Limit the amount of rules per policy to 5
What does this MR do and why?
Limit the amount of rules per policy to 5. Therefore a total of 25 rules per policy project.
Related issue: #349724 (closed) Documentation will be reflected in this MR
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
- It requires an orchestration policy as described in https://docs.gitlab.com/ee/user/application_security/policies/#policies.
- This yaml can be used as an example (increasing the amount of the rule from 1 to 6 for testing the limit):
---
scan_result_policy:
- name: critical vulnerability CS approvals
description: critical severity level only for container scanning
enabled: true
rules:
- type: scan_finding
branches:
- master
scanners:
- container_scanning
vulnerabilities_allowed: 1
severity_levels:
- critical
vulnerability_states:
- newly_detected
actions:
- type: require_approval
approvals_required: 1
user_approvers:
- o.lecia.conner
- Run the background job without having to wait for the cronjob as the following:
project_id = # id of the project in which the orchestration policy has been setup
Project.find(project_id).security_orchestration_policy_configuration.update(configured_at: nil)
Security::CreateOrchestrationPolicyWorker.new.perform
Project.find(project_id).reload.approval_rules.count # has to be lower than the limit
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins