## Problem When creating a new blank project with security scanning options enabled (SAST and/or Secret Detection), the pipeline fails immediately with the error: ``` Unable to run pipeline jobs config should contain at least one visible job ``` This occurs even though a group-level security policy is configured to inject scanning jobs into the pipeline for projects without a `.gitlab-ci.yml` file. ## Expected Behavior According to GitLab documentation, when a project does not contain a `.gitlab-ci.yml` file, scanning jobs should be injected into the pipeline by the security policy. The pipeline should execute successfully without errors. ## Actual Behavior The pipeline fails with "jobs config should contain at least one visible job" error, and users receive failure notification emails. ## Reproduction Steps 1. Set up a security scan execution policy at the top-level group level with the following configuration: - Scan type: SAST, Secrets Detection, Dependency Scanning - Branch type: all - Policy scope: all projects - Enabled: true Example yaml: ``` --- scan_execution_policy: - name: 'SECPOL: scan all branches for vulnerabilities ' description: |- SAST SAST IaC Dependency Scanning Secret Detection enabled: true policy_scope: projects: excluding: [] rules: - type: pipeline branch_type: all actions: - scan: sast - scan: dependency_scanning - scan: sast_iac - scan: secret_detection skip_ci: allowed: true allowlist: users: [] ``` 2. Create a new blank project in the group 3. During project creation, enable "Static Application Security Testing (SAST)" and/or "Enable Secret Detection" checkboxes 4. After project creation, navigate to the CI/CD pipeline page ## Expected Result Pipeline should execute successfully with injected security scanning jobs ## Actual Result Pipeline shows as failed with error: "jobs config should contain at least one visible job" ## Environment - GitLab.com (SaaS) - Reproduced on latest version ## Additional Context The issue appears to be a conflict between: 1. The project creation checkboxes for enabling SAST/Secret Detection 2. The group-level security policy that should inject scanning jobs This collision breaks the project's CI/CD configuration and causes the pipeline to fail.