Ensure no breaking changes in on-demand DAST scan pipelines
Problem
As we restrict pipeline variables by default we have an internal usage of pipeline variables when creating on-demand DAST scan pipelines.
As new projects in new namespaces will have pipeline variables disabled by default, on-demand DAST pipelines will likely break.
Proposal
- Option 1: Rewrite the config not to use pipeline variables but to add variables at job level.
- Option 2: Exclude
ondemand_dast_validationpipeline source when enforcing pipeline variables permissions (since this is an internal generation of pipeline).
Edited by Fabio Pitino - PTO until Jan 1