Handling of default enforced variables for pipeline execution policies

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Problem to solve

In scan execution policies, we hardcode the following values for the following variables to ensure scanners properly run in downstream projects.

DS_EXCLUDED_PATHS: spec, test, tests, tmp
SAST_EXCLUDED_PATHS: spec, test, tests, tmp
SECRET_DETECTION_EXCLUDED_PATHS: ''
SECRET_DETECTION_HISTORIC_SCAN: false
SAST_EXCLUDED_ANALYZERS: ''
DS_EXCLUDED_ANALYZERS: ''

In pipeline execution policies, we do not yet include this logic.

Within this issue we can explore how best to handle variables in these scenarios.

In !152185 (comment 1918479854), we also considered some more flexible options for users to define the variables that are locked.

Intended users

User experience goal

Proposal

Further details

Permissions and Security

Documentation

Availability & Testing

Available Tier

Feature Usage Metrics

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

What is the competitive advantage or differentiation for this feature?

Links / references