Update security_orchestration_policy JSON schema to support SAST policies
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Why are we doing this work
To support &6586 (closed) we will need to allow SAST scans to be a valid scan action in the security orchestration policy schema.
SAST scans will use the exact same fields as secret detection, so we only need to add sast
as a possible value for the scan
property.
scan_execution_policy:
- name: SAST scan
description: description
enabled: true
rules:
- type: pipeline
branches:
- master
actions:
- scan: sast
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Add sast
as an enum for thescan
property to ee/app/validators/json_schemas/security_orchestration_policy.json -
backend Add a new test case to ee/spec/models/security/orchestration_policy_configuration_spec.rb to test that the policy validates when the scan type is sast
.
Edited by Alan (Maciej) Paruszewski