Fix `branch_exceptions` for `branch_type: protected`
requested to merge 418741-be-add-support-for-branch-exceptions-for-scan-execution-policies-and-scan-result-policies-2 into master
What does this MR do and why?
Fixes a bug in !126963 (merged) where branch_exceptions
are not correctly applied in the case of branch_type: protected
.
How to set up and validate locally
- Create a new project
- Enable the
security_policies_branch_exceptions
feature flag for the project - Create the
develop
branch based offmain
- Protect the
develop
branch - Create the following scan result policy for the project:
type: scan_result_policy
name: Container Scanning
description: ''
enabled: true
rules:
- type: scan_finding
scanners:
- container_scanning
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
branch_exceptions: [develop]
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 64024513
- Open MRs targeting
main
/develop
and verify only the MR targetingmain
requires approval
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #418741 (closed)