Skip to content

Consider non-default config files for Security UI

What does this MR do and why?

Describe in detail what your merge request does and why.

This Merge Request updates the Configure with a merge request option for all scanners to use the value set in the CI/CD configuration file setting, instead of the hardcoded .gitlab-ci.yml as requested on issue #351856 (closed).

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Case 1

No `.gitlab-ci.yml` file is present in the root directory. In this case, the UI will create a merge request that adds a new `.gitlab-ci.yml` file to the project, that has nothing but the `include:` and notes. This pipeline will never run, so the scanner will never work.

1. Create a CI config file somewhere else in your project.

Screen_Shot_2022-03-01_at_2.59.20_PM

  1. Go to Settings > CI/CD > General pipelines and set CI/CD configuration file to be that new config file. Screen_Shot_2022-03-01_at_3.00.55_PM

  2. Check that pipeline runs with this config. You can also go to the pipeline editor CI/CD > Editor to verify that this is the config file GitLab is using.

Screen_Shot_2022-03-01_at_3.03.42_PM

  1. Go to Security & Compliance > Configuration and use the Configure with a merge request option for any scanner. Screen_Shot_2022-03-01_at_3.02.09_PM

  2. Check the diff in the MR and see that it does match the active config file. Screen_Shot_2022-03-01_at_3.03.10_PM

Case 2

A `.gitlab-ci.yml` config file IS present in the root directory, but the project has been configured to use a different one. In this case, the UI will create a merge request that is very confusing, because it'll be modifying the wrong config file. Again, if you merge that change, the scanner doesn't actually run, because that config file is never used.

  1. The project should have a .gitlab-ci.yml in the root directory and another CI config file somewhere else.

root directory Screen_Shot_2022-03-01_at_3.39.19_PM

somewhere else Screen_Shot_2022-03-01_at_2.59.20_PM

  1. Go to Settings > CI/CD > General pipelines and set CI/CD configuration file to be that CI config file created somewhere else.

Screen_Shot_2022-03-01_at_3.00.55_PM

  1. Check that pipeline runs with this config. You can also go to the pipeline editor CI/CD > Editor to verify that this is the config file GitLab is using.

Screen_Shot_2022-03-01_at_3.03.42_PM

  1. Go to Security & Compliance > Configuration and use the Configure with a merge request option for any scanner.

Screen_Shot_2022-03-01_at_3.02.09_PM

  1. Check diff in the MR and see that the correct CI config file was modified

Screen_Shot_2022-03-01_at_3.03.10_PM

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Mayra Cabrera

Merge request reports

Loading