<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> <!-- Implementation issues are used break-up a large piece of work into small, discrete tasks that can move independently through the build workflow steps. They're typically used to populate a Feature Epic. Once created, an implementation issue is usually refined in order to populate and review the implementation plan and weight. Example workflow: https://about.gitlab.com/handbook/engineering/development/threat-management/planning/diagram.html#plan --> ## Why are we doing this work <!-- A brief explanation of the why, not the what or how. Assume the reader doesn't know the background and won't have time to dig-up information from comment threads. --> We are implementing support for SAST policies in gitlab-org&6586. To do this, we need to update `RuleScheduleService` so that it can process rules for SAST policies. This issue will also cover documentation for the feature. ## Relevant links <!-- Information that the developer might need to refer to when implementing the issue. - [Design Issue](https://gitlab.com/gitlab-org/gitlab/-/issues/<id>) - [Design 1](https://gitlab.com/gitlab-org/gitlab/-/issues/<id>/designs/<image>.png) - [Design 2](https://gitlab.com/gitlab-org/gitlab/-/issues/<id>/designs/<image>.png) - [Similar implementation](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/<id>) --> ## Non-functional requirements <!-- Add details for required items and delete others. --> - [x] Documentation: Document the `sast` scan type in the security orchestration policies documentation - [x] Feature flag: - [x] Performance: - [ ] Testing: ## Implementation plan <!-- Steps and the parts of the code that will need to get updated. The plan can also call-out responsibilities for other team members or teams. e.g.: - [ ] ~frontend Step 1 - [ ] `@person` Step 1a - [ ] ~frontend Step 2 --> - [x] ~documentation Document the `sast` scan type in `doc/user/application_security/policies/index.md` - [x] ~backend Update `ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb` to process actions for SAST. This is likely a 1-line change. ```diff diff --git a/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb b/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb index fd0b9248dd5..97cafcad89f 100644 --- a/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb +++ b/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb @@ -21,7 +21,7 @@ def actions_for(schedule) def process_action(action, schedule, branches) case action[:scan].to_s - when 'secret_detection' then schedule_scan(action, branches) + when 'secret_detection', 'sast' then schedule_scan(action, branches) when 'container_scanning' then schedule_container_scanning_scan(action, schedule, branches) when 'cluster_image_scanning' then schedule_cluster_image_scanning_scan(action, schedule) when 'dast' then schedule_dast_on_demand_scan(action, branches) ``` - [x] ~backend Add a new test case for the `sast` scan type to `ee/spec/services/security/security_orchestration_policies/rule_schedule_service_spec.rb` <!-- Workflow and other relevant labels # ~"group::" ~"Category:" ~"GitLab Ultimate" Other settings you might want to include when creating the issue. # /assign @ # /epic & -->