Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Security Policy Project for scan-execution-policy-group-79ecb4e4
This project is automatically generated to manage security policies for the project.
The Security Policies Project is a repository used to store policies. All security policies are stored as a YAML file named `.gitlab/security-policies/policy.yml`, with this format:
```yaml
---
scan_execution_policy:
- name: Enforce DAST in every pipeline
description: This policy enforces pipeline configuration to have a job with DAST scan
enabled: true
rules:
- type: pipeline
branches:
- master
actions:
- scan: dast
scanner_profile: Scanner Profile A
site_profile: Site Profile B
- name: Enforce DAST in every pipeline in the main branch
description: This policy enforces pipeline configuration to have a job with DAST scan for the main branch
enabled: true
rules:
- type: pipeline
branches:
- main
actions:
- scan: dast
scanner_profile: Scanner Profile C
site_profile: Site Profile D
```
You can read more about the format and policies schema in the [documentation](https://cell-c01j2gdw0zfdafxr6.cells.gitlab.com/help/user/application_security/policies/scan_execution_policies.md#scan-execution-policy-schema).
## Default branch protection settings
This project is preconfigured with the default branch set as a protected branch, and only maintainers/owners of
[scan-execution-policy-group-79ecb4e4](https://cell-c01j2gdw0zfdafxr6.cells.gitlab.com/groups/gitlab-qa-sandbox-group-6/scan-execution-policy-group-79ecb4e4) have permission to merge into that branch. This overrides any default branch protection both at the
[group level](https://cell-c01j2gdw0zfdafxr6.cells.gitlab.com/help/user/group/manage.md#change-the-default-branch-protection-of-a-group) and at the
[instance level](https://cell-c01j2gdw0zfdafxr6.cells.gitlab.com/help/user/project/repository/branches/default.md#instance-level-default-branch-protection).