Adding Scan Result Policy to projects that do not have pipelines now raises security Violation and prevents merging

Summary

After some recent changes it appears that when adding a Scan Results Policy you will receive policy violation bot messages on Merge Requests when there is no pipeline specified for the project.

This includes the MR used to make changes to the Scan Result Policy (Policy Project).

Steps to reproduce

1. Create a Group
2. Create a project
3. Apply a Scan Result Policy to the Group
4. After the policy is created attempt to modify the policy
5. Try to create a branch and merge request on the project with no pipeline.

Example Project

Several Groups/project exist under this Group:

• https://gitlab.com/cmarais_ultimate_group/ticket_work/492763_scan_bot_violations

Specifically:

• https://gitlab.com/cmarais_ultimate_group/ticket_work/492763_scan_bot_violations/basic_policy/scan_policy_2/scan_policy_2-security-policy-project/-/merge_requests/2

What is the current bug behavior?

Scan Execution policy raise a policy violation and require security approval on projects where there is no pipeline specified.

What is the expected correct behavior?

No violation should be raised for projects without a pipeline as was previously.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Possible fixes