Fix scan execution policy without ci file (!143979) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge 434321-fix-scan-execution-policy-does-not-trigger-without-ci-file into master Feb 06, 2024

What does this MR do and why?

This fixes running scan execution policy jobs even if the project does not have a .gitlab-ci.yml file. The bug is described in more detail here: #434321 (comment 1757766354)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create a project without a .gitlab-ci.yml file
On the left sidebar, select Security & Compliance and Policies
Select New Policy
Select Scan execution policy

Switch to .yaml mode and paste the following policy:

type: scan_execution_policy
name: test
description: ''
enabled: true
rules:
  - type: pipeline
    branch_type: all
actions:
  - scan: secret_detection

Select configure with a merge request and merge the MR.
Go back to the initial project. You should now be able to start a pipeline

Related to #434321 (closed)

Fix scan execution policy without ci file

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports