Move security policy bot policies to EE (!134740) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge andysoiron/move-security-policy-bot-policies-to-ee into master Oct 20, 2023

What does this MR do and why?

This moves policies related to security_policy_bot users to EE. Security policy bot users are used for the security policy feature and therefor the related code should go to EE.

How to set up and validate locally

Create a new project
Go to Secure -> Policies
Select New policy
Select Scan execution policy

Switch to .yaml mode and paste the following yaml:

type: scan_execution_policy
name: test
description: ''
enabled: true
rules:
  - type: schedule
    cadence: 0 0 * * *
    branch_type: all
actions:
  - scan: secret_detection

Select Configure with a merge request and merge the MR
If you haven't already, set up a runner with docker

To reset the timer and trigger the schedule worker, run:

Security::OrchestrationPolicyRuleSchedule.update_all(next_run_at: Time.now - 1.day)
Security::OrchestrationPolicyRuleScheduleWorker.new.perform

Go to Build -> Pipelines on the project you created.
You might have to wait a bit, but there should be a successful pipeline, triggered by a security policy bot.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 23, 2023 by Andy Schoenen

Move security policy bot policies to EE

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports