Skip to content

Add filtering security policies to return only inherited policies

What does this MR do and why?

How to set up and validate locally

  1. Create new Group
  2. Create new Subgroup within created Group
  3. Create new Project within created Project
  4. For each Group, Subgroup and Project go to Security & Compliance -> Policies and create new Policy for each of them:
type: scan_execution_policy
name: Enable SAST for Group/Subgroup/Project
description: ''
enabled: true
rules:
  - type: pipeline
    branches:
      - '*'
actions:
  - scan: sast
  1. Go to GraphQL Explorer (/-/graphql-explorer), use this query (and similar for other Project/Group/Subgroup):
query {
  group(fullPath: "gitlab-org/protect/demos/sandbox/policies-for-group/policies-for-subgroup") {
    scanExecutionPolicies(relationship: INHERITED_ONLY) {
      nodes {
        name
        source {
          ... on GroupSecurityPolicySource {
            inherited
          }
        }
      }
    }
  }
}

You should see only inherited policies.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to FE: Create filter for 'Source' (#345323 - closed)

Merge request reports

Loading