Security with MergeRequest-Pipelines workflow
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
All security CI templates are compatible only one of the two proposed workflows:
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
- Alex (Security Operations Engineer)
- Simone (Software Engineer in Test)
- Allison (Application Ops)
- Priyanka (Platform Engineer)
User experience goal
The user should be able to use security CI template with either workflow mentionned on Gitlab CI Reference
Proposal
I think we need to allow security jib to run on merge request pipeline by adding a trigger on $CI_MERGE_REQUEST_IID like that :
rules
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bcontainer_scanning\b/
- if: $CI_MERGE_REQUEST_IID &&
$GITLAB_FEATURES =~ /\bcontainer_scanning\b/However, i don't know the best way to avoid code duplication for advance rules like here
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Edited by 🤖 GitLab Bot 🤖