From 697d1c4e06d1c232ca8b21805cc889a0991702ab Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 6 Apr 2020 00:09:29 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 doc/ci/junit_test_reports.md                   | 18 +++++++++---------
 doc/user/application_security/dast/index.md    | 17 +++++++++++++++++
 .../kubernetes/kubernetes_integration_spec.rb  |  4 ++--
 3 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/doc/ci/junit_test_reports.md b/doc/ci/junit_test_reports.md
index 313ade0887e..a97d4b865c8 100644
--- a/doc/ci/junit_test_reports.md
+++ b/doc/ci/junit_test_reports.md
@@ -87,8 +87,8 @@ Use the following job in `.gitlab-ci.yml`. This includes the `artifacts:paths` k
 ruby:
   stage: test
   script:
-  - bundle install
-  - rspec spec/lib/ --format RspecJunitFormatter --out rspec.xml
+    - bundle install
+    - rspec spec/lib/ --format RspecJunitFormatter --out rspec.xml
   artifacts:
     paths:
       - rspec.xml
@@ -105,8 +105,8 @@ Use the following job in `.gitlab-ci.yml`:
 golang:
   stage: test
   script:
-  - go get -u github.com/jstemmer/go-junit-report
-  - go test -v 2>&1 | go-junit-report > report.xml
+    - go get -u github.com/jstemmer/go-junit-report
+    - go test -v 2>&1 | go-junit-report > report.xml
   artifacts:
     reports:
       junit: report.xml
@@ -127,7 +127,7 @@ matching by defining the following path: `build/test-results/test/**/TEST-*.xml`
 java:
   stage: test
   script:
-  - gradle test
+    - gradle test
   artifacts:
     reports:
       junit: build/test-results/test/**/TEST-*.xml
@@ -143,7 +143,7 @@ reports, use the following job in `.gitlab-ci.yml`:
 java:
   stage: test
   script:
-  - mvn verify
+    - mvn verify
   artifacts:
     reports:
       junit:
@@ -160,7 +160,7 @@ for JUnit:
 pytest:
   stage: test
   script:
-  - pytest --junitxml=report.xml
+    - pytest --junitxml=report.xml
   artifacts:
     reports:
       junit: report.xml
@@ -181,7 +181,7 @@ will then be aggregated together.
 cpp:
   stage: test
   script:
-  - gtest.exe --gtest_output="xml:report.xml"
+    - gtest.exe --gtest_output="xml:report.xml"
   artifacts:
     reports:
       junit: report.xml
@@ -210,7 +210,7 @@ Test:
       - ./**/*test-result.xml
     reports:
       junit:
-       - ./**/*test-result.xml
+        - ./**/*test-result.xml
 ```
 
 ## Limitations
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 8d8c735338a..c595eee0f0a 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -108,6 +108,23 @@ By default, the DAST template will use the latest major version of the DAST Dock
 you can choose to automatically update DAST with new features and fixes by pinning to a major version (e.g. 1), only update fixes by pinning to a minor version (e.g. 1.6) or prevent all updates by pinning to a specific version (e.g. 1.6.4).
 Find the latest DAST versions on the [Releases](https://gitlab.com/gitlab-org/security-products/dast/-/releases) page.
 
+### When DAST scans run
+
+When using `DAST.gitlab-ci.yml` template, the `dast` job is run last as shown in the example below. To ensure DAST is scanning the latest code, your CI pipeline should deploy changes to the web server in one of the jobs preceeding the `dast` job.
+
+```yaml
+stages:
+  - build
+  - test
+  - deploy
+  - dast
+```
+
+Be aware that if your pipeline is configured to deploy to the same webserver in each run, running a pipeline while another is still running, could cause a race condition
+where one pipeline overwrites the code from another pipeline. The site to be scanned should be excluded from changes for the duration of a DAST scan.
+The only changes to the site should be from the DAST scanner. Be aware that any changes that users, scheduled tasks, database or code changes, other pipelines, or other scanners make to
+the site during a scan could lead to inaccurate results.
+
 ### Authenticated scan
 
 It's also possible to authenticate the user before performing the DAST checks:
diff --git a/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb b/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb
index 3bf555bfa16..9a52109c8cb 100644
--- a/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb
+++ b/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb
@@ -2,7 +2,7 @@
 
 module QA
   context 'Configure' do
-    describe 'Kubernetes Cluster Integration', :orchestrated, :kubernetes, :requires_admin do
+    describe 'Kubernetes Cluster Integration', :orchestrated, :kubernetes, :requires_admin, quarantine: { type: :new } do
       context 'Project Clusters' do
         let(:cluster) { Service::KubernetesCluster.new(provider_class: Service::ClusterProvider::K3s).create! }
         let(:project) do
@@ -20,7 +20,7 @@ module QA
           cluster.remove!
         end
 
-        it 'can create and associate a project cluster', :smoke, quarantine: { type: :new } do
+        it 'can create and associate a project cluster', :smoke do
           Resource::KubernetesCluster.fabricate_via_browser_ui! do |k8s_cluster|
             k8s_cluster.project = project
             k8s_cluster.cluster = cluster
-- 
GitLab