Draft: Add process and resolve vulnerabilities job template for security rotation process (!364) · Merge requests · GitLab.org / security-products / ci-templates

Shao Ming Tan requested to merge schedule-ca-sec-automation into master Sep 07, 2023

What does this MR do?

Add the following templates that can be used in individual projects as part of security reaction rotation

.security-triage-automation-process-vulnerabilities runs the process vulnerabilities method from the security-triage-automation tool.
resolve-comp-analysis-vulnerability-issues runs the resolve vulnerabilities method from the security-triage-automation tool.

In the respective project we can use the template like this:

process-security-triage-vulnerabilities:
  variables:
    CUSTOM_LABELS: "--custom-labels=group::composition analysis"
    INCLUDE_NON_FIPS: "--include-non-fips"
    PROJECT_PATH: "gitlab-org/security-products/analyzers/gemnasium"
  extends: 
    - .security-triage-automation-process-vulnerabilities
  rules:
    - if: '$TRIGGER_CA_PROCESS_SECURITY_ISSUES && $CI_PIPELINE_SOURCE == "schedule"'
      when: always

What are the relevant issue numbers?

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/413771+

Does this MR meet the acceptance criteria?

Tests added for this feature/bug

sectionsec devopssecure groupcomposition analysis backend typemaintenance

Edited Sep 13, 2023 by Shao Ming Tan

Draft: Add process and resolve vulnerabilities job template for security rotation process

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports