Only run scheduled scan execution policies when changes have occurred

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Scan execution policies have been expanded to allow for more granular control to meet criteria on when to run. This includes only running a scheduled scan execution policy when changes have been made to a project.

Problem to solve

A Large Self-Managed Customer enjoys using scan execution policies, but wants flexibility such as not running a scheduled pipeline when not needed, such as when there has been no activity or change on a project (no commits in X hours or X amount of days).

Proposal

Modify the scheduled rule type to include a new, optional field that permits a scheduled pipeline to not run if no changes have occurred since the last scan execution policy, or set by a predefined period of time by the user.

Intended users

Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.

• Amy (Application Security Engineer)
• Alex (Security Operations Engineer)