Commit 92bcf428 authored by Alex Kalderimis's avatar Alex Kalderimis

Merge branch 'add_vulnerability_states_for_scan_result_policies' into 'master'

Add vulnerability_states for scan_result_policies

See merge request gitlab-org/gitlab!76865
parents 63732b69 a7e8caeb
...@@ -45,7 +45,8 @@ module Security ...@@ -45,7 +45,8 @@ module Security
user_ids: project.users.get_ids_by_username(action_info[:approvers]), user_ids: project.users.get_ids_by_username(action_info[:approvers]),
vulnerabilities_allowed: rule[:vulnerabilities_allowed], vulnerabilities_allowed: rule[:vulnerabilities_allowed],
report_type: :scan_finding, report_type: :scan_finding,
orchestration_policy_idx: policy_index orchestration_policy_idx: policy_index,
vulnerability_states: rule[:vulnerability_states]
} }
end end
......
...@@ -245,7 +245,8 @@ ...@@ -245,7 +245,8 @@
"branches", "branches",
"scanners", "scanners",
"vulnerabilities_allowed", "vulnerabilities_allowed",
"severity_levels" "severity_levels",
"vulnerability_states"
], ],
"properties": { "properties": {
"type": { "type": {
...@@ -289,6 +290,22 @@ ...@@ -289,6 +290,22 @@
"type": "string" "type": "string"
} }
} }
},
"vulnerability_states":{
"type": "array",
"additionalItems": false,
"items":{
"type": {
"enum": [
"newly_detected",
"detected",
"confirmed",
"resolved",
"dismissed"
],
"type": "string"
}
}
} }
}, },
"additionalProperties": false "additionalProperties": false
......
...@@ -48,7 +48,8 @@ FactoryBot.define do ...@@ -48,7 +48,8 @@ FactoryBot.define do
branches: %w[master], branches: %w[master],
scanners: %w[container_scanning], scanners: %w[container_scanning],
vulnerabilities_allowed: 0, vulnerabilities_allowed: 0,
severity_levels: %w[critical] severity_levels: %w[critical],
vulnerability_states: %w[detected]
} }
] ]
end end
......
...@@ -61,6 +61,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyS ...@@ -61,6 +61,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyS
expect(scan_finding_rule.scanners).to eq(first_rule[:scanners]) expect(scan_finding_rule.scanners).to eq(first_rule[:scanners])
expect(scan_finding_rule.severity_levels).to eq(first_rule[:severity_levels]) expect(scan_finding_rule.severity_levels).to eq(first_rule[:severity_levels])
expect(scan_finding_rule.vulnerabilities_allowed).to eq(first_rule[:vulnerabilities_allowed]) expect(scan_finding_rule.vulnerabilities_allowed).to eq(first_rule[:vulnerabilities_allowed])
expect(scan_finding_rule.vulnerability_states).to eq(first_rule[:vulnerability_states])
expect(scan_finding_rule.approvals_required).to eq(first_action[:approvals_required]) expect(scan_finding_rule.approvals_required).to eq(first_action[:approvals_required])
end end
end end
......
...@@ -46,7 +46,7 @@ RSpec.describe Security::CreateOrchestrationPolicyWorker do ...@@ -46,7 +46,7 @@ RSpec.describe Security::CreateOrchestrationPolicyWorker do
name: 'CS critical policy', name: 'CS critical policy',
description: 'This policy with CS for critical policy', description: 'This policy with CS for critical policy',
enabled: true, enabled: true,
rules: [{ type: 'scan_finding', branches: %w[production], vulnerabilities_allowed: 0, severity_levels: %w[critical], scanners: %w[container_scanning] }], rules: [{ type: 'scan_finding', branches: %w[production], vulnerabilities_allowed: 0, severity_levels: %w[critical], scanners: %w[container_scanning], vulnerability_states: %w[newly_detected] }],
actions: [ actions: [
{ type: 'require_approval', approvals_required: 1, approvers: %w[admin] } { type: 'require_approval', approvals_required: 1, approvers: %w[admin] }
] ]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment