Skip to content

Add humanize support for branch types for security policies

Artur Fedorov requested to merge 404778-branch-type-rule-humanization into master

What does this MR do and why?

Add humanize support for branch types for security policies

  • Add humanize support for branch types
  • branch types are now supported for humanized messages for scan result policy
  • add no rule message for invalid branch types
  • make humanize code similar for future consolidation

Changelog: added

EE: true

What does this MR not do and why?

  • it does not abstract out some of the humanize methods because our file structure is not set up for this...yet. There are plans to look into it with #417691 (comment 1469201036)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Policy Type yaml Before After
Scan Execution type: pipeline, branch_type: all - Every time a pipeline runs for any branch
Scan Execution type: pipeline, branches: ["*"] on every pipeline on the * branch Every time a pipeline runs for the * branch
Scan Execution type: pipeline, branches: [production, staging, release/*] on every pipeline on the production, staging and release/* branches Every time a pipeline runs for the production, staging and release/* branches
Scan Execution type: pipeline, branch_type: protected - Every time a pipeline runs for any protected branch
Scan Execution type: schedule, cadence: 0 0 * * *, branch_type: default - at 12:00 am, every day on the default branch
Scan Result branch_type: protected - When Container Scanning scanner finds more than 5 vulnerabilities in an open merge request targeting any protected branch and all the following apply:
Scan Result branch_type: default - When license scanner finds any license matching MIT License that is newly detected and is in an open merge request targeting the default branch.
Scan Result branches: spooky-stuff When license scanner finds any license except Apache License 2.0 that is pre-existing and is in an open merge request targeting the spooky-stuff branch. No change
Policy Type Screenshot
Scan Execution
Scan Result

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Upload an GitLab Ultimate license
  2. Navigate to a group/project => Secure => Policies => New policy => Scan Execution Policy
  3. Create a policy with a variety of branch types
  4. Navigate to a group/project => Secure => Policies and verify the drawer for those new policies
  5. Navigate to a group/project => Secure => Policies => New policy => Scan Result Policy
  6. Create a policy with a variety of branch types
  7. Navigate to a group/project => Secure => Policies and verify the drawer for those new policies

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #404778 (closed)

Edited by Alexander Turinske

Merge request reports

Loading