From e75d471ba69b01c3ca5a7d1fad6432fa33e4be8a Mon Sep 17 00:00:00 2001 From: phillipwells Date: Thu, 28 Aug 2025 10:22:57 -0500 Subject: [PATCH 1/6] Update security configuration page --- lib/gitlab/security/features.rb | 22 +++++++++---------- .../security/scan_configuration_spec.rb | 16 +++++++------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/lib/gitlab/security/features.rb b/lib/gitlab/security/features.rb index a5a20c4ddf5009..e2e37b15dcf248 100644 --- a/lib/gitlab/security/features.rb +++ b/lib/gitlab/security/features.rb @@ -8,7 +8,7 @@ class Features def self.data { sast: { - name: _('Static Application Security Testing (SAST)'), + name: _('Static application security testing (SAST)'), short_name: _('SAST'), description: _('Analyze your source code for vulnerabilities.'), help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/sast/_index.md'), @@ -17,9 +17,9 @@ def self.data type: 'sast' }, sast_advanced: { - name: _('GitLab Advanced SAST'), + name: _('GitLab advanced SAST'), short_name: _('Advanced SAST'), - description: _('Analyze your source code for vulnerabilities with the GitLab Advanced SAST analyzer.'), + description: _('Analyze your source code for vulnerabilities with the GitLab advanced SAST analyzer.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/sast/gitlab_advanced_sast.md'), configuration_help_path: Gitlab::Routing.url_helpers.help_page_path( @@ -28,7 +28,7 @@ def self.data type: 'sast_advanced' }, sast_iac: { - name: _('Infrastructure as Code (IaC) Scanning'), + name: _('Infrastructure as Code (IaC) scanning'), short_name: s_('ciReport|SAST IaC'), description: _('Analyze your infrastructure as code configuration files for known vulnerabilities.'), help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/iac_scanning/_index.md'), @@ -50,7 +50,7 @@ def self.data description: s_('SecurityConfiguration|Manage profiles for use by DAST scans.'), configuration_text: s_('SecurityConfiguration|Manage profiles') }, - name: _('Dynamic Application Security Testing (DAST)'), + name: _('Dynamic application security testing (DAST)'), short_name: s_('ciReport|DAST'), description: s_('ciReport|Analyze a deployed version of your web application for known ' \ 'vulnerabilities by examining it from the outside in. DAST works ' \ @@ -62,7 +62,7 @@ def self.data anchor: 'dast' }, dependency_scanning: { - name: _('Dependency Scanning'), + name: _('Dependency scanning'), description: _('Analyze your dependencies for known vulnerabilities.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/dependency_scanning/_index.md'), @@ -72,7 +72,7 @@ def self.data anchor: 'dependency-scanning' }, container_scanning: { - name: _('Container Scanning'), + name: _('Container scanning'), description: _('Check your Docker images for known vulnerabilities.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/container_scanning/_index.md'), @@ -81,7 +81,7 @@ def self.data type: 'container_scanning' }, container_scanning_for_registry: { - name: _('Container Scanning For Registry'), + name: _('Container scanning For registry'), description: _('Run container scanning job whenever a container image with the latest tag is pushed.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/container_scanning/_index.md', anchor: 'container-scanning-for-registry'), @@ -105,7 +105,7 @@ def self.data type: 'secret_push_protection' }, secret_detection: { - name: _('Pipeline Secret Detection'), + name: _('Pipeline secret detection'), description: _('Analyze your source code and Git history for secrets by using CI/CD pipelines.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/secret_detection/pipeline/_index.md'), @@ -114,14 +114,14 @@ def self.data type: 'secret_detection' }, api_fuzzing: { - name: _('API Fuzzing'), + name: _('API fuzzing'), description: _('Find bugs in your code with API fuzzing.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/api_fuzzing/_index.md'), type: 'api_fuzzing' }, coverage_fuzzing: { - name: _('Coverage Fuzzing'), + name: _('Coverage fuzzing'), description: _('Find bugs in your code with coverage-guided fuzzing.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/coverage_fuzzing/_index.md'), diff --git a/spec/lib/gitlab/security/scan_configuration_spec.rb b/spec/lib/gitlab/security/scan_configuration_spec.rb index bc56f1914fd466..639cf0b7d2a19f 100644 --- a/spec/lib/gitlab/security/scan_configuration_spec.rb +++ b/spec/lib/gitlab/security/scan_configuration_spec.rb @@ -93,13 +93,13 @@ using RSpec::Parameterized::TableSyntax where(:scan_type, :features_hash) do - :sast | { name: "Static Application Security Testing (SAST)", + :sast | { name: "Static application security testing (SAST)", short_name: "SAST", description: "Analyze your source code for vulnerabilities.", help_path: "/help/user/application_security/sast/_index.md", configuration_help_path: "/help/user/application_security/sast/_index.md#configuration", type: "sast" } - :sast_iac | { name: "Infrastructure as Code (IaC) Scanning", + :sast_iac | { name: "Infrastructure as Code (IaC) scanning", short_name: "SAST IaC", description: "Analyze your infrastructure as code configuration files for known vulnerabilities.", help_path: "/help/user/application_security/iac_scanning/_index.md", @@ -116,7 +116,7 @@ description: "Manage profiles for use by DAST scans.", configuration_text: "Manage profiles" }, - name: "Dynamic Application Security Testing (DAST)", + name: "Dynamic application security testing (DAST)", short_name: "DAST", description: "Analyze a deployed version of your web application for known " \ "vulnerabilities by examining it from the outside in. DAST works by simulating " \ @@ -126,13 +126,13 @@ type: "dast", anchor: "dast" } - :dependency_scanning | { name: "Dependency Scanning", + :dependency_scanning | { name: "Dependency scanning", description: "Analyze your dependencies for known vulnerabilities.", help_path: "/help/user/application_security/dependency_scanning/_index.md", configuration_help_path: "/help/user/application_security/dependency_scanning/_index.md#configuration", type: "dependency_scanning", anchor: "dependency-scanning" } - :container_scanning | { name: "Container Scanning", + :container_scanning | { name: "Container scanning", description: "Check your Docker images for known vulnerabilities.", help_path: "/help/user/application_security/container_scanning/_index.md", configuration_help_path: "/help/user/application_security/container_scanning/_index.md#configuration", @@ -144,16 +144,16 @@ help_path: Gitlab::Routing.url_helpers.help_page_path( "user/application_security/secret_detection/secret_push_protection/_index.md"), type: "secret_push_protection" } - :secret_detection | { name: "Pipeline Secret Detection", + :secret_detection | { name: "Pipeline secret detection", description: "Analyze your source code and Git history for secrets by using CI/CD pipelines.", help_path: "/help/user/application_security/secret_detection/pipeline/_index.md", configuration_help_path: "/help/user/application_security/secret_detection/pipeline/_index.md#configuration", type: "secret_detection" } - :api_fuzzing | { name: "API Fuzzing", + :api_fuzzing | { name: "API fuzzing", description: "Find bugs in your code with API fuzzing.", help_path: "/help/user/application_security/api_fuzzing/_index.md", type: "api_fuzzing" } - :coverage_fuzzing | { name: "Coverage Fuzzing", + :coverage_fuzzing | { name: "Coverage fuzzing", description: "Find bugs in your code with coverage-guided fuzzing.", help_path: "/help/user/application_security/coverage_fuzzing/_index.md", configuration_help_path: \ -- GitLab From 2e4e8b9aaa4d6381e26d10467ee1223fa563a121 Mon Sep 17 00:00:00 2001 From: phillipwells Date: Thu, 28 Aug 2025 10:46:02 -0500 Subject: [PATCH 2/6] Update corpus management --- lib/gitlab/security/features.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gitlab/security/features.rb b/lib/gitlab/security/features.rb index e2e37b15dcf248..bdf51b919aa5ff 100644 --- a/lib/gitlab/security/features.rb +++ b/lib/gitlab/security/features.rb @@ -130,7 +130,7 @@ def self.data type: 'coverage_fuzzing', secondary: { type: 'corpus_management', - name: _('Corpus Management'), + name: _('Corpus management'), description: s_('SecurityConfiguration|Manage corpus files used as seed ' \ 'inputs with coverage-guided fuzzing.'), configuration_text: s_('SecurityConfiguration|Manage corpus') -- GitLab From 9a9f9967a22a9ee81695598cd46faf065c5aa380 Mon Sep 17 00:00:00 2001 From: phillipwells Date: Thu, 28 Aug 2025 10:47:16 -0500 Subject: [PATCH 3/6] Update translation file --- locale/gitlab.pot | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 3a19ec49655980..11dba8b986a3e2 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -2896,6 +2896,9 @@ msgstr "" msgid "API authentication token from Campfire. To get the token, sign in to Campfire and select **My info**." msgstr "" +msgid "API fuzzing" +msgstr "" + msgid "API key" msgstr "" @@ -8040,7 +8043,7 @@ msgstr "" msgid "Analyze your source code and Git history for secrets by using CI/CD pipelines." msgstr "" -msgid "Analyze your source code for vulnerabilities with the GitLab Advanced SAST analyzer." +msgid "Analyze your source code for vulnerabilities with the GitLab advanced SAST analyzer." msgstr "" msgid "Analyze your source code for vulnerabilities." @@ -18074,6 +18077,9 @@ msgstr "" msgid "Container scanning" msgstr "" +msgid "Container scanning For registry" +msgstr "" + msgid "ContainerRegistry| Please visit the %{linkStart}administration settings%{linkEnd} to enable this feature." msgstr "" @@ -19211,6 +19217,9 @@ msgstr "" msgid "Corpus Management|Are you sure you want to delete the corpus?" msgstr "" +msgid "Corpus management" +msgstr "" + msgid "CorpusManagement|A corpus is used by fuzz testing to improve coverage. Corpus files can be manually created or auto-generated. %{linkStart}Learn more%{linkEnd}" msgstr "" @@ -19451,6 +19460,9 @@ msgstr "" msgid "Coverage Fuzzing" msgstr "" +msgid "Coverage fuzzing" +msgstr "" + msgid "Create" msgstr "" @@ -25079,6 +25091,9 @@ msgstr "" msgid "Dynamic Application Security Testing (DAST)" msgstr "" +msgid "Dynamic application security testing (DAST)" +msgstr "" + msgid "E-mail:" msgstr "" @@ -29726,9 +29741,6 @@ msgstr "" msgid "GitLab Account Request" msgstr "" -msgid "GitLab Advanced SAST" -msgstr "" - msgid "GitLab Billing Team." msgstr "" @@ -29810,6 +29822,9 @@ msgstr "" msgid "GitLab account request rejected" msgstr "" +msgid "GitLab advanced SAST" +msgstr "" + msgid "GitLab commit" msgstr "" @@ -34376,6 +34391,9 @@ msgstr "" msgid "Infrastructure as Code (IaC) Scanning" msgstr "" +msgid "Infrastructure as Code (IaC) scanning" +msgstr "" + msgid "InfrastructureRegistry|Copy Terraform Command" msgstr "" @@ -46905,9 +46923,6 @@ msgstr "" msgid "Pipeline Schedules" msgstr "" -msgid "Pipeline Secret Detection" -msgstr "" - msgid "Pipeline URL" msgstr "" @@ -46935,6 +46950,9 @@ msgstr "" msgid "Pipeline schedules" msgstr "" +msgid "Pipeline secret detection" +msgstr "" + msgid "Pipeline security" msgstr "" @@ -62540,6 +62558,9 @@ msgstr "" msgid "Static Application Security Testing (SAST)" msgstr "" +msgid "Static application security testing (SAST)" +msgstr "" + msgid "Statistics" msgstr "" -- GitLab From 44ad1295e020cba0484f05228a68d198c875b3b3 Mon Sep 17 00:00:00 2001 From: phillipwells Date: Thu, 28 Aug 2025 10:54:20 -0500 Subject: [PATCH 4/6] Fix one more instance --- lib/gitlab/security/features.rb | 2 +- locale/gitlab.pot | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/gitlab/security/features.rb b/lib/gitlab/security/features.rb index bdf51b919aa5ff..b21779bbee70e5 100644 --- a/lib/gitlab/security/features.rb +++ b/lib/gitlab/security/features.rb @@ -81,7 +81,7 @@ def self.data type: 'container_scanning' }, container_scanning_for_registry: { - name: _('Container scanning For registry'), + name: _('Container scanning for registry'), description: _('Run container scanning job whenever a container image with the latest tag is pushed.'), help_path: Gitlab::Routing.url_helpers.help_page_path( 'user/application_security/container_scanning/_index.md', anchor: 'container-scanning-for-registry'), diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 11dba8b986a3e2..564b99ead4a9b5 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -18077,7 +18077,7 @@ msgstr "" msgid "Container scanning" msgstr "" -msgid "Container scanning For registry" +msgid "Container scanning for registry" msgstr "" msgid "ContainerRegistry| Please visit the %{linkStart}administration settings%{linkEnd} to enable this feature." -- GitLab From f9264d272fc4696536ed4edb86c05247308e87be Mon Sep 17 00:00:00 2001 From: phillipwells Date: Thu, 28 Aug 2025 11:19:28 -0500 Subject: [PATCH 5/6] Update failed spec --- spec/lib/gitlab/security/scan_configuration_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/lib/gitlab/security/scan_configuration_spec.rb b/spec/lib/gitlab/security/scan_configuration_spec.rb index 639cf0b7d2a19f..29bf76ebe61e66 100644 --- a/spec/lib/gitlab/security/scan_configuration_spec.rb +++ b/spec/lib/gitlab/security/scan_configuration_spec.rb @@ -160,7 +160,7 @@ "/help/user/application_security/coverage_fuzzing/_index.md#enable-coverage-guided-fuzz-testing", type: "coverage_fuzzing", secondary: { type: "corpus_management", - name: "Corpus Management", + name: "Corpus management", description: "Manage corpus files used as " \ "seed inputs with coverage-guided fuzzing.", configuration_text: "Manage corpus" } } -- GitLab From b27cfedcadd00f66847b8a9046762286f813c76e Mon Sep 17 00:00:00 2001 From: phillipwells Date: Thu, 4 Sep 2025 12:19:11 -0500 Subject: [PATCH 6/6] Update constants file --- .../security_configuration/constants.js | 24 ++++++------- locale/gitlab.pot | 35 ++++--------------- 2 files changed, 19 insertions(+), 40 deletions(-) diff --git a/app/assets/javascripts/security_configuration/constants.js b/app/assets/javascripts/security_configuration/constants.js index 23666abad34bb7..816d39f5c98f6f 100644 --- a/app/assets/javascripts/security_configuration/constants.js +++ b/app/assets/javascripts/security_configuration/constants.js @@ -18,35 +18,35 @@ import configureSecretDetectionMutation from './graphql/configure_secret_detecti * Translations for Security Configuration Page * Make sure to add new scanner translations to the SCANNER_NAMES_MAP below. */ -export const SAST_NAME = __('Static Application Security Testing (SAST)'); +export const SAST_NAME = __('Static application security testing (SAST)'); export const SAST_SHORT_NAME = s__('ciReport|SAST'); -export const ADVANCED_SAST_NAME = s__('ciReport|Advanced SAST Scanning'); +export const ADVANCED_SAST_NAME = s__('ciReport|Advanced SAST scanning'); -export const SAST_IAC_NAME = __('Infrastructure as Code (IaC) Scanning'); +export const SAST_IAC_NAME = __('Infrastructure as Code (IaC) scanning'); export const SAST_IAC_SHORT_NAME = s__('ciReport|SAST IaC'); -export const DAST_NAME = __('Dynamic Application Security Testing (DAST)'); +export const DAST_NAME = __('Dynamic application security testing (DAST)'); export const DAST_SHORT_NAME = s__('ciReport|DAST'); export const DAST_PROFILES_NAME = __('DAST profiles'); export const DAST_HELP_PATH = helpPagePath('user/application_security/dast/_index'); -export const SECRET_DETECTION_NAME = __('Secret Detection'); +export const SECRET_DETECTION_NAME = __('Secret detection'); -export const DEPENDENCY_SCANNING_NAME = __('Dependency Scanning'); +export const DEPENDENCY_SCANNING_NAME = __('Dependency scanning'); -export const CONTAINER_SCANNING_NAME = __('Container Scanning'); +export const CONTAINER_SCANNING_NAME = __('Container scanning'); -export const CONTAINER_SCANNING_FOR_REGISTRY_NAME = __('Container Scanning For Registry'); +export const CONTAINER_SCANNING_FOR_REGISTRY_NAME = __('Container scanning For registry'); -export const COVERAGE_FUZZING_NAME = __('Coverage Fuzzing'); +export const COVERAGE_FUZZING_NAME = __('Coverage fuzzing'); -export const CORPUS_MANAGEMENT_NAME = __('Corpus Management'); +export const CORPUS_MANAGEMENT_NAME = __('Corpus management'); -export const API_FUZZING_NAME = __('API Fuzzing'); +export const API_FUZZING_NAME = __('API fuzzing'); -export const CLUSTER_IMAGE_SCANNING_NAME = s__('ciReport|Cluster Image Scanning'); +export const CLUSTER_IMAGE_SCANNING_NAME = s__('ciReport|Cluster image scanning'); export const SECRET_PUSH_PROTECTION = 'secret_push_protection'; diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 564b99ead4a9b5..e7a13a0100572b 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -2884,9 +2884,6 @@ msgstr "" msgid "API" msgstr "" -msgid "API Fuzzing" -msgstr "" - msgid "API Help" msgstr "" @@ -18050,12 +18047,6 @@ msgstr "" msgid "Container Repository" msgstr "" -msgid "Container Scanning" -msgstr "" - -msgid "Container Scanning For Registry" -msgstr "" - msgid "Container expiration policy" msgstr "" @@ -18077,6 +18068,9 @@ msgstr "" msgid "Container scanning" msgstr "" +msgid "Container scanning For registry" +msgstr "" + msgid "Container scanning for registry" msgstr "" @@ -19211,9 +19205,6 @@ msgstr "" msgid "Copy value" msgstr "" -msgid "Corpus Management" -msgstr "" - msgid "Corpus Management|Are you sure you want to delete the corpus?" msgstr "" @@ -19457,9 +19448,6 @@ msgstr "" msgid "Coverage" msgstr "" -msgid "Coverage Fuzzing" -msgstr "" - msgid "Coverage fuzzing" msgstr "" @@ -22391,9 +22379,6 @@ msgstr "" msgid "Dependency Proxy" msgstr "" -msgid "Dependency Scanning" -msgstr "" - msgid "Dependency list" msgstr "" @@ -25088,9 +25073,6 @@ msgstr[1] "" msgid "During this process, you’ll be asked for URLs from GitLab’s side. Use the URLs shown below." msgstr "" -msgid "Dynamic Application Security Testing (DAST)" -msgstr "" - msgid "Dynamic application security testing (DAST)" msgstr "" @@ -34388,9 +34370,6 @@ msgstr "" msgid "Infrastructure Monitoring" msgstr "" -msgid "Infrastructure as Code (IaC) Scanning" -msgstr "" - msgid "Infrastructure as Code (IaC) scanning" msgstr "" @@ -62555,9 +62534,6 @@ msgstr "" msgid "State your message to activate" msgstr "" -msgid "Static Application Security Testing (SAST)" -msgstr "" - msgid "Static application security testing (SAST)" msgstr "" @@ -75931,7 +75907,7 @@ msgstr "" msgid "ciReport|API fuzzing" msgstr "" -msgid "ciReport|Advanced SAST Scanning" +msgid "ciReport|Advanced SAST scanning" msgstr "" msgid "ciReport|All tools" @@ -75960,6 +75936,9 @@ msgstr "" msgid "ciReport|Cluster Image Scanning" msgstr "" +msgid "ciReport|Cluster image scanning" +msgstr "" + msgid "ciReport|Code Quality" msgstr "" -- GitLab