Consider non-default config files for Security UI
What does this MR do and why?
Describe in detail what your merge request does and why.
This Merge Request updates the Configure with a merge request option for all scanners to use the value set in the CI/CD configuration file setting, instead of the hardcoded .gitlab-ci.yml
as requested on issue #351856 (closed).
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Case 1
No `.gitlab-ci.yml` file is present in the root directory. In this case, the UI will create a merge request that adds a new `.gitlab-ci.yml` file to the project, that has nothing but the `include:` and notes. This pipeline will never run, so the scanner will never work.
Case 2
A `.gitlab-ci.yml` config file IS present in the root directory, but the project has been configured to use a different one. In this case, the UI will create a merge request that is very confusing, because it'll be modifying the wrong config file. Again, if you merge that change, the scanner doesn't actually run, because that config file is never used.
- The project should have a
.gitlab-ci.yml
in the root directory and another CI config file somewhere else.
- Go to Settings > CI/CD > General pipelines and set CI/CD configuration file to be that CI config file created somewhere else.
- Check that pipeline runs with this config. You can also go to the pipeline editor CI/CD > Editor to verify that this is the config file GitLab is using.
- Go to Security & Compliance > Configuration and use the Configure with a merge request option for any scanner.
- Check diff in the MR and see that the correct CI config file was modified
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.