Simplify logic to exclude rules in Scan Execution Policies
What does this MR do and why?
This MR simplifies the logic that was used previously to remove rules that potentially could disable selected scans in jobs enforced by Security Policies. As we have modified how variables are working with Scan Execution Policies, we can now simplify that logic by removing the code responsible for it. At the same time we can remove previously added feature flag that handled that.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create new Project
- Create new Scan Execution Policy (Secure -> Policies -> Create new -> Select Scan Execution Policy)
- Select SAST/DS/Secret Detection and SAST IaC.
- Prepare project that would allow you to test it all (add Gemfile, some random *.rb file, file with some secret)
- By manipulating these variables on Project/Group level, etc., try to disable selected jobs:
SECRET_DETECTION_HISTORIC_SCANSECRET_DETECTION_EXCLUDED_PATHSDS_EXCLUDED_PATHSDS_EXCLUDED_ANALYZERSDEFAULT_SAST_EXCLUDED_PATHSSAST_EXCLUDED_PATHSSAST_EXCLUDED_ANALYZERSSAST_EXCLUDED_PATHSSAST_EXCLUDED_ANALYZERS
- Try to set same variables on policy level -> this should allow you to manage jobs normally.
Related to #479820
Edited by Alan (Maciej) Paruszewski