FE: Add CI variable filter
Why are we doing this work
- users want to be able to add the appropriate CI variables for scan execution policies
Relevant links
- see epic
Implementation plan
-
frontend create CI variable filter - conditionally show variables in dropdown based on scan type selected (see lists below)
- use a
GlCollapsibleListbox
and the actionUse a custom key
changes the dropdown to an input box
Dependency Scanning
| ADDITIONAL_CA_CERT_BUNDLE |
| DS_EXCLUDED_ANALYZERS |
| DS_EXCLUDED_PATHS |
| DS_IMAGE_SUFFIX |
| DS_MAX_DEPTH | num |
| SECURE_ANALYZERS_PREFIX |
| SECURE_LOG_LEVEL | From highest to lowest severity, the logging levels are: fatal, error, warn, info, debug |
Sast
| SECURE_ANALYZERS_PREFIX |
| SAST_EXCLUDED_ANALYZERS |
| SAST_ANALYZER_IMAGE_TAG |
| SAST_IMAGE_SUFFIX |
SAST_RULESET_GIT_REFERENCE
Secret Detection
SECRET_DETECTION_EXCLUDED_PATHS
SECRET_DETECTION_HISTORIC_SCAN | boolean |
SECRET_DETECTION_IMAGE_SUFFIX
SECRET_DETECTION_LOG_OPTIONS
SECRET_DETECTION_GIT_REFERENCE
Container Scanning
| ADDITIONAL_CA_CERT_BUNDLE |
| CI_APPLICATION_REPOSITORY |
| CI_APPLICATION_TAG |
| CS_ANALYZER_IMAGE |
| CS_DEFAULT_BRANCH_IMAGE |
| CS_DISABLE_DEPENDENCY_LIST |
| CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN |
| CS_DOCKER_INSECURE |
| CS_IMAGE_SUFFIX |
| CS_IGNORE_UNFIXED |
| CS_REGISTRY_INSECURE |
| CS_SEVERITY_THRESHOLD | Supported levels are UNKNOWN, LOW, MEDIUM, HIGH, and CRITICAL. |
| CS_IMAGE |
| CS_REGISTRY_PASSWORD |
| CS_REGISTRY_USER |
| CS_DOCKERFILE_PATH |
| CS_QUIET |
| SECURE_LOG_LEVEL | the logging levels are: fatal, error, warn, info, debug |
SAST IaC
| SAST_IMAGE_SUFFIX |
| SAST_ANALYZER_IMAGE_TAG |
| SECURE_LOG_LEVEL |
Dast
| `DAST_ADVERTISE_SCAN` | boolean |
| `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_ACTION_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_ALLOWED_HOSTS` | List of strings |
| `DAST_BROWSER_COOKIES` | dictionary |
| `DAST_BROWSER_CRAWL_GRAPH` | boolean |
| `DAST_BROWSER_CRAWL_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_DEVTOOLS_LOG` | string |
| `DAST_BROWSER_DOM_READY_AFTER_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_ELEMENT_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_EXCLUDED_ELEMENTS` | selector |
| `DAST_BROWSER_EXCLUDED_HOSTS` | List of strings |
| `DAST_BROWSER_EXTRACT_ELEMENT_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_FILE_LOG` | List of strings |
| `DAST_BROWSER_FILE_LOG_PATH` | string |
| `DAST_BROWSER_IGNORED_HOSTS` | List of strings |
| `DAST_BROWSER_INCLUDE_ONLY_RULES` | List of strings |
| `DAST_BROWSER_LOG` | List of strings |
| `DAST_BROWSER_LOG_CHROMIUM_OUTPUT` | boolean |
| `DAST_BROWSER_MAX_ACTIONS` | number |
| `DAST_BROWSER_MAX_DEPTH` | number |
| `DAST_BROWSER_MAX_RESPONSE_SIZE_MB` | number |
| `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_NAVIGATION_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_NUMBER_OF_BROWSERS` | number |
| `DAST_BROWSER_PAGE_LOADING_SELECTOR` | selector |
| `DAST_BROWSER_PAGE_READY_SELECTOR` | selector |
| `DAST_BROWSER_PASSIVE_CHECK_WORKERS` | int |
| `DAST_BROWSER_SCAN` | boolean |
| `DAST_BROWSER_SEARCH_ELEMENT_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_STABILITY_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_EXCLUDE_RULES` | string |
| `DAST_EXCLUDE_URLS` | URLs |
| `DAST_FF_ENABLE_BAS` | boolean |
| `DAST_FULL_SCAN_ENABLED` | boolean |
| `DAST_PATHS` | string |
| `DAST_PATHS_FILE` | string |
| `DAST_PKCS12_CERTIFICATE_BASE64` | string |
| `DAST_PKCS12_PASSWORD` | string |
| `DAST_REQUEST_HEADERS` | string |
| `DAST_SKIP_TARGET_CHECK` | boolean |
| `DAST_TARGET_AVAILABILITY_TIMEOUT` | number |
| `DAST_WEBSITE` | URL |
| `SECURE_ANALYZERS_PREFIX` | URL |
Verification steps
Edited by Alexander Turinske