Skip to content

Make actions optional for scan result policies

Marcos Rocha requested to merge mc_rocha-make-actions-optional-421920 into master

What does this MR do and why?

This MR updates make actions optional for scan_result_policy, as long approval_settings is provided

This change will allow the creation of policies without requiring approvals when we only want to override project approval settings.

Screenshots or screen recordings

Policy without actions

Screenshot_2023-09-13_at_5.22.12_PM

Error message when neither approval_settings or actions is provided.

Screenshot_2023-09-13_at_12.49.12_PM

How to set up and validate locally

  1. Create a new project
  2. Go to Secure > Policies.
  3. Click on New Policy.
  4. Select Scan result policy.
  5. Change to yaml mode and copy the yaml content below:
type: scan_result_policy
name: test policy without actions
description: ''
enabled: true
rules:
  - type: scan_finding
    branches: []
    scanners:
      - container_scanning
    vulnerabilities_allowed: 0
    severity_levels:
      - high
    vulnerability_states: []
approval_settings:
  prevent_approval_by_author: true
  1. Verify the policy can be saved, loaded in the table and the policy drawer
  2. Edit the policy and remove the approval_settings
  3. Verify that a policy without the approval_settings and actions can not be saved

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Marcos Rocha

Merge request reports