SPIKE - Investigate default criteria yaml and rule mode UI
Summary
With the addition of several new criteria, there have been some inconsistent behavior regarding:
- which criteria appear in the yaml by default
- which criteria appear in Rule Mode by default
Looking at the schema, some criteria that have been added are not required. If they are not required, should they be added to the yaml and/or rule mode by default?
I would like to create a consistent behavior, especially with the addition of Age and Attribute as part of Additional Filtering for Scan Result Policies (&6826 - closed)
Scan Execution Policy - Actions
Yaml - Default
actions:
- scan: dast
tags: []
site_profile: production
scanner_profile: ''-
tagsare included- it seems wrong that non-required criteria would show up in the yaml by default~~
-
TODO:: since
tags: []is the same as not including it, remove it from the default yaml
-
variablesare not included and not required-
✅ it seems right that non-required criteria would not show up in the yaml by default
-
Rule Mode - Default
-
tagscriteria UI does not appearit seems right that the UI for non-required criteria would not show by default-
TODO: it should show by default with
selected automaticallyselected
-
variablecriteria UI does not appear-
✅ it seems right that the UI for non-required criteria would not show by default
-
Yaml - All criteria
actions:
- scan: dast
tags: []
site_profile: production
scanner_profile: ''
variables:
'': ''Rule Mode - All criteria
Scan Result Policy - Security Scan Rules
Yaml - Default
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected- all the above properties are required,
-
✅ it seems right that required criteria would show up in the yaml by default
-
Rule Mode - Default
- none of the required property criteria UI appear (severity and status)
- it seems wrong that the UI for required criteria would not show by default
-
TODO:
severity_level: []is the same as all of the severities selected, so all of them should be selected -
TODO:
vulnerability_states: []is the same asvulnerability_states: ['new_needs_triage'](verify), so show a status filter with that selected
Scan Result Policy - License Scan Rules
Yaml - Default
rules:
- type: license_finding
match_on_inclusion: true
license_types: []
license_states: []
branch_type: protected- all the above properties are required
-
✅ it seems right that required criteria would show up in the yaml by default
-
Rule Mode - Default
- all of the required property criteria UI appear
-
✅ it seems right that the UI for required criteria would show by default
-
Steps to reproduce
- Upload a GitLab Ultimate
- Navigate to a project/group => Secure => Policies => New policy => Select policy type
- View policy editor page
Example Project
Agreed upon solution
-
frontend tags criteria UI should show by default with selected automaticallyselected,tagsshould not be in the yaml. If a user selectsselected automatically, the yaml should update to not includetagsortags: automaticallyif/onceautomaticallyis a valid option -
frontend by default the policy runs for all severity levels, so severity_levels: []is the same as all of the severities selected, so the scanners criteria should show with all of them should be selected by default andseverity_levelsnot included in the yaml. If a user selects all or de-selects all, thenseverity_levelsshould not show or should showseverity_levels: allif/once `all is a valid option -
frontend vulnerability_states: []is the same asvulnerability_states: ['newly_detected'], so the status UI should show with those selected by default
Edited by Alexander Turinske