Skip to content

Move security policy bot policies to EE

What does this MR do and why?

This moves policies related to security_policy_bot users to EE. Security policy bot users are used for the security policy feature and therefor the related code should go to EE.

How to set up and validate locally

  1. Create a new project
  2. Go to Secure -> Policies
  3. Select New policy
  4. Select Scan execution policy
  5. Switch to .yaml mode and paste the following yaml:
    type: scan_execution_policy
    name: test
    description: ''
    enabled: true
    rules:
      - type: schedule
        cadence: 0 0 * * *
        branch_type: all
    actions:
      - scan: secret_detection
  6. Select Configure with a merge request and merge the MR
  7. If you haven't already, set up a runner with docker
  8. To reset the timer and trigger the schedule worker, run:
    Security::OrchestrationPolicyRuleSchedule.update_all(next_run_at: Time.now - 1.day)
    Security::OrchestrationPolicyRuleScheduleWorker.new.perform
  9. Go to Build -> Pipelines on the project you created.
  10. You might have to wait a bit, but there should be a successful pipeline, triggered by a security policy bot.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Andy Schoenen

Merge request reports

Loading