Security scanner controls do not require a successful pipeline

Nate Rosandichrequested to merge
nrosandich-master-patch-8275 into master

Summary

Update compliance framework documentation to reflect that security scanner controls now show success/failure based on scan completion, regardless of overall pipeline status.

Changes

Removes "Requires a successful pipeline run." from the following security scanner controls:

  • API security running
  • Code quality running
  • Container scanning running
  • DAST running
  • Dependency scanning running
  • Fuzz testing running
  • IaC scanning running
  • License compliance running
  • SAST running
  • Secret detection running

References

Compliance controls should show success/failed ... (#579849)

Release post for Compliance controls should sho... (gitlab-com/www-gitlab-com!142040 - merged)

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Nate Rosandich

Merge request reports