Add `branch_exceptions` to security policy schema (!127094) · Merge requests · GitLab.org / GitLab

Dominic Bauer requested to merge 418735-be-update-json-schema-to-support-branch-exceptions into master Jul 20, 2023

What does this MR do and why?

Adds support for branch_exceptions to the security policy schema (see &9567 (closed)).

How to set up and validate locally

On the project or group level, navigate to Secure > Policies and verify you can create the following two sample policies:

type: scan_execution_policy
name: 'Test'
description: ''
enabled: true
rules:
  - type: pipeline
    branch_type: protected
    branch_exceptions:
      - master
      - { name: "develop", full_path: "foo/bar" }
actions:
  - scan: container_scanning
    tags: []

type: scan_result_policy
name: Test
description: ''
enabled: true
rules:
  - type: scan_finding
    scanners:
      - sast
    vulnerabilities_allowed: 0
    severity_levels: []
    vulnerability_states: []
    branch_type: protected
    branch_exceptions:
      - master
      - { name: "develop", full_path: "foo/bar" }
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
      - 11

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #418735 (closed)

Add `branch_exceptions` to security policy schema

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports