Add comparison pipelines into policy bot comment
What does this MR do and why?
This MR adds a list of pipelines used for evaluation of scan_finding
policies into the policy bot comment.
Depends on !147830 (merged).
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
With multiple report_types:
How to set up and validate locally
- Create a project
- Enable feature flag in rails console:
Feature.enable(:save_policy_violation_data, Project.last)
- Create
.gitlab-ci.yml
:build-job: script: - echo "Compiling the code..." - echo "Compile complete."
- Go to Secure -> Policies and create a new Merge request approval policy with the following YAML:
type: approval_policy name: New scans description: '' enabled: true rules: - type: scan_finding scanners: [] vulnerabilities_allowed: 0 severity_levels: [] vulnerability_states: [] branch_type: protected actions: - type: require_approval approvals_required: 1 role_approvers: - developer
- Configure with merge request & merge
- Go back to the project and update
.gitlab-ci.yml
in a new MR, adding a container scanning template and a vulnerable image:include: - template: Jobs/Container-Scanning.gitlab-ci.yml container_scanning: variables: CS_IMAGE: 'citizenstig/dvwa:latest' build-job: script: - echo "Compiling the code..." - echo "Compile complete."
- Verify that bot comment is created and includes the comparison pipelines section
Related to #433403 (closed)
Edited by Martin Čavoj