i am currently trying to find a way to run Gitlab Dependency Scanners via a scheduled pipeline and also on every commit, but i don’t want any other jobs to run…
What is a managable approach to this?
I know that i could add a rule which sets “when: never” if the pipeline is triggered by schedule. But how can i add this rule to all jobs (especially the SAST / Secret detection jobs)?
Is it maybe possible to have a default job definition that is extended by all jobs? Then i would add the rule there.
include: - template: Security/SAST.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml stages: - test - release # Release job (should not be executed on schedule) release: stage: release script: echo "do release" rules: - if: "$CI_COMMIT_BRANCH == 'master'" when: always - when: never # Some customizations for a SAST job semgrep-sast: variables: SEARCH_MAX_DEPTH: 15
I would love to hear how you manage that in your projects to get some new approaches.
Thank you very much in advance!