Spike: How to run a pipeline with one security job and how to schedule it to run on selected date/time

Time-box: 5 days effort.

Topic to Evaluate

Currently we can schedule a pipeline but it will run all jobs define in gitlab-ci.yml. Requirements for #270880 (closed) call for running a CI pipeline just for certain security analyzer jobs, e.g. DAST.

• Link to other Issue

Tasks to Evaluate

• Determine feasibility of the feature
• Create issue for implementation or update existing implementation issue description with implementation proposal
• Set weight on implementation issue
• If weight is greater than 5, break issue into smaller issues
• Determine how to run detached pipeline using different template
• Make sure that running detached pipeline is not creating vulnerabilities in database and is not affecting any logic related to successful pipelines
• Determine how to reuse CI/CD -> Schedules to schedule a pipeline with security jobs on given date or what alternative approaches we could have here

Risks and Implementation Considerations

Team

• Add workflowplanning breakdown feature and the corresponding ~devops::<stage> and ~group::<group> labels.
• Ping the PM and EM.