Skip to content

Merge request for secure analyzers does not add stage if needed

Problem

When using Security & Compliance > Configure and adding an analyzer via merge request, the merge requests assumes that the required stage is already defined. This is not a problem if the customer is using the default stages associated with GitLab and has not overridden them. However, if the customer has overwritten the stages, the merge request creates a broken pipeline.

In the below screenshot, the new code did not work because it lacked a stage, and generated the following error. Configure_SAST_IaC_in___gitlab-ci_yml___creating_this_file_if_it_does_not_already_exist___2____Merge_requests___Seth_Berger___Autoupdate_TEst___GitLab

Pipeline___Seth_Berger___Autoupdate_TEst___GitLab

Proposal

The Merge request tool should examine if the required stage is already in the users gitlab-ci.yml file. If the stage is not, the stage should be added in commented out code, so that the user knows what needs to be added.