Security with MergeRequest-Pipelines workflow
Problem to solve
All security CI templates are compatible only one of the two proposed workflows:
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
- Alex (Security Operations Engineer)
- Simone (Software Engineer in Test)
- Allison (Application Ops)
- Priyanka (Platform Engineer)
User experience goal
The user should be able to use security CI template with either workflow mentionned on Gitlab CI Reference
Proposal
I think we need to allow security jib to run on merge request pipeline by adding a trigger on $CI_MERGE_REQUEST_IID like that :
rules
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bcontainer_scanning\b/
- if: $CI_MERGE_REQUEST_IID &&
$GITLAB_FEATURES =~ /\bcontainer_scanning\b/
However, i don't know the best way to avoid code duplication for advance rules like here