Use historic mode when running scheduled scan execution policies (!111877) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 391278-ensure-that-historical-scan-is-triggered-for-scheduled-scan-execution-policy into master Feb 13, 2023

What does this MR do and why?

This MR updates how we execute scheduled Scan Execution Policy with secret_detection enabled. We are setting SECRET_DETECTION_HISTORIC_SCAN to true in this case.

How to set up and validate locally

Create project
Create Scan Execution Policy (https://docs.gitlab.com/ee/user/application_security/policies/) with secret_detection scheduled to given cadence, add variables section to try to disable it SECRET_DETECTION_HISTORIC_SCAN:

---
scan_execution_policy:
- name: Enforce scheduled secret detection 
  description: ''
  enabled: true 
  rules:
  - type: schedule
    cadence: '0 10 * * *'
  actions:
  - scan: secret_detection
    variables:
      SECRET_DETECTION_HISTORIC_SCAN: 'false'

Create MR with policy update and merge it.
Wait and observe CI/CD -> Pipelines to see if scan was scheduled with SECRET_DETECTION_HISTORIC_SCAN enabled.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #391278 (closed)

Use historic mode when running scheduled scan execution policies

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports