Add more flexibility in Security Policies rules (Policy scope)

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Currently, Scan execution policy scope allows to apply a policy based on project or group.

However, this might require a lot of manual actions adding specific projects when they need to be excluded for the policy.

Proposal

Add more granularity to the rules section of the policies similar to Gitlab CI syntax.

In one example, customer needs to disable Container Scanning job for the projects that don't build any containers.

The rules from regular CI/CD workflow would enable that:

rules:
    - exists:
      - Dockerfile

Related issue: #509316