Skip to content

Add secret_detection to security_orchestration_policy JSON schema

Sashi Kumar Kumaresan requested to merge sk/334418-update-policy-schema into master

What does this MR do?

Addresses #334418 (closed)

Adds secret_detection to one of the scan types in security_orchestration_policy JSON schema. secret_detection does not need any other fields, so site_profile and scanner_profile which are used by dast are not needed for secret_detection. They are ignored by using maxProperties property.

NOTE: Documentation is not updated now because the functionality is still not implemented and it will be added in #334417 (closed)

Screenshots or Screencasts (strongly suggested)

How to setup and validate locally (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Merge request reports

Loading