Draft: Include scanners from scheduled Security Policies in enabled scanners
What does this MR do and why?
This MR resolves problem identified in GraphQL SecurityScanners does not show enabled ... (#429476) where scans executed with scheduled Scan Execution Policy were not listed in enabled scanners.
Queries
SELECT "p_ci_builds"."status",
"p_ci_builds"."finished_at",
"p_ci_builds"."created_at",
"p_ci_builds"."updated_at",
"p_ci_builds"."started_at",
"p_ci_builds"."runner_id",
"p_ci_builds"."coverage",
"p_ci_builds"."commit_id",
"p_ci_builds"."name",
"p_ci_builds"."options",
"p_ci_builds"."allow_failure",
"p_ci_builds"."stage",
"p_ci_builds"."trigger_request_id",
"p_ci_builds"."stage_idx",
"p_ci_builds"."tag",
"p_ci_builds"."ref",
"p_ci_builds"."user_id",
"p_ci_builds"."type",
"p_ci_builds"."target_url",
"p_ci_builds"."description",
"p_ci_builds"."project_id",
"p_ci_builds"."erased_by_id",
"p_ci_builds"."erased_at",
"p_ci_builds"."artifacts_expire_at",
"p_ci_builds"."environment",
"p_ci_builds"."when",
"p_ci_builds"."yaml_variables",
"p_ci_builds"."queued_at",
"p_ci_builds"."lock_version",
"p_ci_builds"."coverage_regex",
"p_ci_builds"."auto_canceled_by_id",
"p_ci_builds"."retried",
"p_ci_builds"."protected",
"p_ci_builds"."failure_reason",
"p_ci_builds"."scheduled_at",
"p_ci_builds"."token_encrypted",
"p_ci_builds"."upstream_pipeline_id",
"p_ci_builds"."resource_group_id",
"p_ci_builds"."waiting_for_resource_at",
"p_ci_builds"."processed",
"p_ci_builds"."scheduling_type",
"p_ci_builds"."id",
"p_ci_builds"."stage_id",
"p_ci_builds"."partition_id",
"p_ci_builds"."auto_canceled_by_partition_id"
FROM "p_ci_builds"
inner join "p_ci_builds_metadata"
ON "p_ci_builds_metadata"."build_id" = "p_ci_builds"."id"
WHERE "p_ci_builds"."type" = 'Ci::Build'
AND "p_ci_builds"."commit_id" IN ( 1, 554 )
AND ( "p_ci_builds_metadata".config_options -> 'artifacts' -> 'reports'
?| array[
'sast', 'sast_iac', 'breach_and_attack_simulation', 'dast',
'dependency_scanning', 'container_scanning', 'secret_detection',
'coverage_fuzzing', 'api_fuzzing', 'cluster_image_scanning'] )
https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/23994/commands/76778
Time: 7.046 ms
- planning: 6.846 ms
- execution: 0.200 ms
- I/O read: 0.000 ms
- I/O write: 0.000 ms
How to set up and validate locally
- Create a new Project.
- Create new Scan Execution Policies with scheduled scans.
- Wait for first scan to be scheduled.
- Go to Vulnerability Report and look for a banner with warning about not enabled scans. Ensure that scans configured in Scan Execution Policy are not listed there.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #429476
Edited by Alan (Maciej) Paruszewski