Add agents to Scan Execution Policies documentation
What does this MR do and why?
This MR updates documentation for Scan Execution Policies to add support for agents
keyword.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #341358 (closed)
Merge request reports
Activity
changed milestone to %15.4
assigned to @mparuszewski
Suggested Reviewers (beta)
The individuals below may be good candidates to participate in the review based on various factors.
You can use slash commands in comments to quickly assign
/assign_reviewer @user1
.Suggested Reviewers @kushalpandya
,@dbalexandre
,@dpisek
,@aqualls
,@alyubenkov
If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/357923
.Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".
- A deleted user
added documentation label
1 Message This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
doc/user/application_security/policies/scan-execution-policies.md
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger- Resolved by 🤖 GitLab Bot 🤖
Proper labels assigned to this merge request. Please ignore me.
@mparuszewski - please see the following guidance and update this merge request.1 Warning Please add a subtype label to this merge request. If you have added a type label and do not feel the purpose of this merge request matches one of the subtypes labels, please resolve this discussion.
Edited by 🤖 GitLab Bot 🤖
Setting label(s) Category:Security Policy Management based on groupsecurity policies.
added Category:Security Policy Management label
added 1875 commits
-
7af80eaf...6afb3e23 - 1874 commits from branch
master
- 6f1feeb8 - Add agents to Scan Execution Policies documentation
-
7af80eaf...6afb3e23 - 1874 commits from branch
mentioned in issue #367278 (closed)
mentioned in merge request !98238 (merged)
- Resolved by Alan (Maciej) Paruszewski
changed milestone to %15.5
added missed:15.4 label
- Resolved by Clayton Cornell
@mparuszewski is this one close to being ready to merge in? Can I help with it?
requested review from @claytoncornell
- Resolved by Clayton Cornell
added 1 commit
- 5111fd92 - Simplify sentence, remove ref to cluster image scanning
Suggested Reviewers (beta)
The individuals below may be good candidates to participate in the review based on various factors.
You can use slash commands in comments to quickly assign
/assign_reviewer @user1
.Suggested Reviewers @kushalpandya
,@dbalexandre
,@dpisek
,@aqualls
,@alyubenkov
If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/357923
.Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".
added featureaddition label
added 5308 commits
-
5111fd92...a0efe6e8 - 5305 commits from branch
master
- 9224ee10 - Add agents to Scan Execution Policies documentation
- cc9b39e5 - Add example for agents policy
- 7fbb0f02 - Simplify sentence, remove ref to cluster image scanning
Toggle commit list-
5111fd92...a0efe6e8 - 5305 commits from branch
- Resolved by Clayton Cornell
added Technical Writing docsimprovement tw-weight3 labels
@claytoncornell, did you forget to run a pipeline before you merged this work? Based on our code review process, if the latest pipeline finished more than 2 hours ago, you should:
- Ensure the merge request is not in Draft status.
- Start a pipeline (especially important for Community contribution merge requests).
- Set the merge request to merge when pipeline succeeds.
This is a guideline, not a rule. Please consider replying to this comment for transparency.
This message was generated automatically. You're welcome to improve it.
mentioned in commit ccfc1354
added workflowstaging-canary label and removed workflowin review label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
mentioned in issue #378233 (closed)
added releasedcandidate label
88 88 | `type` | `string` | `schedule` | The rule's type. | 89 89 | `branches` | `array` of `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). | 90 90 | `cadence` | `string` | CRON expression (for example, `0 0 * * *`) | A whitespace-separated string containing five fields that represents the scheduled time. | 91 | `agents` | `object` | | The name of the [GitLab agents](../../clusters/agent/index.md) where [cluster image scanning](../../clusters/agent/vulnerabilities.md) will run. The object key is the name of the Kubernetes cluster configured for your project in GitLab. You can use the optional value of the object to select and scan specific Kubernetes resources. | @mparuszewski I have a couple of clarification questions regarding these docs
You can use the optional value of the object to select and scan specific Kubernetes resources.
- Perhaps we should show an example of what not providing the optional value looks like? Is the below what you had in mind?
- Are all kubernetes resouces that are managed by the Gitlab agent scanned if no value is given?
type: scan_execution_policy name: Scan all clusters managed by `best-agent` description: Best idea ever! enabled: false rules: - type: schedule agents: best-agent: cadence: 0 0 * * * actions: - scan: container_scanning
Edited by Alexander Turinske- Perhaps we should show an example of what not providing the optional value looks like? Is the below what you had in mind?
@aturinske, exactly, this is how it should look like.
- Are all kubernetes resouces that are managed by the Gitlab agent scanned if no value is given?
Exactly, all kubernetes resources in all namespaces will be scanned when no value is given (all namespaces where our agent will have proper permissions to start vulnerability scan to be precise).
added releasedpublished label and removed releasedcandidate label