Add default time window for SEP and warn about implications of no window

Alan (Maciej) Paruszewskirequested to merge
warn-about-no-time-window-in-scheduled-sep into master

What does this MR do and why?

This MR improves the Scan Execution Policy (SEP) scheduled rule configuration by adding a default time window and warning users about the implications of not setting one.

Changes implemented:

  1. Default time window: New scheduled rules now include a default 6-hour (21,600 seconds) random distribution time window to help distribute scan load across runner infrastructure
  2. Warning alert: Added a non-dismissible warning banner when time window is not configured, explaining the benefits of setting a time window for scheduled scans
  3. Updated example: Changed the example policy time window from 10 hours to 6 hours to align with the new default

Why these changes matter:

Without a time window, all scheduled scans trigger at the exact same time, which can overwhelm runner infrastructure. The time window distributes scan execution randomly within the specified period, reducing infrastructure load and improving reliability.

Changelog: changed EE: true

Screenshots or screen recordings

Screenshot_2025-12-02_at_14.22.04

How to set up and validate locally

  1. Navigate to Security & Compliance > Policies in any project
  2. Create a new Scan Execution Policy with a scheduled rule
  3. Verify the time window is pre-populated with 6 hours
  4. Edit an existing policy that has no time window configured
  5. Verify the warning banner appears explaining the importance of setting a time window

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alan (Maciej) Paruszewski

Merge request reports