Add rules section to vulnerability management policy
What does this MR do and why?
Related #465832 (closed)
Add rules section to vulnerability management policy.
This modifies the default vulnerability management policy to include setting multiple rules that each allow the configuration of the severity level and the scanners.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
- enable feature flag
vulnerability_management_policy_type
- go to a project
- go to Secure > Policies
- click New policy
- click Select policy on the Vulnerability management policy card
- validate it shows a yaml preview with
type: vulnerability_management_policy
name: ''
description: ''
enabled: true
rules:
- type: no_longer_detected
scanners: []
severity_levels: []
actions:
- type: auto_resolve
- validate that if you change make a typo in
rules
in YAML mode, it disabled the form in rule mode - validate that you all scanner types and severity levels are selected by default and that this results in an empty array
[]
being used for respectivelyscanners
andseverity_levels
. - validate that if you add multiple rules, they are separated by an "or" label
Edited by Lorenz van Herwaarden