DOS6050

CI/CD variable description should not be empty

DOS6050

GitLab project Severitylow builtIn

Description

CI/CD variables should carry a non-empty Description so that compliance reviewers and incoming team members can understand the variable's purpose, source-of-truth (which secret manager owns it), and rotation cadence — without having to grep .gitlab-ci.yml for usage. Empty descriptions indicate ungoverned secrets.

Recommendation

1. Go to project Settings > CI/CD > Variables (or group equivalent). 
2. For each variable, click Edit and fill the Description field with: purpose, owner, rotation date, link to secret-management issue.

Policy Rule

{
  "target": "GLCiVariable",
  "if": {
    "allOf": [
      {
        "resource": "GLCiVariable",
        "property": "Description",
        "operator": "notEquals",
        "value": ""
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS6049 DOS6051 »
Rule Details
  • Rule ID: DOS6050
  • Code: GL_CiVariable_Description_Should_Not_Be_Empty
  • Platform: GitLab
  • Category: project
  • Severity: Severitylow
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2