Remove match_on_inclusion from scan_result_policies
What does this MR do and why?
This MR removes the support for match_on_inclusion
on scan_result_policies
as suggested in this comment.
Related to #424513 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create a new project
- Add a .gitlab-ci.yml file with the content
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
- Add a new member to the project with developer access
- Go to Secure > Policies
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: Deny MIT
enabled: true
rules:
- type: license_finding
match_on_inclusion_license: true
license_types:
- MIT License
license_states:
- newly_detected
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
- Click on Configure with a merge request
- Merge the new MR to add the policy
- Go back to Secure > Policies and verify the new policy is visible
- Create a new MR adding a
Gemfile.lock
file with the following content:
GEM
remote: https://rubygems.org/
specs:
rack (3.0.4.1)
PLATFORMS
arm64-darwin-22
DEPENDENCIES
rack
BUNDLED WITH
2.4.22
- Verify the policy blocked the merge
Merge request reports
Activity
changed milestone to %17.0
added backend devopsgovern groupsecurity policies sectionsec typemaintenance labels
assigned to @mc_rocha
added Category:Security Policy Management label
- A deleted user
added Architecture Evolution Blueprint documentation labels
3 Messages 📖 This merge request might require a review from a Coach Engineer. 📖 This MR contains docs in the /doc/architecture directory, but any Maintainer (other than the author) can merge. You do not need tech writer review. 📖 This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Architecture Evolution Review
This merge request might require a review from a Coach Engineer.
The following files, which might require the additional review, have been changed:
doc/architecture/blueprints/security_policies_database_read_model/index.md
Documentation review
The following files require a review from a technical writer:
-
doc/user/application_security/policies/scan-result-policies.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Category Reviewer Maintainer backend @zmartins
(UTC+2, 6 hours ahead of author)
@tkuah
(UTC+12, 16 hours ahead of author)
Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
🔁 danger-review
job that generated this comment.Generated by
🚫 DangerE2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
✅ test report for 415168f0expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Verify | 35 | 0 | 1 | 0 | 36 | ✅ | | Data Stores | 31 | 0 | 0 | 0 | 31 | ✅ | | Create | 96 | 0 | 9 | 0 | 105 | ✅ | | Plan | 51 | 0 | 2 | 0 | 53 | ✅ | | Manage | 0 | 0 | 1 | 0 | 1 | ➖ | | Govern | 66 | 0 | 0 | 0 | 66 | ✅ | | Package | 24 | 0 | 6 | 0 | 30 | ✅ | | Monitor | 7 | 0 | 0 | 0 | 7 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Release | 5 | 0 | 0 | 0 | 5 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 317 | 0 | 19 | 0 | 336 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-package-and-test:
✅ test report for 415168f0expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 300 | 0 | 13 | 5 | 313 | ✅ | | Create | 182 | 0 | 21 | 0 | 203 | ✅ | | Package | 6 | 0 | 8 | 0 | 14 | ✅ | | Verify | 18 | 0 | 0 | 0 | 18 | ✅ | | Data Stores | 22 | 0 | 0 | 0 | 22 | ✅ | | Plan | 44 | 0 | 4 | 0 | 48 | ✅ | | Monitor | 8 | 0 | 0 | 0 | 8 | ✅ | | Release | 2 | 0 | 0 | 0 | 2 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 582 | 0 | 46 | 5 | 628 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
- Resolved by Vitali Tatarintev
requested review from @mcavoj
- Resolved by Vitali Tatarintev
- Resolved by Martin Čavoj
removed review request for @mcavoj
added 251 commits
-
7d60181b...1383748a - 249 commits from branch
master
- a5e79d38 - Remove support for match_on_inclusion
- f0b31bdf - Remove support for match_on_inclusion
-
7d60181b...1383748a - 249 commits from branch
requested review from @mcavoj