Spike: Investigate options for reducing or removing the 10 minute policy time delay
Proposal
-
Investigate whether it would be possible to reduce the 10 minute schedule for applying security policies. How low can we go here without causing problems? 1 minute? 10 seconds? 1 second? -
Investigate whether some sort of commit hook would be a feasible alternative to running a scheduled job so policy changes can be applied in real time.
Possible strategy
One option is to trigger rules creation for each project associated to the orchestration project at the time where the MR is merged (into orchestration project default branch).
At this time, this would only be applicable to scan result policies and does not cover the case where the user commit directly to the default branch.
This approach would also reduce the amount of security orchestration configuration records to be processed by the existing worker.
Edited by Zamir Martins