Unable to run DAST on-demand for projects with compliance framework configured
Summary
DAST on-demand scan doesn't work for projects that have compliance framework configured.
Steps to reproduce
- Create a test group with Ultimate license attached to it (
group
). - Create a project under the same group where you would like to run on-demand DAST jobs (
group/dast-project
). - Configure on-demand scan there and run it. The dast job gets created as expected at this stage.
- Configure a Compliance framework project (
group/compliance-project
) with Example configuration file. - Create a compliance framework for the group pointing to the configuration file we configured in previous step.
-
Add a compliance framework to
group/dast-project
project. - Create
.gitlab-ci.yml
file ingroup/dast-project
project to avoid errors:
stages:
- build
build-job:
stage: build
script:
- echo "Compiling the code..."
- Try to trigger on-demand DAST job again. You will only get
build-job
and the jobs configured by compliance frameworkgroup/compliance-project
, but no DAST jobs show up.
Example Project
- DAST on-demand pipeline before enabling compliance framework: https://gitlab.com/gl-demo-ultimate-khrechyshkina/tickets/zd498648-dast-project/-/pipelines/1167831607
- DAST on-demand pipeline after enabling compliance framework: https://gitlab.com/gl-demo-ultimate-khrechyshkina/tickets/zd498648-dast-project/-/pipelines/1167842896
- Compliance framework configuration file: https://gitlab.com/gl-demo-ultimate-khrechyshkina/tickets/zd498648-compliance-project/-/blob/main/.compliance-gitlab-ci.yml?ref_type=heads
What is the current bug behavior?
No dast jobs triggered for on-damand pipelines.
What is the expected correct behavior?
On-demand dast pipeline for a project that has a compliance framework assigned should include dast job. I would think that we will also want compliance jobs to be added to these pipelines.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Possible fixes
Edited by Kate Grechishkina