Skip to content

Catch YAML errors when parsing security policies

What does this MR do and why?

This MR adds simple rescue when parsing security policy from YAML file. Users might configure their policies in incorrect way and we were not catching that before. This change introduces that.

How to set up and validate locally

  1. Create new project
  2. Create new security policy project
  3. Add to .gitlab/security-policies/policy.yml invalid policy (cadence value should be quoted, otherwise YAML parser will think that this is an alias):
---
scan_execution_policy:
- name: Enforce DAST and secret detection scans every 10 minutes
  description: This policy enforces DAST and secret detection scans to run every 10 minutes
  enabled: true
  rules:
  - type: schedule
    branches:
    - main
    cadence: */10 * * * *
  actions:
  - scan: dast
    scanner_profile: Scanner Profile C
    site_profile: Site Profile D
  - scan: secret_detection
  1. You should not see failed Security::CreateOrchestrationPolicyWorker jobs in Sidekiq because of this.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #346316 (closed)

Merge request reports

Loading