►
Description
This short video contains information needed for contributors that would like to add manual test cases for features related to Govern: Security Policies group.
Project: https://gitlab.com/gitlab-org/govern/security-policies/projects/test-cases/
A
We
have
a
project
created
where
we
keep
manual
test
cases
that
contains
features
delivered
by
government
security
policies,
team
and
each
test
case
will
have
steps
a
video
and
expected
results
for
after
given
actions,
I
can
show
you
one
of
the
tests
that
we
already
created.
So
here
we
have
a
test
where
it's
everything
is
recorded.
You
see
the
result
was
success.
A
A
That
will
be
the
same
for
every
single
project
that
you'll
create
for
this
test
case,
as
all
features
delivered
by
security
policies
require
this
ultimate
license
and
that
you
need
to
have
GitHub
ciml
file
added
to
the
project
to
make
sure
that
pipelines
are
running,
and
then
you
have
list
of
steps.
Each
step
will
have
expected
results
so
go
to
security,
compliance
and
click
on
policies.
Then
what
will
happen
like
okay,
I'll,
see
this
page
I'll,
see
this
information
and
so
on,
and
so
on.
A
So
you'll
you'll
see
that
so
how
to
contribute
to
this,
as
you
see
we
have
here,
Source,
folder
and
destination,
folder
Source
will
contain
all
things
that
are
needed
to
generate
something
that
you
see
already
in
destination
in
this
nation.
We
keep
them
as
markdown
files
because
it
makes
it
simple
for
us
to
read
it.
However,
to
create
them.
We
try
to
use
some
automation,
that's
why
we
are
creating
yaml
files
and
within
the
CML
files
we
have
something
that
we
called
partials.
A
Partials
are
just
a
separate
chunk
of
code
that
is
stored
in
different
place
that
you
can
include
always
so,
for
example,
if
you're,
if
you
do
not
want
to
copy
paste
your
step,
you
can
just
copy
it
to
separate
step
and
include
a
partial.
Let
me
show
you
that,
so
here
you
see
the
preparation
you
have
partial
preparation,
I
can
go
back
to
sources.
A
I
can
go
to
scripts,
do
partials,
and
then
we
have
preparation
step,
which
is
new
project
with
a
single
CI
job.
That's
how
it's
being,
and
here
and
and
here
you
see
it's
just
a
yaml
file
with
a
list.
So
that's
just
a
separate
thing
that
you
can
do
to
to
make
sure.
Do
you
not
to
repeat
yourself
and
then
what
you
have
is
also
because
most
of
the
steps
can
be
also
repeated.
That's
why
we've
decided
it
we'll
probably
want
to
to
also
make
sure
that
you
can
use
partials
for
them.
A
That's
why
we
have
created
a
separate
folder
with
partials
for
steps,
and
you
can
see,
go
to
security,
place
and
click
policies,
and
this
will
already
contain
a
little
step
and
expect
this
result
for
the
step.
So
if
you
would
like
to
add
something
more
to
it,
you
can
either
add
it
here.
Then
it
will
be
generic
for
every
single
step
that
you're
doing
foreign
or
you
can
copy
copy
it
and
paste
in
your
yaml
file
and
then
you'll
keep
it
as
well
right.
So
let's
take
a
look.
A
What
we
can
do
to
actually
create
a
new
project
and
to
start
contributing
to
this
project.
You
have
a
whole
instructions
here.
What
you
can
do,
what
I'm
going
to
do,
I'm
going
to
open
hitbot
for
this
so
it'll
create
me
a
new
workspace
and,
within
this
workspace,
I
will
be
able
to
to
work
on
on
this
new
test
case.
So,
let's
see
this
will
will
wait
for
a
while
until
it's
created.
A
All
right
and
we
have
a
code,
so
you
so,
for
example,
let's
take
a
look
at
one
of
the
test
cases
that
we
can
create,
let's
say,
enforce
project
levels,
kind
of
efficient
policy
to
be
enforced,
for
pipelines
for
chosen
branches,
with
SAS
scan
to
run
on
the
runners
with
selected
Runner
tags
wow.
This
is
the
long
one,
but
stay
with
me.
I'll
show
you
that
all
right
I'll
create
a
new
file
here.
A
A
A
The
first
preparation
new
project
with
single
CI
jobs
and
new
Ruby
save
Ruby
file.
What
it
will
do,
let's
take
a
look
at
the
preparations
tab
with
the
safe
Ruby
file.
Okay,
just
this
tab.
That
would
mean
I'll,
add
Ruby
OS
script
to
this
project.
This
is
needed
because
SAS
requires
you
to
create
a
separate
file,
so
it
will
recognize
it.
A
A
Okay,
so
now
I
can
go
to
policies,
so
this
is
go
to
security,
income
place
and
click
policies,
click
a
new
policy
button
which
will
be
this
Okay
click
I'm
clicking
a
new
policy
button.
So
you
see
this
copy
pasting,
I'm,
not
modifying
it
anything
here.
Yet
click
on
scanduction
policy,
section,
okay,
I'm
clicking
all
right
and
then
fill
the
policy
name,
we're
going
to
name
it
zero
zero.
Six,
as
you
can
see,
you
can
have
fill
policy,
name
partial.
A
A
That
is
useful
if
you
would
like
to
do
something
customized,
but
you
also
you
don't
want
to
repeat
yourself
so
full
name
with
Paul's
name,
and
this
post
name
will
be
taken
from
from
this
file,
which
is
like
replace
polish
name
with
this
all
right,
then,
we
have
step
and
action
section
change
the
scan
to
SAS
that
we
would
like
to
do
so.
First
I'm
going
to
do
test
006
and
change
it
to
sast.
A
A
Let's
see
yeah
that
has
specific
tags,
we're
about
to
select
Runner
attacks.
I
can
totally
present
information
and
yeah.
That's
exactly
what
is
happening,
and
then
yaml
preview
is
visible
with
the
content.
Let's
see
if
it's
true
yeah,
just
comparing
it's
probably
true,
I
just
need
to
update
the
name
of
it.
Okay,
then
we
can
have
configure
with
the
merge
button,
but
not
yet.
What
I
would
like
to
do
now
is
to
modify
it
a
little
bit.
So
I'll
probably
need
to
create
a
new
step
right.
A
A
A
A
A
A
A
I
probably
will
see
something
like
this,
and
this
is
exactly
what
is
happening.
Okay,
yamo
file
was
generated
and
the
next
been
configured
with
the
merge
button,
so
I'm
going
to
change
it
to
police
name,
but
it
will
be
zero,
zero,
six.
Okay!
So
then,
again
we
have
a
partial
that
means
step.
General,
configure
the
merge
button,
so
I'm
going
to
configure
it
merge,
request.
A
A
A
A
A
It's
called
run
OS
script,
RP
copy
it
comment,
changes
I
should
do
those
steps
before
writing
the
the
test
case,
but
these
are
not
important
in
terms
of
how
this
test
case
will
be
evaluated
or
a
house
connection.
Policies
will
be
evaluated.
So
it's
just
you.
You
probably
want
to
follow
the
steps
if
you're
writing
a
manual
test
case,
because
you
want
to
make
sure
that
there
is
like
no
discrepancies
in
terms
of
when
you
run
certain
step,
they
has
to
be
executed
in
the
following
order.
A
However,
with
the
knowledge
that
you'll
gain
when
working
with
those
features,
you'll
understand
that
some
steps
do
not
require
to
to
be
in
a
certain
order,
all
right,
but
that's
that's
what
we
did
right.
So
we
have
configured
merge
button,
merge
we're
we're
running
a
pipeline
right
now,
so
we
can
take
a
look
at
the
Pipelines
yeah
and
we
see
that
the
pipeline
is
running
and
this
task
was
enforced
and
so
clean
on
run,
pipeline
button
test
job
is
visible
and
Brakeman
test
is
also
visible.
A
A
So
cap
is
actually
quite
an
interesting
project
that
allows
you
to
record
a
video
of
what
is
happening
on
your
screen
without
using
audio.
So
it's
just
here
like
a
screencast
and
then
then
you
can
export
it
to
info
4
or
or
any
other
format
that
you
can
include
here,
we're
using
it
before,
because
that
allows
us
to
to
include
the
video
editor
within
this
within
this
markdown
editor.
A
Okay,
so
I
should
probably
modify
epics
and
issues,
but
I'll
not
do
it
right
now,
you'll
do
it
whenever
you'll
add
new
case,
but
what's
important,
I
can
get
back
to
read
new
file,
and
then
you,
you
notice
that
one
of
the
last
steps
is
create
a
file
Ruby
strip
generate
okay.
So
that's
what
I'll
do
I'll
use
this
script
to
run
it
okay,
it
looks
like
everything
was
running
properly.
A
Let's
take
a
look
at
the
at
the
destination
and
actually,
if
we
have
created
a
new
temp
new
new
file
or
not
yeah,
the
file
was
created.
You
already
see
that
it's
all,
including
for
important
information.
So
now
what
you
can
do
is
like
you
can
create
a
new
branch,
so
you're
gonna,
like
check
out
to
create
new
brands
and
you'll
write.
Okay,
Allen
new
test
case
video,
something
like
this
and
then
I
can
write
down,
add
SAS
and,
of
course,
and
of
course,
has
with
custom
tag
and
branches
they
can.
A
It
will,
it
will
say:
oh
you've,
put
something
new,
then
it
creates
a
new
merch
request
and
then
you,
you
have
all
things
that
are
needed
to
actually
create
a
merge
request
and
ask
someone
to
review
it,
and
here
you
go.
You've
created
your
first
test
case.
So
this
is
how
you
can
contribute
to
those
test
cases
within
test
cases,
project
for
governed
security
policies.
Thank
you.
If
you
have
any
questions,
reach
me
out
on
Discord
or
on
slack
and
and
have
a
have
a
nice
day,
bye.