Backfill pipeline execution policy enforced scans (!181995) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Backfill pipeline execution policy enforced scans.

Depends on Backfill pipeline execution policy config links (!181151 - merged).

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

PEP config links are backfilled by !181151 (merged).

How to set up and validate locally

Create a project and a pipeline execution policy which includes any scanner template. For example:
```
include:
  - template: Jobs/Secret-Detection.gitlab-ci.yml
```
In rails console, it should create the Security::Policy with metadata populated: enforced_scans: ['secret_detection']

Remove this data to simulate an old policy which didn't have this data:

Security::Policy.type_pipeline_execution_policy.update_all(metadata: {})

Checkout this branch and run the background migration (/admin/background_migrations)
Verify that the pipeline execution policy metadata was populated
```
Security::Policy.type_pipeline_execution_policy.last.metadata
```

Related to #498624 (closed)

Edited Feb 20, 2025 by Martin Cavoj

Backfill pipeline execution policy enforced scans

What does this MR do and why?

References

How to set up and validate locally

Merge request reports