Do not allow to override jobs defined by Security Policies (!91525) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 366600-fix-overriding-security-jobs-wit-policies into master Jun 30, 2022

What does this MR do and why?

This MR fixes the problem where user could modify .gitlab-ci.yml file and disable the job enforced by security policy.

How to set up and validate locally

Create new project
Create new Policy for this project that will include SAST job for every branch
In your project create .gitlab-ci.yml file that will include sast-0 job, with rules section defined as:
```
rules:
- if: $CI
  when: never
```
sast-0 job should work normally and be executed.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #366600 (closed)

Edited Jun 30, 2022 by Alan (Maciej) Paruszewski

Do not allow to override jobs defined by Security Policies

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports