Remove match_on_inclusion from scan_result_policies (!143976) · Merge requests · GitLab.org / GitLab

Marcos Rocha requested to merge mc_rocha-remove-match-on-inclusion-424513 into master Feb 06, 2024

What does this MR do and why?

This MR removes the support for match_on_inclusion on scan_result_policies as suggested in this comment.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create a new project
Add a .gitlab-ci.yml file with the content

include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml

Add a new member to the project with developer access
Go to Secure > Policies
Click on New policy
Select Merge request approval policy
Change to .yaml mode
Copy the yaml below:

type: approval_policy
name: Deny MIT
enabled: true
rules:
  - type: license_finding
    match_on_inclusion_license: true
    license_types:
      - MIT License
    license_states:
      - newly_detected
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer

Click on Configure with a merge request
Merge the new MR to add the policy
Go back to Secure > Policies and verify the new policy is visible
Create a new MR adding a Gemfile.lock file with the following content:

GEM
  remote: https://rubygems.org/
  specs:
    rack (3.0.4.1)

PLATFORMS
  arm64-darwin-22

DEPENDENCIES
  rack

BUNDLED WITH
   2.4.22

Verify the policy blocked the merge

Edited Feb 07, 2024 by Marcos Rocha

Remove match_on_inclusion from scan_result_policies

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports