Extend Actions in Scan Execution Policy to include Runner Tags
What does this MR do and why?
With https://docs.gitlab.com/ee/ci/runners/configure_runners.html#use-tags-to-control-which-jobs-a-runner-can-run you can select tags for each job in your .gitlab-ci.yml
file. These tags allows to control which jobs a runner can run.
With this feature we want to add this functionality to GitLab and extend Scan Execution Policy with information about tags.
You can read more about this in Allow Users to Define Tags for Scan Execution P... (&9176 - closed).
Screenshot
How to set up and validate locally
- Add tags (eg:
Security Policy
) to a runner fromAdmin
->Runners
->Edit
- Create a scan execution policy from
Security & Compliance
->Policies
scan_execution_policy:
- name: Scan Execution Policy
description: ''
enabled: true
rules:
- type: pipeline
branches:
- "*"
actions:
- scan: container_scanning
tags:
- Security Policy
- scan: secret_detection
- Run a pipeline on any of the branches and verify if the scan job has tags applied and picked by the runner with specified tag
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #382993 (closed)
Edited by Alan (Maciej) Paruszewski