Use full template names in on demand scans

Not using full template names for on demand scans causes problems with
template inclusion tracking.

config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml

@@ -15,20 +15,148 @@ instrumentation_class: RedisHLLMetric
 options:
   events:
   - p_ci_templates_implicit_auto_devops
-  - p_ci_templates_implicit_auto_devops_build
-  - p_ci_templates_implicit_auto_devops_deploy
-  - p_ci_templates_implicit_security_sast
-  - p_ci_templates_implicit_security_secret_detection
   - p_ci_templates_5_min_production_app
-  - p_ci_templates_auto_devops
   - p_ci_templates_aws_cf_deploy_ec2
-  - p_ci_templates_aws_deploy_ecs
   - p_ci_templates_auto_devops_build
   - p_ci_templates_auto_devops_deploy
   - p_ci_templates_auto_devops_deploy_latest
+  - p_ci_templates_terraform_base_latest
+  - p_ci_templates_terraform_base
+  - p_ci_templates_dotnet
+  - p_ci_templates_nodejs
+  - p_ci_templates_openshift
+  - p_ci_templates_auto_devops
+  - p_ci_templates_bash
+  - p_ci_templates_rust
+  - p_ci_templates_elixir
+  - p_ci_templates_clojure
+  - p_ci_templates_crystal
+  - p_ci_templates_getting_started
+  - p_ci_templates_code_quality
+  - p_ci_templates_verify_load_performance_testing
+  - p_ci_templates_verify_accessibility
+  - p_ci_templates_verify_failfast
+  - p_ci_templates_verify_browser_performance
+  - p_ci_templates_verify_browser_performance_latest
+  - p_ci_templates_grails
   - p_ci_templates_security_sast
+  - p_ci_templates_security_dast_runner_validation
+  - p_ci_templates_security_dast_on_demand_scan
   - p_ci_templates_security_secret_detection
-  - p_ci_templates_terraform_base_latest
+  - p_ci_templates_security_license_scanning
+  - p_ci_templates_security_coverage_fuzzing
+  - p_ci_templates_security_api_fuzzing_latest
+  - p_ci_templates_security_secure_binaries
+  - p_ci_templates_security_dast_api
+  - p_ci_templates_security_container_scanning
+  - p_ci_templates_security_dast_latest
+  - p_ci_templates_security_dependency_scanning
+  - p_ci_templates_security_api_fuzzing
+  - p_ci_templates_security_dast
+  - p_ci_templates_security_cluster_image_scanning
+  - p_ci_templates_ios_fastlane
+  - p_ci_templates_composer
+  - p_ci_templates_c
+  - p_ci_templates_python
+  - p_ci_templates_android_fastlane
+  - p_ci_templates_django
+  - p_ci_templates_maven
+  - p_ci_templates_flutter
+  - p_ci_templates_workflows_branch_pipelines
+  - p_ci_templates_workflows_mergerequest_pipelines
+  - p_ci_templates_laravel
+  - p_ci_templates_managed_cluster_applications
+  - p_ci_templates_php
+  - p_ci_templates_packer
+  - p_ci_templates_terraform
+  - p_ci_templates_mono
+  - p_ci_templates_serverless
+  - p_ci_templates_go
+  - p_ci_templates_scala
+  - p_ci_templates_latex
+  - p_ci_templates_android
+  - p_ci_templates_indeni_cloudrail
+  - p_ci_templates_deploy_ecs
+  - p_ci_templates_aws_cf_provision_and_deploy_ec2
+  - p_ci_templates_aws_deploy_ecs
+  - p_ci_templates_gradle
+  - p_ci_templates_chef
+  - p_ci_templates_jobs_dast_default_branch_deploy
+  - p_ci_templates_jobs_load_performance_testing
+  - p_ci_templates_jobs_helm_2to3
+  - p_ci_templates_jobs_sast
+  - p_ci_templates_jobs_secret_detection
+  - p_ci_templates_jobs_code_intelligence
+  - p_ci_templates_jobs_code_quality
+  - p_ci_templates_jobs_deploy_ecs
+  - p_ci_templates_jobs_deploy_ec2
+  - p_ci_templates_jobs_deploy
+  - p_ci_templates_jobs_build
+  - p_ci_templates_jobs_browser_performance_testing
+  - p_ci_templates_jobs_test
+  - p_ci_templates_jobs_deploy_latest
+  - p_ci_templates_jobs_browser_performance_testing_latest
+  - p_ci_templates_jobs_cf_provision
+  - p_ci_templates_jobs_build_latest
+  - p_ci_templates_terraform_latest
+  - p_ci_templates_swift
+  - p_ci_templates_pages_jekyll
+  - p_ci_templates_pages_harp
+  - p_ci_templates_pages_octopress
+  - p_ci_templates_pages_brunch
+  - p_ci_templates_pages_doxygen
+  - p_ci_templates_pages_hyde
+  - p_ci_templates_pages_lektor
+  - p_ci_templates_pages_jbake
+  - p_ci_templates_pages_hexo
+  - p_ci_templates_pages_middleman
+  - p_ci_templates_pages_hugo
+  - p_ci_templates_pages_pelican
+  - p_ci_templates_pages_nanoc
+  - p_ci_templates_pages_swaggerui
+  - p_ci_templates_pages_jigsaw
+  - p_ci_templates_pages_metalsmith
+  - p_ci_templates_pages_gatsby
+  - p_ci_templates_pages_html
+  - p_ci_templates_dart
+  - p_ci_templates_docker
+  - p_ci_templates_julia
+  - p_ci_templates_npm
+  - p_ci_templates_dotnet_core
+  - p_ci_templates_5_minute_production_app
+  - p_ci_templates_ruby
+  - p_ci_templates_implicit_jobs_dast_default_branch_deploy
+  - p_ci_templates_implicit_jobs_load_performance_testing
+  - p_ci_templates_implicit_jobs_helm_2to3
+  - p_ci_templates_implicit_jobs_sast
+  - p_ci_templates_implicit_jobs_secret_detection
+  - p_ci_templates_implicit_jobs_code_intelligence
+  - p_ci_templates_implicit_jobs_code_quality
+  - p_ci_templates_implicit_jobs_deploy_ecs
+  - p_ci_templates_implicit_jobs_deploy_ec2
+  - p_ci_templates_implicit_auto_devops_deploy
+  - p_ci_templates_implicit_auto_devops_build
+  - p_ci_templates_implicit_jobs_browser_performance_testing
+  - p_ci_templates_implicit_jobs_test
+  - p_ci_templates_implicit_auto_devops_deploy_latest
+  - p_ci_templates_implicit_jobs_browser_performance_testing_latest
+  - p_ci_templates_implicit_jobs_cf_provision
+  - p_ci_templates_implicit_jobs_build_latest
+  - p_ci_templates_implicit_security_sast
+  - p_ci_templates_implicit_security_dast_runner_validation
+  - p_ci_templates_implicit_security_dast_on_demand_scan
+  - p_ci_templates_implicit_security_secret_detection
+  - p_ci_templates_implicit_security_license_scanning
+  - p_ci_templates_implicit_security_coverage_fuzzing
+  - p_ci_templates_implicit_security_api_fuzzing_latest
+  - p_ci_templates_implicit_security_secure_binaries
+  - p_ci_templates_implicit_security_dast_api
+  - p_ci_templates_implicit_security_container_scanning
+  - p_ci_templates_implicit_security_dast_latest
+  - p_ci_templates_implicit_security_dependency_scanning
+  - p_ci_templates_implicit_security_api_fuzzing
+  - p_ci_templates_implicit_security_dast
+  - p_ci_templates_implicit_security_cluster_image_scanning
 distribution:
 - ce
 - ee

config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml

@@ -15,20 +15,148 @@ instrumentation_class: RedisHLLMetric
 options:
   events:
   - p_ci_templates_implicit_auto_devops
-  - p_ci_templates_implicit_auto_devops_build
-  - p_ci_templates_implicit_auto_devops_deploy
-  - p_ci_templates_implicit_security_sast
-  - p_ci_templates_implicit_security_secret_detection
   - p_ci_templates_5_min_production_app
-  - p_ci_templates_auto_devops
   - p_ci_templates_aws_cf_deploy_ec2
-  - p_ci_templates_aws_deploy_ecs
   - p_ci_templates_auto_devops_build
   - p_ci_templates_auto_devops_deploy
   - p_ci_templates_auto_devops_deploy_latest
+  - p_ci_templates_terraform_base_latest
+  - p_ci_templates_terraform_base
+  - p_ci_templates_dotnet
+  - p_ci_templates_nodejs
+  - p_ci_templates_openshift
+  - p_ci_templates_auto_devops
+  - p_ci_templates_bash
+  - p_ci_templates_rust
+  - p_ci_templates_elixir
+  - p_ci_templates_clojure
+  - p_ci_templates_crystal
+  - p_ci_templates_getting_started
+  - p_ci_templates_code_quality
+  - p_ci_templates_verify_load_performance_testing
+  - p_ci_templates_verify_accessibility
+  - p_ci_templates_verify_failfast
+  - p_ci_templates_verify_browser_performance
+  - p_ci_templates_verify_browser_performance_latest
+  - p_ci_templates_grails
   - p_ci_templates_security_sast
+  - p_ci_templates_security_dast_runner_validation
+  - p_ci_templates_security_dast_on_demand_scan
   - p_ci_templates_security_secret_detection
-  - p_ci_templates_terraform_base_latest
+  - p_ci_templates_security_license_scanning
+  - p_ci_templates_security_coverage_fuzzing
+  - p_ci_templates_security_api_fuzzing_latest
+  - p_ci_templates_security_secure_binaries
+  - p_ci_templates_security_dast_api
+  - p_ci_templates_security_container_scanning
+  - p_ci_templates_security_dast_latest
+  - p_ci_templates_security_dependency_scanning
+  - p_ci_templates_security_api_fuzzing
+  - p_ci_templates_security_dast
+  - p_ci_templates_security_cluster_image_scanning
+  - p_ci_templates_ios_fastlane
+  - p_ci_templates_composer
+  - p_ci_templates_c
+  - p_ci_templates_python
+  - p_ci_templates_android_fastlane
+  - p_ci_templates_django
+  - p_ci_templates_maven
+  - p_ci_templates_flutter
+  - p_ci_templates_workflows_branch_pipelines
+  - p_ci_templates_workflows_mergerequest_pipelines
+  - p_ci_templates_laravel
+  - p_ci_templates_managed_cluster_applications
+  - p_ci_templates_php
+  - p_ci_templates_packer
+  - p_ci_templates_terraform
+  - p_ci_templates_mono
+  - p_ci_templates_serverless
+  - p_ci_templates_go
+  - p_ci_templates_scala
+  - p_ci_templates_latex
+  - p_ci_templates_android
+  - p_ci_templates_indeni_cloudrail
+  - p_ci_templates_deploy_ecs
+  - p_ci_templates_aws_cf_provision_and_deploy_ec2
+  - p_ci_templates_aws_deploy_ecs
+  - p_ci_templates_gradle
+  - p_ci_templates_chef
+  - p_ci_templates_jobs_dast_default_branch_deploy
+  - p_ci_templates_jobs_load_performance_testing
+  - p_ci_templates_jobs_helm_2to3
+  - p_ci_templates_jobs_sast
+  - p_ci_templates_jobs_secret_detection
+  - p_ci_templates_jobs_code_intelligence
+  - p_ci_templates_jobs_code_quality
+  - p_ci_templates_jobs_deploy_ecs
+  - p_ci_templates_jobs_deploy_ec2
+  - p_ci_templates_jobs_deploy
+  - p_ci_templates_jobs_build
+  - p_ci_templates_jobs_browser_performance_testing
+  - p_ci_templates_jobs_test
+  - p_ci_templates_jobs_deploy_latest
+  - p_ci_templates_jobs_browser_performance_testing_latest
+  - p_ci_templates_jobs_cf_provision
+  - p_ci_templates_jobs_build_latest
+  - p_ci_templates_terraform_latest
+  - p_ci_templates_swift
+  - p_ci_templates_pages_jekyll
+  - p_ci_templates_pages_harp
+  - p_ci_templates_pages_octopress
+  - p_ci_templates_pages_brunch
+  - p_ci_templates_pages_doxygen
+  - p_ci_templates_pages_hyde
+  - p_ci_templates_pages_lektor
+  - p_ci_templates_pages_jbake
+  - p_ci_templates_pages_hexo
+  - p_ci_templates_pages_middleman
+  - p_ci_templates_pages_hugo
+  - p_ci_templates_pages_pelican
+  - p_ci_templates_pages_nanoc
+  - p_ci_templates_pages_swaggerui
+  - p_ci_templates_pages_jigsaw
+  - p_ci_templates_pages_metalsmith
+  - p_ci_templates_pages_gatsby
+  - p_ci_templates_pages_html
+  - p_ci_templates_dart
+  - p_ci_templates_docker
+  - p_ci_templates_julia
+  - p_ci_templates_npm
+  - p_ci_templates_dotnet_core
+  - p_ci_templates_5_minute_production_app
+  - p_ci_templates_ruby
+  - p_ci_templates_implicit_jobs_dast_default_branch_deploy
+  - p_ci_templates_implicit_jobs_load_performance_testing
+  - p_ci_templates_implicit_jobs_helm_2to3
+  - p_ci_templates_implicit_jobs_sast
+  - p_ci_templates_implicit_jobs_secret_detection
+  - p_ci_templates_implicit_jobs_code_intelligence
+  - p_ci_templates_implicit_jobs_code_quality
+  - p_ci_templates_implicit_jobs_deploy_ecs
+  - p_ci_templates_implicit_jobs_deploy_ec2
+  - p_ci_templates_implicit_auto_devops_deploy
+  - p_ci_templates_implicit_auto_devops_build
+  - p_ci_templates_implicit_jobs_browser_performance_testing
+  - p_ci_templates_implicit_jobs_test
+  - p_ci_templates_implicit_auto_devops_deploy_latest
+  - p_ci_templates_implicit_jobs_browser_performance_testing_latest
+  - p_ci_templates_implicit_jobs_cf_provision
+  - p_ci_templates_implicit_jobs_build_latest
+  - p_ci_templates_implicit_security_sast
+  - p_ci_templates_implicit_security_dast_runner_validation
+  - p_ci_templates_implicit_security_dast_on_demand_scan
+  - p_ci_templates_implicit_security_secret_detection
+  - p_ci_templates_implicit_security_license_scanning
+  - p_ci_templates_implicit_security_coverage_fuzzing
+  - p_ci_templates_implicit_security_api_fuzzing_latest
+  - p_ci_templates_implicit_security_secure_binaries
+  - p_ci_templates_implicit_security_dast_api
+  - p_ci_templates_implicit_security_container_scanning
+  - p_ci_templates_implicit_security_dast_latest
+  - p_ci_templates_implicit_security_dependency_scanning
+  - p_ci_templates_implicit_security_api_fuzzing
+  - p_ci_templates_implicit_security_dast
+  - p_ci_templates_implicit_security_cluster_image_scanning
 distribution:
 - ce
 - ee

ee/app/services/app_sec/dast/scan_configs/build_service.rb

@@ -42,7 +42,7 @@ module AppSec
         def ci_configuration
           {
             'stages' => ['dast'],
-            'include' => [{ 'template' => 'DAST-On-Demand-Scan.gitlab-ci.yml' }],
+            'include' => [{ 'template' => 'Security/DAST-On-Demand-Scan.gitlab-ci.yml' }],
             'dast' => {
               'dast_configuration' => { 'site_profile' => dast_site_profile.name, 'scanner_profile' => dast_scanner_profile&.name }.compact
             }

ee/app/services/app_sec/dast/site_validations/runner_service.rb

@@ -30,7 +30,7 @@ module AppSec
         end
 
         def ci_configuration
-          { 'include' => [{ 'template' => 'DAST-Runner-Validation.gitlab-ci.yml' }] }
+          { 'include' => [{ 'template' => 'Security/DAST-Runner-Validation.gitlab-ci.yml' }] }
         end
 
         def dast_site_validation_variables

ee/app/services/app_sec/fuzzing/api/ci_configuration_create_service.rb

@@ -19,7 +19,7 @@ module AppSec
         def preset_configuration
           {
             'stages' => ['fuzz'],
-            'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }]
+            'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }]
           }
         end
 

ee/spec/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create_spec.rb

@@ -38,7 +38,7 @@ RSpec.describe Mutations::AppSec::Fuzzing::API::CiConfiguration::Create do
           )
           expect(Psych.load(subject[:configuration_yaml])).to eq({
             'stages' => ['fuzz'],
-            'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+            'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
             'variables' => {
               'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
               'FUZZAPI_HTTP_USERNAME' => '$USERNAME',

ee/spec/requests/api/graphql/mutations/app_sec/fuzzing/api/ci_configuration/create_spec.rb

@@ -52,7 +52,7 @@ RSpec.describe 'CreateApiFuzzingCiConfiguration' do
       expect(gitlab_ci_yml_edit_path).to eq(project_ci_pipeline_editor_path(project))
       expect(Psych.load(yaml)).to eq({
         'stages' => ['fuzz'],
-        'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+        'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
         'variables' => {
           'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
           'FUZZAPI_HTTP_USERNAME' => '$USERNAME',

ee/spec/services/app_sec/dast/scan_configs/build_service_spec.rb

@@ -28,7 +28,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do
         stages:
         - dast
         include:
-        - template: DAST-On-Demand-Scan.gitlab-ci.yml
+        - template: Security/DAST-On-Demand-Scan.gitlab-ci.yml
         dast:
           dast_configuration:
             site_profile: #{dast_site_profile.name}
@@ -92,7 +92,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do
             stages:
             - dast
             include:
-            - template: DAST-On-Demand-Scan.gitlab-ci.yml
+            - template: Security/DAST-On-Demand-Scan.gitlab-ci.yml
             dast:
               dast_configuration:
                 site_profile: #{dast_site_profile.name}

ee/spec/services/app_sec/fuzzing/api/ci_configuration_create_service_spec.rb

@@ -23,7 +23,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
       it 'returns the API fuzzing configuration based on the given parameters' do
         is_expected.to eq({
           'stages' => ['fuzz'],
-          'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+          'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
           'variables' => {
             'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
             'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
@@ -50,7 +50,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
       it 'returns the API fuzzing configuration based on the given parameters' do
         is_expected.to eq({
           'stages' => ['fuzz'],
-          'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+          'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
           'variables' => {
             'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
             'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
@@ -77,7 +77,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
       it 'returns the API fuzzing configuration based on the given parameters' do
         is_expected.to eq({
           'stages' => ['fuzz'],
-          'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+          'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
           'variables' => {
             'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
             'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
@@ -101,7 +101,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
       it 'does not include them in the configuration' do
         is_expected.to eq({
           'stages' => ['fuzz'],
-          'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }],
+          'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
           'variables' => {
             'FUZZAPI_HAR' => 'https://api.gov/api_spec',
             'FUZZAPI_TARGET_URL' => 'https://api.gov'

ee/spec/services/ci/create_pipeline_service/dast_configuration_spec.rb

@@ -22,7 +22,7 @@ RSpec.describe Ci::CreatePipelineService do
   let(:config) do
     <<~EOY
     include:
-      - template: DAST.gitlab-ci.yml
+      - template: Security/DAST.gitlab-ci.yml
     stages:
       - build
       - dast
@@ -72,6 +72,10 @@ RSpec.describe Ci::CreatePipelineService do
 
       project_features = project.licensed_features
       allow(project).to receive(:licensed_features).and_return(project_features << :dast)
+
+      # The latest version of the template does not run unless DAST is
+      # configured via environment variables.
+      stub_feature_flags(redirect_to_latest_template_security_dast: false)
     end
 
     context 'when the stage is dast' do