7. Compliance, Results, and Execution
Add a Scan Execution and Scan Result policy to the project to prevent introduction of new vulnerabilities without approval.
Scan Execution Policy
-
1. Create a Scan Execution Policy by navigating to Security & Compliance > Policies
and clickingNew Policy
-
2. Under Scan Execution Policy
clickSelect Policy
-
3. Enter the name: "Require dependency scans on the main branch" -
4. Enter "main" in the branch
field (defaults to *) -
5. Under Actions
selectDependency Scanning
from the dropdown -
6. Click Configure with a merge request
-
7. A security policy project will be created automatically -
8. On the Merge Request screen, click Merge
-
9. Navigate back to your application project, and view the new policy at Security & Compliance > Policies
Scan Result Policy
-
1. Create a Scan Result Policy by navigating to Security & Compliance > Policies
and clickingNew Policy
-
2. Under Scan Result Policy
clickSelect Policy
-
3. Enter the name: "Critical vulnerabilities require approval" -
4. The default rule should read: "IF All Scanners
find(s) more than0
Critical
Newly detected
vulnerabilities in an open merge request targetingAll protected branches
-
5. Under actions, select your user as the approver by clicking Search users or groups
-
6. Click Configure with a merge request
-
7. On the Merge Request screen, click Merge
-
8. Navigate back to your application project, and view the new policy at Security & Compliance > Policies
Group Policies
-
1. Navigate to the group you created using the breadcrumbs at the top of the page -
2. Change your policy project for the group at Security & Compliance > Policies
and clickEdit Policy Project
-
3. Select the security policy project that was automatically created above, and click Save
-
4. Note the security policies that are applied to all projects in the group