Enable Infrastructure as Code (IaC) Scanning CI job (!502) · Merge requests · GitLab.org / GitLab Environment Toolkit

Grant Young requested to merge gy-enable-iac-ci-scan into main Feb 01, 2022

What does this MR do?

kics will now run as as a linter on each MR to report on any best practice / security considerations in Terraform, Ansible and Docker code.

MR adds in the job, code updates to meet applicable rules and configuration to disable others that aren't applicable (some will be reviewed later).

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

Merge request:
- Corresponding Issue raised and reviewed by the GET maintainers team.
- Merge Request Title and Description are up to date, accurate, and descriptive
- MR targeting the appropriate branch
- MR has a green pipeline
Code:
- Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
- Documentation created/updated in the same MR.
- If this MR adds an optional configuration - check that all permutations continue to work.
- For Terraform changes: setup a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.