Add new processor to CI Configuration with Security Policies [RUN ALL RSPEC] [RUN AS-IF-FOSS]
What does this MR do?
This change introduces new type of processor that allows us to extend the CI Configuration YAML file with scans required by policies defined in Policy Project.
Configuration repository will include a .yml file which will be used by processor to add Dast job to a pipeline. In example above we will add dast job with given parameters whenever production branch's pipeline runs.
Demo
https://youtu.be/NvDbyI8IyRI?t=150
Steps to produce
1.) Enable security_orchestration_policies
ff flag
2.) Import https://gitlab.com/caneldem/sec-orchestration to your local gdk
3.) Go to Security & Complience -> On Demans Scans
. Create scanner profile called local_scanner_profile and create site profile called local_site_profile.
4.) Create a project in your gdk you can import this one as well https://gitlab.com/caneldem/sec-orchestration-test
5.) in rails console
target_project = Project.find(<id of step 3>)
policy_project = Project.find(<id of step 2>)
Security::Orchestration::AssignService.new(target_project, nil, policy_project_id: policy_project.id).execute
6.) Run pipeline in project you should see that dast job is added to pipeline
Related issue
Issue: #299215 (closed)
Epic: &5329 (closed)
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
Not needed:
Any change behind a disabled feature flag should not have a changelog entry.
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done