Note that the test stage is a requirement for most Secure features
Problem to solve
GitLab's Secure features require are intended to run in the test stage. If customers omit the test stage, the Secure features won't run as intended.
Further details
This issue was raised because !60551 (merged) resolves this issue for the Secret Detection docs, but not for all other Secure features.
NOTE: The requirement of a test stage does not apply to the API fuzzing, or coverage-guided fuzzing analyzers. Therefore, they are out of scope of this issue.
| Secure feature | Stage test noted in requirements |
|---|---|
| SAST | |
| DAST | |
| Secret Detection | |
| Container scanning | |
| Cluster image scanning | |
| Dependency scanning | |
| Infrastructure as code scanning |
Proposal
Note the test stage as a requirement.
Who can address the issue
Anyone.
Other links/references
Edited by Russell Dickenson