License Compliance - Add documentation for Yarn registries

faeb975f · mo khan · Nick Gaskill · 0bebafa0 · faeb975f
Commit faeb975f authored May 19, 2020 by mo khan Committed by Nick Gaskill May 19, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 2 deletions

doc/user/compliance/license_compliance/index.md doc/user/compliance/license_compliance/index.md +24 -2

No files found.
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -136,7 +136,7 @@ License Compliance can be configured using environment variables.
 | Environment variable        | Required | Description |
 |-----------------------------|----------|-------------|
 | `SECURE_ANALYZERS_PREFIX`   | no       | Set the Docker registry base address to download the analyzer from. |
-| `ADDITIONAL_CA_CERT_BUNDLE` | no       | Bundle of trusted CA certificates (currently supported in Pip, Pipenv, Maven, Gradle, and NPM projects). |
+| `ADDITIONAL_CA_CERT_BUNDLE` | no       | Bundle of trusted CA certificates (currently supported in Pip, Pipenv, Maven, Gradle, Yarn, and NPM projects). |
 | `GRADLE_CLI_OPTS`           | no       | Additional arguments for the gradle executable. If not supplied, defaults to `--exclude-task=test`. |
 | `LICENSE_FINDER_CLI_OPTS`   | no       | Additional arguments for the `license_finder` executable. For example, if your project has both Golang and Ruby code stored in different directories and you want to only scan the Ruby code, you can update your `.gitlab-ci-yml` template to specify which project directories to scan, like `LICENSE_FINDER_CLI_OPTS: '--debug --aggregate-paths=. ruby'`. |
 | `LM_JAVA_VERSION`           | no       | Version of Java. If set to `11`, Maven and Gradle use Java 11 instead of Java 8. |
@@ -326,6 +326,28 @@ For example:
 strict-ssl = false
 ```

+### Configuring Yarn projects
+
+You can configure Yarn projects by using a [`.yarnrc.yml`](https://yarnpkg.com/configuration/yarnrc)
+file.
+
+#### Using private Yarn registries
+
+If you have a private Yarn registry you can use the
+[`npmRegistryServer`](https://yarnpkg.com/configuration/yarnrc#npmRegistryServer)
+setting to specify its location.
+
+For example:
+
+```text
+npmRegistryServer: "https://npm.example.com"
+```
+
+#### Custom root certificates for Yarn
+
+You can supply a custom root certificate to complete TLS verification by using the
+`ADDITIONAL_CA_CERT_BUNDLE` [environment variable](#available-variables).
+
 ### Migration from `license_management` to `license_scanning`

 In GitLab 12.8 a new name for `license_management` job was introduced. This change was made to improve clarity around the purpose of the scan, which is to scan and collect the types of licenses present in a projects dependencies.
@@ -419,7 +441,7 @@ The License Compliance job should now use local copies of the License Compliance
 your code and generate security reports, without requiring internet access.

 Additional configuration may be needed for connecting to [private Maven repositories](#using-private-maven-repos),
-[private NPM registries](#using-private-npm-registries), and [private Python repositories](#using-private-python-repos).
+[private NPM registries](#using-private-npm-registries), [private Yarn registries](#using-private-yarn-registries), and [private Python repositories](#using-private-python-repos).

 Exact name matches are required for [project policies](#project-policies-for-license-compliance)
 when running in an offline environment ([see related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/212388)).