Limit scan execution policy pipeline `actions` (!186854) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Limits the number of actions per scan execution policy of type: pipeline.

References

How to set up and validate locally

Ensure the feature flag is disabled:

echo "Feature.disable(:scan_execution_policy_action_limit)" | rails c

Create a new project and commit the following .gitlab-ci.yml:

foo:
  stage: test
  script: exit 0

Navigate to Secure > Policies and create the following scan execution policy:

scan_execution_policy:
  - name: Test policy
    enabled: true
    rules:
      - type: pipeline
        branch_type: default
    actions:
      - scan: secret_detection
      - scan: container_scanning

Set the application setting to 1:

curl -sX PUT -H "PRIVATE-TOKEN: $GITLAB_TOKEN" "http://gdk.test:3000/api/v4/application/settings?scan_execution_policies_action_limit=1"

Enable the feature flag:

echo "Feature.enable(:scan_execution_policy_action_limit)" | rails c

Navigate to Build > Pipelines, run a pipeline for the main branch, and verify that the resulting pipeline has only two jobs, foo and secret-detection-0.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #472214 (closed)

Edited Apr 03, 2025 by Dominic Bauer

Limit scan execution policy pipeline `actions`

What does this MR do and why?

References

How to set up and validate locally

MR acceptance checklist

Merge request reports