Merge branch 'docs-fix-yaml-secure-docs' into 'master'

Update yaml codeblocks with yamllint in secure docs See merge request gitlab-org/gitlab!41862

Merge branch 'docs-fix-yaml-secure-docs' into 'master'
Update yaml codeblocks with yamllint in secure docs See merge request gitlab-org/gitlab!41862
9274346c · Nick Gaskill · 2edfdb80 · bef4319b · 9274346c · 9274346c
Commit 9274346c authored Sep 09, 2020 by Nick Gaskill
4 changed files
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -606,36 +606,36 @@ Example profile definition:

 ```yaml
 Profiles:
- Name: Quick-10
-  DefaultProfile: Quick
-  Routes:
-  - Route: *Route0
-    Checks:
-    - Name: FormBodyFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: GeneralFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: JsonFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: XmlFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
+  - Name: Quick-10
+    DefaultProfile: Quick
+    Routes:
+      - Route: *Route0
+        Checks:
+          - Name: FormBodyFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
+          - Name: GeneralFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
+          - Name: JsonFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
+          - Name: XmlFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
 ```

 To turn off the General Fuzzing Check you can remove these lines:

 ```yaml
-    - Name: GeneralFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
+- Name: GeneralFuzzingCheck
+  Configuration:
+    FuzzingCount: 10
+    UnicodeFuzzing: true
 ```

 This results in the following YAML:
@@ -644,20 +644,20 @@ This results in the following YAML:
 - Name: Quick-10
  DefaultProfile: Quick
  Routes:
-  - Route: *Route0
-    Checks:
-    - Name: FormBodyFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: JsonFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: XmlFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
+    - Route: *Route0
+      Checks:
+        - Name: FormBodyFuzzingCheck
+          Configuration:
+            FuzzingCount: 10
+            UnicodeFuzzing: true
+        - Name: JsonFuzzingCheck
+          Configuration:
+            FuzzingCount: 10
+            UnicodeFuzzing: true
+        - Name: XmlFuzzingCheck
+          Configuration:
+            FuzzingCount: 10
+            UnicodeFuzzing: true
 ```

 ### Turn off an Assertion for a Check
@@ -671,14 +671,14 @@ This example shows the FormBody Fuzzing Check:

 ```yaml
 Checks:
- Name: FormBodyFuzzingCheck
-  Configuration:
-    FuzzingCount: 30
-    UnicodeFuzzing: true
-  Assertions:
-  - Name: LogAnalysisAssertion
-  - Name: ResponseAnalysisAssertion
-  - Name: StatusCodeAssertion
+  - Name: FormBodyFuzzingCheck
+    Configuration:
+      FuzzingCount: 30
+      UnicodeFuzzing: true
+    Assertions:
+      - Name: LogAnalysisAssertion
+      - Name: ResponseAnalysisAssertion
+      - Name: StatusCodeAssertion
 ```

 Here you can see three Assertions are on by default. A common source of false positives is
@@ -688,30 +688,30 @@ example provides only the other two Assertions (`LogAnalysisAssertion`,

 ```yaml
 Profiles:
- Name: Quick-10
-  DefaultProfile: Quick
-  Routes:
-  - Route: *Route0
-    Checks:
-    - Name: FormBodyFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-      Assertions:
-      - Name: LogAnalysisAssertion
-      - Name: ResponseAnalysisAssertion
-    - Name: GeneralFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: JsonFuzzingCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
-    - Name: XmlInjectionCheck
-      Configuration:
-        FuzzingCount: 10
-        UnicodeFuzzing: true
+  - Name: Quick-10
+    DefaultProfile: Quick
+    Routes:
+      - Route: *Route0
+        Checks:
+          - Name: FormBodyFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
+            Assertions:
+              - Name: LogAnalysisAssertion
+              - Name: ResponseAnalysisAssertion
+          - Name: GeneralFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
+          - Name: JsonFuzzingCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
+          - Name: XmlInjectionCheck
+            Configuration:
+              FuzzingCount: 10
+              UnicodeFuzzing: true
 ```

 <!--

--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -177,9 +177,9 @@ include:
 variables:
  DAST_WEBSITE: https://example.com
  DAST_AUTH_URL: https://example.com/sign-in
-  DAST_USERNAME_FIELD: session[user] # the name of username field at the sign-in HTML form
-  DAST_PASSWORD_FIELD: session[password] # the name of password field at the sign-in HTML form
-  DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional, URLs to skip during the authenticated scan; comma-separated, no spaces in between
+  DAST_USERNAME_FIELD: session[user]  # the name of username field at the sign-in HTML form
+  DAST_PASSWORD_FIELD: session[password]  # the name of password field at the sign-in HTML form
+  DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2  # optional, URLs to skip during the authenticated scan; comma-separated, no spaces in between
 ```

 The results are saved as a

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -244,8 +244,8 @@ analyzer and compilation will be skipped:
 image: maven:3.6-jdk-8-alpine

 stages:
- - build
- - test
+  - build
+  - test

 include:
  - template: SAST.gitlab-ci.yml
@@ -523,13 +523,13 @@ For details on saving and transporting Docker images as a file, see Docker's doc
 Add the following configuration to your `.gitlab-ci.yml` file. You must replace
 `SECURE_ANALYZERS_PREFIX` to refer to your local Docker container registry:

-  ```yaml
+```yaml
 include:
  - template: SAST.gitlab-ci.yml

 variables:
  SECURE_ANALYZERS_PREFIX: "localhost:5000/analyzers"
-  ```
+```

 The SAST job should now use local copies of the SAST analyzers to scan your code and generate
 security reports without requiring internet access.

--- a/doc/user/application_security/threat_monitoring/index.md
+++ b/doc/user/application_security/threat_monitoring/index.md
@@ -66,7 +66,7 @@ global:
    enabled: true
    metrics:
      enabled:
-      - 'flow:sourceContext=namespace;destinationContext=namespace'
+        - 'flow:sourceContext=namespace;destinationContext=namespace'
 ```

 The **Container Network Policy** section displays the following information