Draft: Validate maximum SEP action count (!146760) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge andyschoenen/limit-number-of-scan-execution-policy-actions into master Mar 06, 2024

What does this MR do and why?

Introduces:

an application setting that controls the maximum number of actions per scan execution policy.
a policy validation that uses the setting

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create a project
On the level left sidebar, select Security & Compliance and Policies
Select New Policy
Select Scan execution policy
Switch to .yaml mode.

Paste the following policy

type: scan_execution_policy
name: test
description: ''
enabled: true
rules:
  - type: pipeline
    branches:
      - '*'
actions:
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection
  - scan: secret_detection

Select Configure with a merge request
This should fail with "Policy exceeds the number of 10 allowed actions"

Related to #472213

Edited Jul 12, 2024 by Dominic Bauer

Draft: Validate maximum SEP action count

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports