I have the following policy:
---
scan_execution_policy:
- name: Test SAST Scanning
description: Testing for usage of features.
enabled: true
rules:
- type: pipeline
branches:
- merge_requests
- type: pipeline
branches:
- main
- type: pipeline
branches:
- master
actions:
- scan: sast
tags: []
This wont work with the merge_request pipeline that we build the current tooling is built around with the following rules:
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
If I change the rule to use * instead for the branches it will run but in a separate pipeline like this:
So question is do I need to change the rule to run in not merge request and use branches instead (or another way):
only:
- branches
Or can I change the policy to trigger so the sast, dast and whatnot is running in the same pipeline instead of 2 separate pipelines?