Review', '@aqualls'),
       CodeOwnerRule.new('Compliance', '@eread'),
       CodeOwnerRule.new('Composition Analysis', '@rdickenson'),
-      CodeOwnerRule.new('Configure', '@marcia'),
+      CodeOwnerRule.new('Configure', '@sselhorn'),
       CodeOwnerRule.new('Container Security', '@claytoncornell'),
       CodeOwnerRule.new('Contributor Experience', '@eread'),
       CodeOwnerRule.new('Conversion', '@kpaizee'),
-      CodeOwnerRule.new('Database', '@marcia'),
-      CodeOwnerRule.new('Development', '@marcia'),
+      CodeOwnerRule.new('Database', '@aqualls'),
+      CodeOwnerRule.new('Development', '@sselhorn'),
       CodeOwnerRule.new('Distribution', '@axil'),
       CodeOwnerRule.new('Distribution (Charts)', '@axil'),
       CodeOwnerRule.new('Distribution (Omnibus)', '@axil'),
-      CodeOwnerRule.new('Documentation Guidelines', '@cnorris'),
+      CodeOwnerRule.new('Documentation Guidelines', '@sselhorn'),
       CodeOwnerRule.new('Dynamic Analysis', '@rdickenson'),
       CodeOwnerRule.new('Ecosystem', '@kpaizee'),
       CodeOwnerRule.new('Editor', '@aqualls'),
@@ -35,13 +35,13 @@ namespace :tw do
       CodeOwnerRule.new('Fuzz Testing', '@rdickenson'),
       CodeOwnerRule.new('Geo', '@axil'),
       CodeOwnerRule.new('Gitaly', '@eread'),
-      CodeOwnerRule.new('Global Search', '@marcia'),
+      CodeOwnerRule.new('Global Search', '@sselhorn'),
       CodeOwnerRule.new('Import', '@eread'),
-      CodeOwnerRule.new('Infrastructure', '@marcia'),
+      CodeOwnerRule.new('Infrastructure', '@sselhorn'),
       CodeOwnerRule.new('Integrations', '@kpaizee'),
       CodeOwnerRule.new('Knowledge', '@aqualls'),
       CodeOwnerRule.new('License', '@sselhorn'),
-      CodeOwnerRule.new('Memory', '@marcia'),
+      CodeOwnerRule.new('Memory', '@sselhorn'),
       CodeOwnerRule.new('Monitor', '@msedlakjakubowski'),
       CodeOwnerRule.new('Observability', 'msedlakjakubowski'),
       CodeOwnerRule.new('Optimize', '@fneill'),
@@ -59,7 +59,7 @@ namespace :tw do
       CodeOwnerRule.new('Release', '@rdickenson'),
       CodeOwnerRule.new('Respond', '@msedlakjakubowski'),
       CodeOwnerRule.new('Runner', '@sselhorn'),
-      CodeOwnerRule.new('Sharding', '@marcia'),
+      CodeOwnerRule.new('Sharding', '@sselhorn'),
       CodeOwnerRule.new('Source Code', '@aqualls'),
       CodeOwnerRule.new('Static Analysis', '@rdickenson'),
       CodeOwnerRule.new('Static Site Editor', '@aqualls'),