Security Policies exclude or wildcards
Release notes
Problem to solve
Security Policies can be applied to groups or projects.
You either go BULK or Detailed.
There's no middle ground, e.g. wildcard support or exclude path
Proposal
- Security Policies can be overridden on some specific leaf projects/subgroups
- Security Policies can be specified to be applied/not applied on specific projects when set to group by using project name wildcards, topic selection, custom rulesets, ...
Basically, in addition to be able to specify Security Policies on each projects, allow customers to bulk assign policies by assigning it to group(s) and then allow customers to specify variations to it, possibly allowing exceptions to be specified by ENV Variables, Projects Names, Project Topics, ...
Intended users
- Priyanka, Platform Engineer
- Sidney, Systems Administrator
- Amy, Application Security Engineer
- Cameron, Compliance Manage
Feature Usage Metrics
Does this feature require an audit event?
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.