For Security testing Compliance Requirements, clearly referring to the "default project pipeline" instead of previous generic "project pipelines"
What does this MR do and why?
In the compliance frameworks, the compliance requirements for SAST, DAST, secret detection, and other security scanning capabilities are evaluated against the project’s default pipeline, not project pipelines, as currently stated in the documentation.
References
Screenshots or screen recordings
| Before | After |
|---|---|
| Ensures that Static Application Security Testing (SAST) is configured and running in the project pipelines. | Ensures that Static Application Security Testing (SAST) is configured and running in the project default pipeline. |
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.