Update scan-execution-policies.md for agents

What does this MR do and why?

Update the example security policies to show the use of the agents option

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

assigned to @aturinske

Can someone from @gitlab-org/protect/container-security-backend verify this is correct? Thanks

@mparuszewski, does your mean it's correct? I don't know the answer

@thiagocsf It is correct, as far as I know this is not currently supported by agent, however this is a valid JSON that is valid according to JSON Schema. We need to wait for Extend Scheduled Scan Execution Policy to enfor... (#341358 - closed) to have this implemented and working.

If the work to support agents is not merged yet, I am surprised then that our docs already say we support it as a Schedule option. Is that weird?

It is weird. #341358 (closed) just got unblocked, which, to my understanding, is what introduces the agents property.

But !87424 (merged), which added agents, says that #362188 (closed) is what made it work.

@gitlab-org/protect/container-security-backend, more help please - are our docs wrong?

@thiagocsf agents is a valid keyword for the policies, it just doesn't do anything yet until #341358 (closed) is complete. We could remove it from the docs until #341358 (closed) is done

Okay, I think the best course of action is

1. Merge this MR because it will at least remove the invalid sample policy
2. Create and merge a second MR that removes any reference to agents because while it is valid, it would be confusing to users that it doesn't do anything
3. Revert the second MR when Extend Scheduled Scan Execution Policy to enfor... (#341358 - closed) gets merged

WDYT?

Sounds good to me, @aturinske!

Thank you for doing these , @aturinske

Please shout if you want to delegate any of them.

Thanks @thiagocsf . Can you merge this MR? Thanks

I'm afraid I can't -- not a maintainer.

@claytoncornell, could you please?

@thiagocsf @aturinske On it. Simple change... approve/merge incoming

@aturinske Should we add a note of some kind to #341358 (closed) as a reminder to revert the doc changes?

Good idea @claytoncornell ! I have added it here

Suggested Reviewers (beta)

The individuals below may be good candidates to participate in the review based on various factors.

You can use slash commands in comments to quickly assign /assign_reviewer @user1.

Suggested Reviewers
@kushalpandya, @stanhu, @alyubenkov, @mparuszewski, @ngaskill

If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue: https://gitlab.com/gitlab-org/gitlab/-/issues/357923.

Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".

requested review from @thiagocsf

	1 Message
	This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge.

Documentation review

The following files require a review from a technical writer:

• doc/user/application_security/policies/scan-execution-policies.md

The review does not need to block merging this merge request. See the:

• Metadata for the *.md files that you've changed. The first few lines of each *.md file identify the stage and group most closely associated with your docs change.
• The Technical Writer assigned for that stage and group.
• Documentation workflows for information on when to assign a merge request for review.

Generated by Danger

@aturinske - please add typebug typefeature, typemaintenance or a subtype label to this merge request.

• typebug: Defects in shipped code and fixes for those defects. This includes all the bug types (availability, performance, security vulnerability, mobile, etc.)
• typefeature: Effort to deliver new features, feature changes & improvements. This includes all changes as part of new product requirements like application limits.
• typemaintenance: Up-keeping efforts & catch-up corrective improvements that are not Features nor Bugs. This includes restructuring for long-term maintainability, stability, reducing technical debt, improving the contributor experience, or upgrading dependencies.

See the handbook for more guidance on classifying.

---

This message was created with automation and Engineering Productivity is looking for feedback in this issue: https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/issues/43

added 1 commit

• 1856fb2c - Update scan-execution-policies.md for the agents schema

Compare with previous version

approved this merge request

added typemaintenance label

resolved all threads

requested review from @mparuszewski and removed review request for @thiagocsf

changed milestone to %15.2

added backend groupsecurity policies labels

requested review from @thiagocsf

removed review request for @mparuszewski

approved this merge request

resolved all threads

requested review from @claytoncornell

added Technical Writing docsimprovement documentation labels

resolved all threads

resolved all threads

approved this merge request

merged

mentioned in commit 906030c2

added workflowstaging-canary label

added workflowcanary label and removed workflowstaging-canary label

added workflowstaging label and removed workflowcanary label

added workflowproduction label and removed workflowstaging label

mentioned in merge request !91075 (merged)

added releasedcandidate label

added releasedpublished label and removed releasedcandidate label

mentioned in issue #359886 (closed)