Catch YAML errors when parsing security policies
What does this MR do and why?
This MR adds simple rescue when parsing security policy from YAML file. Users might configure their policies in incorrect way and we were not catching that before. This change introduces that.
How to set up and validate locally
- Create new project
- Create new security policy project
- Add to
.gitlab/security-policies/policy.yml
invalid policy (cadence value should be quoted, otherwise YAML parser will think that this is an alias):
---
scan_execution_policy:
- name: Enforce DAST and secret detection scans every 10 minutes
description: This policy enforces DAST and secret detection scans to run every 10 minutes
enabled: true
rules:
- type: schedule
branches:
- main
cadence: */10 * * * *
actions:
- scan: dast
scanner_profile: Scanner Profile C
site_profile: Site Profile D
- scan: secret_detection
- You should not see failed
Security::CreateOrchestrationPolicyWorker
jobs in Sidekiq because of this.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #346316 (closed)