Allow users to use _EXCLUDED_ANALYZERS variable in SEP (!144243) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 440855-do-not-exclude-excluded-analyzers-when-variable-provided into master Feb 08, 2024

What does this MR do and why?

We would like to add the ability for customers to specify _EXCLUDED_ANALYZERS variables in their Scan Execution Policies and ensure that it will be respected in enforced jobs. This way, users will have the ability to exclude the analyzer for the whole organization, although developers will not be able to disable it selectively.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create new project
Configure Scan Execution Policy for the project enforcing Dependency Scanning scans, add a variable in the policy DS_EXCLUDED_ANALYZERS: gemnasium-python and DS_EXCLUDED_PATHS: requirements.txt
Add requirements.txt and Pipfile to the repository
Run pipeline for the project and see that gemnasium-python job is not enforced and other scan was not scanning requirements.txt file

Related to #440855 (closed)

Edited Feb 09, 2024 by Alan (Maciej) Paruszewski

Allow users to use _EXCLUDED_ANALYZERS variable in SEP

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports