SAST & Secret Detection testing & Azure compatibility testing

Problem to solve

Several large users have recently tried running GitLab on Azure environments as well as deploying to Azure environments. They have had multiple issues resulting from Azure differences compared to GCP, AWS, or other environments.

Proposal

Perform testing of SAST and Secret Detection scanning, when GitLab is deployed to an Azure environment.

• This should use standard, non-customized options that we can reasonably expect a customer to use during normal product usage.
• This also includes the GitLab runners being hosted inside Azure.

Implementation plan

1. Get access to a test environment.
2. Follow setup instructions for an offline environment per: https://docs.gitlab.com/ee/topics/offline/quick_start_guide.html
3. Follow setup instructions for running security scans offline per: https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html
4. Import test project enabling both Category:SAST and Category:Secret Detection, such as https://gitlab.com/gitlab-org/security-products/tests/go
5. Run pipeline against test project & check output of QA jobs
6. Document any bugs arisen

Expected outcome

1. Documentation of tests performed
2. Issues created for any bugs discovered
3. Summary if no bugs found