Clarify documentation on how to use auto devops to update security dashboard
Problem to solve
When using Auto DevOps, use special environment variables to configure daily security scans.
From this, and the links given (to high-level documents about auto devops and its many special environment variables) I am still unsure how I would go about doing this. I suspect that what the author had in mind is something like
- Create a scheduled job to run the master pipeline regularly (as described in the previous section of that documentation)
- Set special environment variables for that scheduled pipeline to disable jobs that are unnecessary for running the security jobs (e.g.
- Specify any information the auto devops security jobs require by setting more environment variables in the schedule (e.g.
DAST_WEBSITE, although perhaps this is not relevant on the master branch...)
If this is what was intended, I think this documentation could be updated to make this explicit; proposal below. But I hope that I have misunderstood the documentation and that the documentation is alluding to a more automatic way to run nightly security jobs in auto devops that I am not aware of.
Merge the section linked above into the previous section and explicitly state something like
"Auto devops allows one to use special environment variables to disable irrelevant jobs or provide the security jobs required information. Values for these variable can be specified when configuring the pipeline schedule."
Who can address the issue
Someone familiar with the workings of auto devops and its security jobs.