ISSUE-407 High Long Pipeline Composition
Invalid pipeline composition
Control: Pipeline must include required phases · Config key: pipelineMustIncludeRequiredPhases
📋 What is this?
The project's CI pipeline does not include all the required actions defined by your configuration.
⚠️ Impact
Missing actions in the pipeline can lead to unverified code being deployed. This increases the risk of security vulnerabilities, compliance issues, and software defects reaching production. For example, if security checks are absent, a vulnerable application can be deployed in production and lead to user data leak.
🔧 How to fix
Ensure that the CI pipeline includes all required validations as defined in your Policy controls.
✗ Before The pipeline skips required test and security scan phases.
# .gitlab-ci.yml — ❌ Missing required pipeline phasesstages: - build - deploy # Missing: test, security-scan (required by policy)
build: stage: build script: - docker build -t $CI_REGISTRY_IMAGE .
deploy: stage: deploy script: - kubectl apply -f k8s/ # Deploying without testing or security scanning!✓ After All required pipeline phases are present before deployment.
# .gitlab-ci.yml — ✅ All required phases presentstages: - build - test - security-scan - deploy
build: stage: build script: - docker build -t $CI_REGISTRY_IMAGE .
test: stage: test script: - pytest tests/
include: - component: gitlab.com/components/sast/sast@1.5.2
deploy: stage: deploy script: - kubectl apply -f k8s/💡 Tips
- Define required pipeline phases in
.plumber.yamlunderpipelineMustIncludeRequiredPhases.requiredPhases. - Use job name patterns to detect required phases across different pipeline implementations.
- Consider blocking deployments if required phases are missing using GitLab protected environments.
⚙️ Configuration
This control is configured in .plumber.yaml under the key:
controls:
pipelineMustIncludeRequiredPhases:
enabled: trueSee the CLI documentation for the full configuration reference.