Implement migration from vulnerability into scan finding approval rules
Why are we doing this work
When the time comes for removing the existing Vulnerability-Check (i.e., %15.0) then the documentation need to clarify to the user how to transition to the new feature in two possible ways (to be decided further down the road).
This issue has the aim to finding strategies for the following scenarios:
-
Projects that contain neither a vulnerability-check rule nor a Security Policies project -
Projects that contain a vulnerability-check rule but no Security Policies project -
Projects that don't contain a vulnerability-check rule but does contain a Security Policies project -
Projects that contain both a vulnerability-check rule and a Security Policies project
Relevant links
Vulnerability-Check
Scan result policy
Spike on different approaches
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Create a new migration (considering each existing vulnerability approval rule) to perform: -
creation of orchestration project (if not present) -
creation of scan result policy (based on the existing vulnerability approval rule) -
update approval rule report_type
toscan_finding
-
-
backend Update policy commit service to support parameter branch
-
backend Update migration bot privileges to perform the required actions -
backend Use group access token when performing group/project level actions.
Edited by Zamir Martins