Scheduled security orchestration policy does not consider branches in rules
Summary
The schedule
rule type in Security Orchestration Policies accepts branches
field for which the policy is expected to be applied. But currently, the scheduled scan execution does not consider branches
and the policy is applied only to the default branch of the project.
Steps to reproduce
- Clone and create a project from https://gitlab.com/sashi_kumar/security-orchestration-policies
- Enable
security_orchestration_policies_configuration
for the target project for which the scan policies should be enabled by doing:
Feature.enable(:security_orchestration_policies_configuration, Project.find(<target_project.id>))
- Go to
Security & Compliance
->Scan Policies
for the target project - Select
Edit policy project
and select the policy project (security-orchestration-policies
) that was created in step 1 and click save - Make sure the
branches
mentioned in the policy does not exist in the project wait for few minutes (>10mins) to see the scheduled scan triggered.
Example Project
Example Project: https://gitlab.com/sashi_kumar/express-demo/-/pipelines
Policy: https://gitlab.com/sashi_kumar/security-orchestration-policies/-/blob/95091152/.gitlab/security-policies/policy.yml
What is the current bug behavior?
branches
are not considered for scheduled scans.
What is the expected correct behavior?
Scheduled scans should be triggered for the branches mentioned in the policy. Wildcard should also be supported
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)