Add support for setting CI variables in Security Policies (!75735) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 346963-add-support-for-adding-variables-for-policies into master Dec 02, 2021

What does this MR do and why?

To add ability to specify environment variables for jobs enforced with policies we are adding changes in this MR.

How to set up and validate locally

Create a new project (ie. import https://github.com/digininja/DVWA), add simple gitlab-ci.yml file to run only shell script: echo "Test".
Create a Policy for that project (go to Security & Compliance -> Policies -> Add new -> select Policy Execution type)
Add new policy with variables added:

name: SAST scan
description: description
enabled: true
rules:
- type: pipeline
  branches:
  - main
actions:
- scan: sast
  variables:
    SAST_EXCLUDED_ANALYZERS: semgrep

Run pipeline for your project. You should see that semgrep-sast job was not added to you pipeline.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #346963 (closed)

Edited Dec 02, 2021 by Alan (Maciej) Paruszewski

Add support for setting CI variables in Security Policies

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports