Skip to content

Add deprecation warning for `custom` Scan execution policy action

Why are we doing this work

The security policy pipeline execution action experiment was ended and the related code was removed in %17.3. We don't want to invalidate all policies that used this action, so we cannot remove it from the schema yet.

We should add a deprecation notice for policies using this action and show a banner with a link to the Pipeline execution policy documentation.

We can remove the action from the schema in %18.0.

Note: we should show a different banner than the one on the screenshot, a specific one to the custom scan action type.

Relevant links

Non-functional requirements

  • Documentation:
  • Feature flag:
  • Performance:
  • Testing:

Implementation plan

  • backend Extend ee/lib/security/scan_result_policies/deprecated_properties_checker.rb to account for the custom scan action
  • backend Add deprecated_properties field to GQL ScanExecutionPolicyType
  • frontend Parse deprecatedProperties from frontend for Scan execution policies
  • frontend Add a new banner with a link to PEP documentation and show it if the new deprecated property is found

Verification steps

  1. Create a project
  2. Go to Secure -> Policies and create a new Scan execution policy and use the following YAML:
    type: scan_execution_policy
    name: Custom CI
    description: ''
    enabled: true
    rules:
      - type: pipeline
        branch_type: all
    actions:
      - scan: custom
        ci_configuration: |
          custom_job:
            script:
              - echo "Custom job!"
  3. Go back to the policies list and verify that the policy has a deprecation icon and a banner is shown
Edited by Martin Čavoj