Add validation to check if branches are valid for security policy
What does this MR do and why?
We're adding new validation to check if provided branches exists for selected project. In this MR we're adding new service to perform this validation that cannot be checked with JSON Schema validator.
We're also moving parts of validation that were introduced in ProcessPolicyService
to new validator to keep them in one place, in ProcessPolicyService
we're leaving validation that is related to the commit process, new validation service (ValidatePolicyService
) is designed to validate single policy correctness.
Screenshots or screen recordings
How to set up and validate locally
- Create new project
- Go to Security & Compliance -> Policies
- Click on
New policy
- Change policy type to
Scan Execution
- Use policy to check if validation works:
a.
type: invalid_type
name: 'Test'
description: ''
enabled: true
rules:
- type: pipeline
branches:
- main
actions:
- scan: dast
site_profile: ''
scanner_profile: ''
b.
type: scan_execution_policy
name: 'Test'
description: ''
enabled: true
rules:
- type: pipeline
branches: []
actions:
- scan: dast
site_profile: ''
scanner_profile: ''
c.
type: scan_execution_policy
name: 'Test'
description: ''
enabled: true
rules:
- type: pipeline
branches:
- invalid_branch
actions:
- scan: dast
site_profile: ''
scanner_profile: ''
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #339751 (closed)
Edited by Alan (Maciej) Paruszewski