Include comparison pipelines for error cases
Description
Bot comments for security scan and license findings include comparison pipelines today, but if there is only an error, such as a mismatch in scanners on source and target branches, we do not display which pipelines are being considered.
This makes it challenging for users to troubleshoot which pipelines may be affecting the results.
How to set up and validate locally
- Create a new project
- Add a
.gitlab-ci.yml
with the content
build1:
stage: build
script:
- echo "Do your build here"
- Go to Secure > Policies
- Click in New policy
- Select Merge request approval policy
- change to the yaml mode
- Copy the yaml content below:
type: approval_policy
name: a
description: ''
enabled: true
rules:
- type: scan_finding
scanners:
- secret_detection
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
- maintainer
- type: send_bot_message
enabled: true
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: false
prevent_approval_by_commit_author: false
remove_approvals_with_new_commit: false
require_password_to_approve: false
fallback_behavior:
fail: closed
- Click in Configure with a merge request
- Merge the the MR
- Go back to the project created on step 1
- Create a new MR editing the README file
- Verify the bot comment about the missing scan contains the Comparison pipelines information
Edited by Marcos Rocha