Augment rule blocks in Dynamic Analysis Analyzers
Problem to solve
As a security analyzer user, I want to augment (not override) the rules:
blocks in GitLab's vendored CI templates for:
-
DAST -
API Security Testing (formerly DAST API) -
API Fuzzing
so that I can customize which branches the analyzers run on, avoid tagged commits, etc.
Because this isn't possible today, I create a custom template that includes:
GitLab's vendored tmeplate, and I must copy-past rules from my existing template. I need a more elegant way to extend the CI job's rules.
Proposal
- Create a standard yaml alias/include etc to allow for projects/groups to augment the CI rules logic applied to a secure job
- Have all secure analyzers adopt CI Components
Edited by Sara Meadzinger