Add feature to Block from progressing in pipeline if Security Vulnerability is found
Problem to solve
There are cases where users do not wish to move forward in the pipeline if a vulnerability was detected. Currently even if vulnerabilities are detected, if the security job executes successfully, the pipeline will continue to move on (eg. Deploy to Dev Environment, Run Functional Tests, etc.) This causes resources to be used, even if developer would not wish to move on if there are critical vulnerabilities.
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Simone (Software Engineer in Test)
- Allison (Application Ops)
User experience goal
Adding a directive such as
allow_progression_on_vuln in the .gitlab-ci.yaml, which if a vulnerability is found, causes the pipeline not to proceed.
sast: stage: test allow_progression_on_vuln: false
it is similar to the
A new directive for the security scans in the .gitlab-ci.yaml that can stop the pipeline if a vulnerability is found.
Allows developer to save time and resources if a they do not wish to proceed when vulnerabilities are detected.
Permissions and Security
Edit permissions on .gitlab-ci.yaml
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
No, just in the Secure Stage.