Use historic mode when running scheduled scan execution policies
requested to merge 391278-ensure-that-historical-scan-is-triggered-for-scheduled-scan-execution-policy into master
What does this MR do and why?
This MR updates how we execute scheduled Scan Execution Policy with secret_detection
enabled. We are setting SECRET_DETECTION_HISTORIC_SCAN
to true
in this case.
How to set up and validate locally
- Create project
- Create Scan Execution Policy (https://docs.gitlab.com/ee/user/application_security/policies/) with
secret_detection
scheduled to givencadence
, addvariables
section to try to disable itSECRET_DETECTION_HISTORIC_SCAN
:
---
scan_execution_policy:
- name: Enforce scheduled secret detection
description: ''
enabled: true
rules:
- type: schedule
cadence: '0 10 * * *'
actions:
- scan: secret_detection
variables:
SECRET_DETECTION_HISTORIC_SCAN: 'false'
- Create MR with policy update and merge it.
- Wait and observe
CI/CD -> Pipelines
to see if scan was scheduled withSECRET_DETECTION_HISTORIC_SCAN
enabled.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #391278 (closed)