Add filtering security policies to return only inherited policies (!90242) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 345323-add-filtering-policies-by-inherited-only into master Jun 15, 2022

What does this MR do and why?

How to set up and validate locally

Create new Group
Create new Subgroup within created Group
Create new Project within created Project
For each Group, Subgroup and Project go to Security & Compliance -> Policies and create new Policy for each of them:

type: scan_execution_policy
name: Enable SAST for Group/Subgroup/Project
description: ''
enabled: true
rules:
  - type: pipeline
    branches:
      - '*'
actions:
  - scan: sast

Go to GraphQL Explorer (/-/graphql-explorer), use this query (and similar for other Project/Group/Subgroup):

query {
  group(fullPath: "gitlab-org/protect/demos/sandbox/policies-for-group/policies-for-subgroup") {
    scanExecutionPolicies(relationship: INHERITED_ONLY) {
      nodes {
        name
        source {
          ... on GroupSecurityPolicySource {
            inherited
          }
        }
      }
    }
  }
}

You should see only inherited policies.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Add filtering security policies to return only inherited policies

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports