Expand Scan Execution Policies to run on MR pipelines (YAML Mode)

Release notes

Scan execution policies have now been expanded to allow a requirement for security scans to run on merge request pipelines. Previously this was limited to branch pipelines or a specified schedule.

Problem to solve

The execution policy editor is currently limited in that:

• You cannot define a condition to run on a merge request pipeline
• In .yaml mode, you cannot define the .latest versions of the security templates, which now allow for use in MR pipelines.

Proposal

Some customers (example: A Large SaaS customer) have expressed interest (these links are internal only) in adding the ability to define execution policies for merge request pipelines.

An MVC solution would be to allow for .yaml modification to specify the "latest" version of the security templates.

Current alternatives

Customers can use compliance pipelines to enforce the running of security jobs. Because compliance pipelines allow you to specify the template file, users can specify the latest version of the templates.

Additionally, users can override/specify rules locally in projects to trigger the jobs running on MR pipelines.

Intended users

• Alex (Security Operations Engineer)

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.