Allow users to use _EXCLUDED_ANALYZERS variable in SEP
What does this MR do and why?
We would like to add the ability for customers to specify _EXCLUDED_ANALYZERS
variables in their Scan Execution Policies and ensure that it will be respected in enforced jobs. This way, users will have the ability to exclude the analyzer for the whole organization, although developers will not be able to disable it selectively.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create new project
- Configure Scan Execution Policy for the project enforcing Dependency Scanning scans, add a variable in the policy
DS_EXCLUDED_ANALYZERS: gemnasium-python
andDS_EXCLUDED_PATHS: requirements.txt
- Add
requirements.txt
andPipfile
to the repository - Run pipeline for the project and see that gemnasium-python job is not enforced and other scan was not scanning
requirements.txt
file
Related to #440855 (closed)
Edited by Alan (Maciej) Paruszewski