Update `RuleScheduleService` to process rules for `sast` scan type

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Why are we doing this work

We are implementing support for SAST policies in &6586 (closed).

To do this, we need to update RuleScheduleService so that it can process rules for SAST policies.

This issue will also cover documentation for the feature.

Relevant links

Non-functional requirements

  • Documentation: Document the sast scan type in the security orchestration policies documentation
  • Feature flag:
  • Performance:
  • Testing:

Implementation plan

  • documentation Document the sast scan type in doc/user/application_security/policies/index.md

  • backend Update ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb to process actions for SAST. This is likely a 1-line change.

    diff --git a/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb b/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb
index fd0b9248dd5..97cafcad89f 100644
--- a/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb
@@ -21,7 +21,7 @@ def actions_for(schedule)

      def process_action(action, schedule, branches)
        case action[:scan].to_s
-       when 'secret_detection' then schedule_scan(action, branches)
+       when 'secret_detection', 'sast' then schedule_scan(action, branches)
        when 'container_scanning' then schedule_container_scanning_scan(action, schedule, branches)
        when 'cluster_image_scanning' then schedule_cluster_image_scanning_scan(action, schedule)
        when 'dast' then schedule_dast_on_demand_scan(action, branches)

  • backend Add a new test case for the sast scan type to ee/spec/services/security/security_orchestration_policies/rule_schedule_service_spec.rb

Edited by Alan (Maciej) Paruszewski