Skip to content

FE: Add CI variable filter

Why are we doing this work

  • users want to be able to add the appropriate CI variables for scan execution policies

Relevant links

  • see epic

Implementation plan

  • frontend create CI variable filter
    • conditionally show variables in dropdown based on scan type selected (see lists below)
    • use a GlCollapsibleListbox and the action Use a custom key changes the dropdown to an input box
Dependency Scanning 
| ADDITIONAL_CA_CERT_BUNDLE |
| DS_EXCLUDED_ANALYZERS     | 
| DS_EXCLUDED_PATHS         | 
| DS_IMAGE_SUFFIX           | 
| DS_MAX_DEPTH              | num |
| SECURE_ANALYZERS_PREFIX   |
| SECURE_LOG_LEVEL          |  From highest to lowest severity, the logging levels are: fatal, error, warn, info, debug |
Sast 
| SECURE_ANALYZERS_PREFIX |
| SAST_EXCLUDED_ANALYZERS |
| SAST_ANALYZER_IMAGE_TAG |
| SAST_IMAGE_SUFFIX       | 
SAST_RULESET_GIT_REFERENCE
Secret Detection 
SECRET_DETECTION_EXCLUDED_PATHS
SECRET_DETECTION_HISTORIC_SCAN | boolean |
SECRET_DETECTION_IMAGE_SUFFIX
SECRET_DETECTION_LOG_OPTIONS   
SECRET_DETECTION_GIT_REFERENCE
Container Scanning 
| ADDITIONAL_CA_CERT_BUNDLE              |
| CI_APPLICATION_REPOSITORY              |
| CI_APPLICATION_TAG                     |
| CS_ANALYZER_IMAGE                      |
| CS_DEFAULT_BRANCH_IMAGE                |
| CS_DISABLE_DEPENDENCY_LIST             |
| CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN |
| CS_DOCKER_INSECURE                     |
| CS_IMAGE_SUFFIX                        |
| CS_IGNORE_UNFIXED                      |
| CS_REGISTRY_INSECURE                   |
| CS_SEVERITY_THRESHOLD                  | Supported levels are UNKNOWN, LOW, MEDIUM, HIGH, and CRITICAL. |
| CS_IMAGE                               |
| CS_REGISTRY_PASSWORD                   |
| CS_REGISTRY_USER                       |                                                                                                                                                        
| CS_DOCKERFILE_PATH                     |
| CS_QUIET                               |
| SECURE_LOG_LEVEL | the logging levels are: fatal, error, warn, info, debug |
SAST IaC 
| SAST_IMAGE_SUFFIX |
| SAST_ANALYZER_IMAGE_TAG |
| SECURE_LOG_LEVEL |
Dast 
| `DAST_ADVERTISE_SCAN`                       | boolean |
| `DAST_BROWSER_ACTION_STABILITY_TIMEOUT`     | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_ACTION_TIMEOUT`               | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_ALLOWED_HOSTS`                | List of strings |
| `DAST_BROWSER_COOKIES`                      | dictionary |
| `DAST_BROWSER_CRAWL_GRAPH`                  | boolean |
| `DAST_BROWSER_CRAWL_TIMEOUT`                | [Duration string](https://pkg.go.dev/time#ParseDuration) | 
| `DAST_BROWSER_DEVTOOLS_LOG`                 | string  |
| `DAST_BROWSER_DOM_READY_AFTER_TIMEOUT`      | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_ELEMENT_TIMEOUT`              | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_EXCLUDED_ELEMENTS`            | selector |
| `DAST_BROWSER_EXCLUDED_HOSTS`               | List of strings  |
| `DAST_BROWSER_EXTRACT_ELEMENT_TIMEOUT`      | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_FILE_LOG`                     | List of strings |
| `DAST_BROWSER_FILE_LOG_PATH`                | string |
| `DAST_BROWSER_IGNORED_HOSTS`                | List of strings |
| `DAST_BROWSER_INCLUDE_ONLY_RULES`           | List of strings |
| `DAST_BROWSER_LOG`                          | List of strings |
| `DAST_BROWSER_LOG_CHROMIUM_OUTPUT`          | boolean  |
| `DAST_BROWSER_MAX_ACTIONS`                  | number |
| `DAST_BROWSER_MAX_DEPTH`                    | number |
| `DAST_BROWSER_MAX_RESPONSE_SIZE_MB`         | number  |
| `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_NAVIGATION_TIMEOUT`           | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_NUMBER_OF_BROWSERS`           | number  |
| `DAST_BROWSER_PAGE_LOADING_SELECTOR`        | selector  |
| `DAST_BROWSER_PAGE_READY_SELECTOR`          | selector |
| `DAST_BROWSER_PASSIVE_CHECK_WORKERS`        | int  |
| `DAST_BROWSER_SCAN`                         | boolean  |
| `DAST_BROWSER_SEARCH_ELEMENT_TIMEOUT`       | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_BROWSER_STABILITY_TIMEOUT`            | [Duration string](https://pkg.go.dev/time#ParseDuration) |
| `DAST_EXCLUDE_RULES`                        | string   |
| `DAST_EXCLUDE_URLS`                         | URLs |   
| `DAST_FF_ENABLE_BAS`                        | boolean |
| `DAST_FULL_SCAN_ENABLED`                    | boolean  |
| `DAST_PATHS`                                | string   |
| `DAST_PATHS_FILE`                           | string |
| `DAST_PKCS12_CERTIFICATE_BASE64`            | string |
| `DAST_PKCS12_PASSWORD`                      | string |
| `DAST_REQUEST_HEADERS`                      | string  |
| `DAST_SKIP_TARGET_CHECK`                    | boolean |
| `DAST_TARGET_AVAILABILITY_TIMEOUT`          | number |
| `DAST_WEBSITE`                              | URL |
| `SECURE_ANALYZERS_PREFIX`                   | URL |

Verification steps

Edited by Alexander Turinske