Skip to content
Snippets Groups Projects

Add agents to Scan Execution Policies documentation

Merged Alan (Maciej) Paruszewski requested to merge 341358-add-agents-to-policies-docs into master
1 unresolved thread

What does this MR do and why?

This MR updates documentation for Scan Execution Policies to add support for agents keyword.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #341358 (closed)

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • 🤖 GitLab Bot 🤖 changed milestone to %15.5

    changed milestone to %15.5

  • added 1 commit

    • b438a1ad - Add example for agents policy

    Compare with previous version

  • requested review from @claytoncornell

  • Alan (Maciej) Paruszewski marked this merge request as ready

    marked this merge request as ready

  • added 1 commit

    • 5111fd92 - Simplify sentence, remove ref to cluster image scanning

    Compare with previous version

  • Suggested Reviewers (beta)

    The individuals below may be good candidates to participate in the review based on various factors.

    You can use slash commands in comments to quickly assign /assign_reviewer @user1.

    Suggested Reviewers
    @kushalpandya, @dbalexandre, @dpisek, @aqualls, @alyubenkov

    If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue: https://gitlab.com/gitlab-org/gitlab/-/issues/357923.

    Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".

  • added 5308 commits

    • 5111fd92...a0efe6e8 - 5305 commits from branch master
    • 9224ee10 - Add agents to Scan Execution Policies documentation
    • cc9b39e5 - Add example for agents policy
    • 7fbb0f02 - Simplify sentence, remove ref to cluster image scanning

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • Clayton Cornell resolved all threads

    resolved all threads

  • @claytoncornell, did you forget to run a pipeline before you merged this work? Based on our code review process, if the latest pipeline finished more than 2 hours ago, you should:

    1. Ensure the merge request is not in Draft status.
    2. Start a pipeline (especially important for Community contribution merge requests).
    3. Set the merge request to merge when pipeline succeeds.

    This is a guideline, not a rule. Please consider replying to this comment for transparency.

    This message was generated automatically. You're welcome to improve it.

  • Clayton Cornell mentioned in commit ccfc1354

    mentioned in commit ccfc1354

  • added workflowstaging label and removed workflowcanary label

  • mentioned in issue #378233 (closed)

  • 88 88 | `type` | `string` | `schedule` | The rule's type. |
    89 89 | `branches` | `array` of `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). |
    90 90 | `cadence` | `string` | CRON expression (for example, `0 0 * * *`) | A whitespace-separated string containing five fields that represents the scheduled time. |
    91 | `agents` | `object` | | The name of the [GitLab agents](../../clusters/agent/index.md) where [cluster image scanning](../../clusters/agent/vulnerabilities.md) will run. The object key is the name of the Kubernetes cluster configured for your project in GitLab. You can use the optional value of the object to select and scan specific Kubernetes resources. |
    • @mparuszewski I have a couple of clarification questions regarding these docs

      You can use the optional value of the object to select and scan specific Kubernetes resources.

      1. Perhaps we should show an example of what not providing the optional value looks like? Is the below what you had in mind?
      2. Are all kubernetes resouces that are managed by the Gitlab agent scanned if no value is given?
      type: scan_execution_policy
      name: Scan all clusters managed by `best-agent`
      description: Best idea ever!
      enabled: false
      rules:
        - type: schedule
          agents:
            best-agent:
          cadence: 0 0 * * *
      actions:
        - scan: container_scanning
      Edited by Alexander Turinske
      1. Perhaps we should show an example of what not providing the optional value looks like? Is the below what you had in mind?

      @aturinske, exactly, this is how it should look like. :thumbsup:

      1. Are all kubernetes resouces that are managed by the Gitlab agent scanned if no value is given?

      Exactly, all kubernetes resources in all namespaces will be scanned when no value is given (all namespaces where our agent will have proper permissions to start vulnerability scan to be precise).

    • Please register or sign in to reply
  • Please register or sign in to reply
    Loading