feat: Add group controls for source_code code_changes (&2), (#125), (#118)

Description

This MR adds Group input type controls for existing benchmark functions. In Review Group Controls (#125) we have started to reference which control is applicable at the group level, and what is its status.

Related links:

• Epic: &2
• Task: #125
• Closes: #118 (closed)

Related Feature requests:

• gitlab - Groups API: Only allow merge requests to be mer... (gitlab-org/gitlab#534608)
• python-gitlab - Protected Branches Group Level #3164
• python-gitlab - MR approval settings Group Level #3165
• python-semantic-release - Version bump python-gitlab #1228

Affected benchmark controls

Supported controls:

• 1.1.3 - code_approvals
• 1.1.5 - code_dismissal_restrictions
• 1.1.12 - commits_must_be_signed_before_merging
• 1.1.18 - auto_risk_scan_merges

Typo fix controls:

• 1.1.6 - code_owners
• 1.1.7 - code_changes_require_code_owners
• 1.1.8 - stale_branch_reviews
• 1.1.9 - checks_pass_before_merging
• 1.1.10 - branches_updated_before_merging
• 1.1.11 - comments_resolved_before_merging
• 1.1.13 - linear_history_required
• 1.1.15 - merging_restrictions
• 1.1.20 - default_branch_protected

Changes

• Adds Group input type controls for source_code/code_changes - 2982333c
  • Fixes typos on group support return messages
• Bumps python-gitlab to 5.6.0 (this allows for new capabilities) - af6a708c
• Adds release dependencies, to avoid dependency conflict between python-gitlab & python-semantic-release - f943f6de
• Updates tests - db203474
• Updates limitations with new group controls - 28d4acbd
• Fixes: 1.1.5 Ensure there are restrictions on who can ... (#118 - closed) - 6448dd92

Checklists

Requester checklist

Merge request authors, please follow the checklist below:

Requester Checklist

• If this change modifies benchmark functions:
  • The function:
    • Name matches the name of the yaml recommendation
    • Returns a dict containing:
      • True or False (if the check passed/failed)
      • None for skipped checks
      • a str with the reason why (e.g. {None: 'This check requires validation'})
    • The docstring contains the id and title of the recommendation to check
  • Limitations:
    • Any limitations for the function are added to docs/limitations.md
• If this change modifies recommendations:
  • Ensure approval from CODEOWNERS is obtained
• All unit tests pass before requesting review
• This merge request's title matches the prefixes allowed in .commitlintrc
• Remove Draft phase from the MR

MR acceptance checklist

Reviewers, please evaluate this MR against the MR acceptance checklist:

Reviewer Checklist

• If this change modifies benchmark functions:
  • The function(s) satisfy the recommendation (see the audit section in the yaml file)
    • i.e. does this function address the recommendation benchmark check
• This merge request's title matches the prefixes allowed in .commitlintrc
• All tests have passed successfully

How to set up and validate locally

To validate changes for this merge request, follow the steps below:

Validation Steps

Note: You only need to complete steps 1-3 once, for future reviews go to Step 4.

1. Install glab (GitLab CLI).

2. Authenticate to GitLab using glab auth login

3. Clone the repository and enter it:

   # with glab:
   glab repo clone gitlab-security-oss/cis/gitlabcis
   cd gitlabcis
   
   # or with git:
   git clone git@gitlab.com:gitlab-security-oss/cis/gitlabcis.git
   cd gitlabcis

4. Checkout the MR:

   # with glab:
   glab mr checkout feat/group-checks-1
   
   # or with git:
   git fetch origin merge-requests/%{merge_req_id}/head:feat/group-checks-1
   git checkout feat/group-checks-1

5. Install the modified version of gitlabcis:

   make

6. Validate the change against an input:

   gitlabcis https://gitlab.example.com

See the docs for more details on usage.

Closes #118 (closed)