Skip to content

Generic script to spin up / spin down Ultimate GitLab groups/projects with security features enabled

Description

Create a script that creates a new GitLab.com group with an Ultimate license. Within the group, it should contain 4 sub-groups:

  1. Security Group
  2. Development Sub-Group A
  3. Development Sub-Group B
  4. Development Sub-Group C

Each sub-group will contain 4 projects.

One project should be fully enabled to run each scanner. It could follow the structure of the Simple Notes Demo, but ultimately it should be possible to deploy a container and successfully run DAST for example, not only SAST.

There should be an MR created that shows examples of possible scan results and security policy violations. For example:

  1. MR Example - Critical SAST Vulnerability Detected
  2. MR Example - Critical or High DAST Vulnerability Detected
  3. MR Example - Previously Detected Critical Dependency Scanning
  4. MR Example - License Violation Detected

When the test environment has been used for whatever purpose is needed, it can then be torn down, removing the top-level group and all contents within it.

Multiple users may want to use the script and create unique instances at a given time for various use cases.

Use Cases

  1. PMs, CSMs, or SAs can create a new demo instance with a clean state.
  2. PMs, EMs, or Engineers can spin up a new instance to test and validate behavior when supporting customers.
  3. UXR Researches can create instances for UXR studies.
  4. Potentially, SETs could use this as a basis for further automated E2E testing.