Skip to content

Draft: Include scanners from scheduled Security Policies in enabled scanners

Alan (Maciej) Paruszewski requested to merge 429476-include-scanners-from-scheduled-scans into master

What does this MR do and why?

This MR resolves problem identified in GraphQL SecurityScanners does not show enabled ... (#429476) where scans executed with scheduled Scan Execution Policy were not listed in enabled scanners.

Queries

SELECT "p_ci_builds"."status",
       "p_ci_builds"."finished_at",
       "p_ci_builds"."created_at",
       "p_ci_builds"."updated_at",
       "p_ci_builds"."started_at",
       "p_ci_builds"."runner_id",
       "p_ci_builds"."coverage",
       "p_ci_builds"."commit_id",
       "p_ci_builds"."name",
       "p_ci_builds"."options",
       "p_ci_builds"."allow_failure",
       "p_ci_builds"."stage",
       "p_ci_builds"."trigger_request_id",
       "p_ci_builds"."stage_idx",
       "p_ci_builds"."tag",
       "p_ci_builds"."ref",
       "p_ci_builds"."user_id",
       "p_ci_builds"."type",
       "p_ci_builds"."target_url",
       "p_ci_builds"."description",
       "p_ci_builds"."project_id",
       "p_ci_builds"."erased_by_id",
       "p_ci_builds"."erased_at",
       "p_ci_builds"."artifacts_expire_at",
       "p_ci_builds"."environment",
       "p_ci_builds"."when",
       "p_ci_builds"."yaml_variables",
       "p_ci_builds"."queued_at",
       "p_ci_builds"."lock_version",
       "p_ci_builds"."coverage_regex",
       "p_ci_builds"."auto_canceled_by_id",
       "p_ci_builds"."retried",
       "p_ci_builds"."protected",
       "p_ci_builds"."failure_reason",
       "p_ci_builds"."scheduled_at",
       "p_ci_builds"."token_encrypted",
       "p_ci_builds"."upstream_pipeline_id",
       "p_ci_builds"."resource_group_id",
       "p_ci_builds"."waiting_for_resource_at",
       "p_ci_builds"."processed",
       "p_ci_builds"."scheduling_type",
       "p_ci_builds"."id",
       "p_ci_builds"."stage_id",
       "p_ci_builds"."partition_id",
       "p_ci_builds"."auto_canceled_by_partition_id"
FROM   "p_ci_builds"
       inner join "p_ci_builds_metadata"
               ON "p_ci_builds_metadata"."build_id" = "p_ci_builds"."id"
WHERE  "p_ci_builds"."type" = 'Ci::Build'
       AND "p_ci_builds"."commit_id" IN ( 1, 554 )
       AND ( "p_ci_builds_metadata".config_options -> 'artifacts' -> 'reports'
             ?| array[
           'sast', 'sast_iac', 'breach_and_attack_simulation', 'dast',
           'dependency_scanning', 'container_scanning', 'secret_detection',
           'coverage_fuzzing', 'api_fuzzing', 'cluster_image_scanning'] )

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/23994/commands/76778

Time: 7.046 ms  
  - planning: 6.846 ms  
  - execution: 0.200 ms  
    - I/O read: 0.000 ms  
    - I/O write: 0.000 ms

How to set up and validate locally

  1. Create a new Project.
  2. Create new Scan Execution Policies with scheduled scans.
  3. Wait for first scan to be scheduled.
  4. Go to Vulnerability Report and look for a banner with warning about not enabled scans. Ensure that scans configured in Scan Execution Policy are not listed there.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #429476

Edited by Alan (Maciej) Paruszewski

Merge request reports