DOS6051

CI/CD variable value should not be empty

DOS6051

GitLab project Severitymedium builtIn

Description

CI/CD variables should not have empty values. An empty value indicates a placeholder that was never populated — the dependent pipeline jobs will fail at runtime with confusing error messages. Either populate the value or delete the variable. Note: this rule does NOT check value content (which is masked / undisclosed); it only checks for non-empty length.

Recommendation

1. Go to project Settings > CI/CD > Variables (or group equivalent). 
2. For each variable with empty value, either populate it from your secret manager OR delete the variable.

Policy Rule

{
  "target": "GLCiVariable",
  "if": {
    "allOf": [
      {
        "resource": "GLCiVariable",
        "property": "Value",
        "operator": "notEquals",
        "value": ""
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS6050 DOS6052 »
Rule Details
  • Rule ID: DOS6051
  • Code: GL_CiVariable_Value_Should_Not_Be_Empty
  • Platform: GitLab
  • Category: project
  • Severity: Severitymedium
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2