Spike: Investigate wildcard support for to scan result policy branches
Why are we doing this work
Currently we manage Select all
differently across Security Policies. Per this conversation, the best way to unify them is by adding wildcard support for Scan Result Policy branches.
Branches
Policy type | Field Representation | Select All | Notes |
---|---|---|---|
Scan result policies | all protected branches | branches: [] |
Wildcards are not currently supported, docs |
Scan execution policies | rule pipeline/schedule branches (not just protected) | branches: ['*'] |
Currently an empty array is not valid, docs |
Others
With select all options
- For Scan execution rule agents' namespaces, the yaml
namespaces: []
meansselect all
- For Scan execution action tags, the yaml
tags: []
meansset automatically
(more information needed on what that means) - For Scan result rule severity levels, the yaml
severity_levels: []
meansselect all
- For Scan result rule scanners, the yaml
scanners: []
meansselect all
Without select all options
- For Scan execution action scans, there is no select all option
- For Scan result rule vulnerability states, there is no select all option
- For Scan result rule license types, there is no select all option
- For Scan result rule license states, there is no select all option
- For Scan result rule approvers, there is no select all option
Relevant links
- conversation on Scan result policies, protected branches
-
conversation on Scan result policies, setting all protected branches to
branch: [all-protected]
- the SSOT, the schema, security_orchestration_policy.json
Implementation plan
-
backend determine how much work it would be and whether it would be a breaking change to implement wildcard support for Scan Result Policy branches field
-
frontend add comments in the yaml for default policies that select all branches ( branches: [] // all branches
) -
backend investigate the support of wildecards in Scan Result Policies
Verification steps
Edited by Alexander Turinske