Add selection between templates in Scan Execution Policies
requested to merge 415427-add-ability-to-select-between-latest-and-default-templates-in-sep into master
What does this MR do and why?
This MR adds the ability to select template
in Scan Execution Policies to specify if a given scan should be enforced using the latest
security template or the default one.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Enable
scan_execution_policies_with_latest_templates
feature flag (in rails console:Feature.enable :scan_execution_policies_with_latest_templates
) - Create new project
- Add
.gitlab-ci.yml
file andworkflow:rules
to disable regular push pipelines (https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines):test-job: script: - echo "TEST" workflow: rules: - if: $CI_PIPELINE_SOURCE == "push" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- Create new Scan Execution Policy (Go to Secure -> Policies -> Create new -> Scan Execution Policy) (you can use container scanning with
CS_IMAGE
variable set toalpine:3.12.0
) - Go to YAML mode and for selected scan add
template: latest
- Go to your project, create simple README file change and create MR for that change. You'll notice that new pipeline is only created with
merge_request
label and that is the only pipeline created.
Related to #415427 (closed)
Edited by Alan (Maciej) Paruszewski