Skip to content

Add rules section to vulnerability management policy

Lorenz van Herwaarden requested to merge vulnerability-management-policy/rules-section into master

What does this MR do and why?

Related #465832 (closed)

Add rules section to vulnerability management policy.

This modifies the default vulnerability management policy to include setting multiple rules that each allow the configuration of the severity level and the scanners.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

rule-section

How to set up and validate locally

  1. enable feature flag vulnerability_management_policy_type
  2. go to a project
  3. go to Secure > Policies
  4. click New policy
  5. click Select policy on the Vulnerability management policy card
  6. validate it shows a yaml preview with
type: vulnerability_management_policy
name: ''
description: ''
enabled: true
rules:
  - type: no_longer_detected
    scanners: []
    severity_levels: []
actions:
  - type: auto_resolve
  1. validate that if you change make a typo in rules in YAML mode, it disabled the form in rule mode
  2. validate that you all scanner types and severity levels are selected by default and that this results in an empty array [] being used for respectively scanners and severity_levels.
  3. validate that if you add multiple rules, they are separated by an "or" label
Edited by Lorenz van Herwaarden

Merge request reports