Using Security Policy scanning, it appears to be lacking that I cannot configure our 3rd party scanning tools to run in a scheduled manner. We have twistlock/prisma container scanning and fixinator (cold fusion sast scanning) integrated into our space and it appears that security policy configurations only allow for gitlab provided sast, dast, and container scanning. This seems like an oversight if you offer the ability for these tools to be integrated into a the pipeline process but we cannot actually schedule them to run in the pipeline regularly via a security policy.
- I imagine I would have the ability to use the 3rd party sast and container scanning tools in the same manner that the gitlab featured tools would allow.
- *What version are you on? 16.4.1.ee self managed