FE: Create `Scan execution` policy page on the `New Policy` page
Why are we doing this work
- The
Scan schedulepolicy type requires different information than theContainer runtimepolicy type that can currently be created -
- Users will be able to view Scan Execution policies and will be able to propose changes to Scan Execution policies (create, edit, delete). For this iteration, only
yaml modewill be available for Scan Execution type policies.
- Users will be able to view Scan Execution policies and will be able to propose changes to Scan Execution policies (create, edit, delete). For this iteration, only
-
- Creating, editing, or deleting a policy in the UI will result in the automatic creation of an MR for the Security Policy Project.
Relevant links
Design: #267346[4b.createshedule_Updated.png] and #267346[4b.createshedule_NOSCAN.png] https://gitlab.com/groups/gitlab-org/-/uploads/4772966ee0df0cdeb174c53afed03d98/scan-execution-policy.png
![#267346[4b.createshedule_Updated.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/267346/designs/4b.createshedule_Updated.png){kind=link}
![#267346[4b.createshedule_NOSCAN.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/267346/designs/4b.createshedule_NOSCAN.png){kind=link}
Non-functional requirements
-
Documentation -
Testing
Implementation plan
-
frontend create the component/s for a user to create a Scan schedulepolicy from the New policy page -
frontend reuse form actions from network_policy(pull out form action buttons intopolicy_editorand reuse them) -
frontend Update the policy_editor component to conditionally render the new Scan schedulecomopnents whenScan scheduleis selected in the dropdown -
frontend add default yaml when switching to scan execution policy. Delete when switching back to network policy
type: scan_execution_policy
name: ''
description: ''
enabled: false
rules:
- type: pipeline
branches:
- main
actions:
- scan: dast
site_profile: ''
scanner_profile: ''-
frontend a user can save the policy (even if there is not a project already configured) (!66416 (merged)) - details on what the new project will be called is at &5362 (comment 563834386)
- there are several mutations required to achieve this (details on why)
- Create a scan policy project if it does not exist for the project
- Mutations:
securityPolicyProjectAssignandsecurityPolicyProjectCreate
- Mutations:
- Create a policy (update/delete if scan policy project already exists) which creates a new branch in the scan policy project with the policy changes
- Mutation:
scanExecutionPolicyCommit
- Mutation:
- Create a MR with the new branch against the default branch
- Mutation:
mergeRequestCreate
- Mutation:
- Create a scan policy project if it does not exist for the project
-
frontend a user can modify/delete an existing policy (!66580 (merged))
Edited by Alexander Turinske