►
From YouTube: Migration from Vulnerability-Check rules to Scan Result Policies with automated script
Description
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/362744
Snippet with the script: https://gitlab.com/gitlab-org/gitlab/-/snippets/2328089
A
Hello:
everyone,
my
name
is
matthew
perzetsky,
I'm
staff
packet
engineer
in
the
container
security
team,
and
today
I
would
like
to
talk
about
automated
creation
of
scan
result
policies
for
multiple
projects.
Recently
we
have
deprecated
and
removed
vulnerability,
check
rules
to
scatter
result
policies.
A
A
Okay,
let's
do
the
migration
here.
I've
created
already
a
group
where
I
have
bunch
of
projects
and
in
the
first
scenario
I
have
multiple
projects.
I
would
like
to
create
a
security
policy
project
for
one
of
them,
assign
the
security
policy
project
to
my
other
project
and
apply
and
create
prepared
policy.
A
Here
I
have
the
yaml
file
where
I
can
describe
everything.
So
I
have
a
create
security
policy,
project
paths
and
I'll
start
to
comment
that
and
I'll
I'll
start
to
the
demo.
Okay,
we
would
like
to
create
security
policy
project
path.
Let's
select
one
of
the
projects,
let
it
be
this
one
project
test,
one:
I'm
gonna
just
copy
the
full
path
for
it.
A
A
A
Okay,
here
is
the
the
policy
itself.
The
post
itself
is
the
same
as
you
would
have.
If
you
go
to
the
policy
editor,
so
you
can
go
to
policies
and
you
can
create
a
new
policy.
Select
this
kind
of
result
policy
and
you
can
configure
it
using
the
ui
or
you
can
have
the
ammo
mode
where
you
can
actually
modify
it
as
a
yaml
file.
So
you
can
copy
that
once
you,
you
managed
to
create
all
the
rules.
A
A
Okay,
so
we've
created
security
policy
project
for
for
the
first
test.
Here's
the
idea
of
this.
Then
we
started
creating
nmr
with
updating
policy.
There
is
the
link,
I
can
click
the
link.
A
A
A
A
A
I
can
save
it,
I
can,
I
can
run
again
the
script
and
what
it
will
do.
It
will
simply
assign
the
security
policy
project
to
these
three
projects
without
creating
the
yaml
file.
Okay,
here
we
are,
but
I
can
also
uncomment
that
I
can
save
it.
I
can
run
the
script
again
and
what
it
will
do.
It
will
create
a
security
policy
in
this
project
and
then
it
will
assign
the
security
policy
project
to
do
these
three
projects.
I
can
again
click
here.
You
can
open
the
link.