Skip to content

Ignore default before and after_script for Scan Execution Policies

Alan (Maciej) Paruszewskirequested to merge
472663-ignore-default-before-after-script-in-sep into master

What does this MR do and why?

This MR solves problem when default.before_script or default.after_script is configured in the project and it causes failures for scans enforced by scan execution policies.

Kapture_2024-07-16_at_10.52.31

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create new project
  2. Add gitlab-ci.yml file with default.before_script and default.after_script set to - exit 1
  3. Create new Policy (Secure -> Policies -> Create new -> Scan Execution Policy) and select secret_detection scan
  4. Run pipeline in your project
  5. before_script and after_script should not interrupt execution of the policy

Related to #472663 (closed)

Edited by Alan (Maciej) Paruszewski

Merge request reports