This MR adds new rule builder

New rule builder for any merge request for scan result policy on group and project level Changelog: changed EE: true

This MR adds new rule builder
4aa72d0f · Artur Fedorov · Alexander Turinske · 73307629 · 4aa72d0f · 4aa72d0f
Unverified Commit 4aa72d0f authored 1 year ago by Artur Fedorov Committed by Alexander Turinske 1 year ago
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/utils.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/scan_result/utils.js
@@ -302,7 +302,7 @@ const humanizeRule = (rule) => {
    }
  };
  
-  addCriteria(rule.severity_levels.length, () =>
+  addCriteria(rule.severity_levels?.length, () =>
    sprintf(s__('SecurityOrchestration|Severity is %{severity}.'), {
      severity: humanizeItems({
        items: rule.severity_levels,
@@ -310,7 +310,7 @@ const humanizeRule = (rule) => {
    }),
  );
  
-  addCriteria(rule.vulnerability_states.length, () =>
+  addCriteria(rule.vulnerability_states?.length, () =>
    sprintf(s__('SecurityOrchestration|Vulnerabilities are %{vulnerabilityStates}.'), {
      vulnerabilityStates: humanizeVulnerabilityStates(rule.vulnerability_states),
    }),

--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/constants.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/constants.js
@@ -116,6 +116,9 @@ export const ALL_PROTECTED_BRANCHES = {
  value: 'protected',
 };
  
+export const ANY_COMMIT = 'any';
+export const ANY_UNSIGNED_COMMIT = 'unsigned';
+
 export const ANY_OPERATOR = 'ANY';
  
 export const GREATER_THAN_OPERATOR = 'greater_than';

--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/any_merge_request_rule_builder.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/any_merge_request_rule_builder.vue
+<script>
+import { GlSprintf, GlCollapsibleListbox } from '@gitlab/ui';
+import { s__ } from '~/locale';
+import { ANY_COMMIT, ANY_UNSIGNED_COMMIT, SCAN_RESULT_BRANCH_TYPE_OPTIONS } from '../constants';
+import SectionLayout from '../section_layout.vue';
+import PolicyRuleBranchSelection from './policy_rule_branch_selection.vue';
+import ScanTypeSelect from './base_layout/scan_type_select.vue';
+import { getDefaultRule } from './lib';
+
+const COMMIT_LISTBOX_ITEMS = [
+  {
+    value: ANY_COMMIT,
+    text: s__('ScanResultPolicy|any commits'),
+  },
+  {
+    value: ANY_UNSIGNED_COMMIT,
+    text: s__('ScanResultPolicy|any unsigned commits'),
+  },
+];
+
+export default {
+  COMMIT_LISTBOX_ITEMS,
+  i18n: {
+    anyMergeRequestRuleCopy: s__(
+      'ScanResultPolicy|When %{scanType} in an open that targets %{branches} with %{commitType}',
+    ),
+  },
+  name: 'AnyMergeRequestRuleBuilder',
+  components: {
+    ScanTypeSelect,
+    SectionLayout,
+    GlCollapsibleListbox,
+    GlSprintf,
+    PolicyRuleBranchSelection,
+  },
+  inject: ['namespaceType'],
+  props: {
+    initRule: {
+      type: Object,
+      required: true,
+    },
+  },
+  computed: {
+    branchTypes() {
+      return SCAN_RESULT_BRANCH_TYPE_OPTIONS(this.namespaceType);
+    },
+    selectedCommitType() {
+      return this.initRule.commits || ANY_COMMIT;
+    },
+  },
+  methods: {
+    setBranchType(value) {
+      this.$emit('changed', value);
+    },
+    setScanType(value) {
+      const rule = getDefaultRule(value);
+      this.$emit('set-scan-type', rule);
+    },
+    setCommitType(type) {
+      this.triggerChanged({ commits: type });
+    },
+    triggerChanged(value) {
+      this.$emit('changed', { ...this.initRule, ...value });
+    },
+  },
+};
+</script>
+
+<template>
+  <section-layout :type="initRule.type" :show-remove-button="false">
+    <template #content>
+      <section-layout class="gl-bg-white!" :type="initRule.type" @remove="$emit('remove')">
+        <template #content>
+          <gl-sprintf :message="$options.i18n.anyMergeRequestRuleCopy">
+            <template #scanType>
+              <scan-type-select :scan-type="initRule.type" @select="setScanType" />
+            </template>
+
+            <template #branches>
+              <policy-rule-branch-selection
+                :init-rule="initRule"
+                :branch-types="branchTypes"
+                @changed="triggerChanged"
+                @set-branch-type="setBranchType"
+              />
+            </template>
+
+            <template #commitType>
+              <gl-collapsible-listbox
+                data-testid="commits-type"
+                :items="$options.COMMIT_LISTBOX_ITEMS"
+                :selected="selectedCommitType"
+                @select="setCommitType"
+              />
+            </template>
+          </gl-sprintf>
+        </template>
+      </section-layout>
+    </template>
+  </section-layout>
+</template>
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/base_layout/scan_type_select.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/base_layout/scan_type_select.vue
 <script>
 import { GlCollapsibleListbox } from '@gitlab/ui';
 import { s__ } from '~/locale';
-import { SCAN_FINDING, LICENSE_FINDING } from '../lib';
+import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
+import { ANY_MERGE_REQUEST, SCAN_FINDING, LICENSE_FINDING } from '../lib';
  
 export default {
  scanTypeOptions: [
@@ -21,6 +22,7 @@ export default {
  components: {
    GlCollapsibleListbox,
  },
+  mixins: [glFeatureFlagsMixin()],
  props: {
    scanType: {
      type: String,
@@ -37,8 +39,18 @@ export default {
    scanRuleTypeToggleText() {
      return this.scanType ? '' : this.$options.i18n.scanRuleTypeToggleText;
    },
+    anyMergeRequestItem() {
+      return this.glFeatures.scanResultAnyMergeRequest
+        ? [
+            {
+              value: ANY_MERGE_REQUEST,
+              text: s__('SecurityOrchestration|Any merge request'),
+            },
+          ]
+        : [];
+    },
    listBoxItems() {
-      return [...this.items, ...this.$options.scanTypeOptions];
+      return [...this.anyMergeRequestItem, ...this.items, ...this.$options.scanTypeOptions];
    },
  },
  methods: {

--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/lib/from_yaml.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/lib/from_yaml.js
@@ -25,6 +25,7 @@ export const fromYaml = ({ manifest, validateRuleMode = false, glFeatures = {} }
        'branches',
        'branch_type',
        'branch_exceptions',
+        'commits',
        'license_states',
        'license_types',
        'match_on_inclusion',

--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/lib/index.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/lib/index.js
@@ -12,6 +12,7 @@ export {
  invalidVulnerabilityAge,
  humanizeInvalidBranchesError,
  invalidVulnerabilityAttributes,
+  ANY_MERGE_REQUEST,
  SCAN_FINDING,
  LICENSE_FINDING,
 } from './rules';

--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/lib/rules.js
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/lib/rules.js
@@ -5,6 +5,7 @@ import { REPORT_TYPES_DEFAULT } from 'ee/security_dashboard/store/constants';
 import { isPositiveInteger } from '~/lib/utils/number_utils';
 import {
  ALL_PROTECTED_BRANCHES,
+  ANY_COMMIT,
  BRANCH_TYPE_KEY,
  INVALID_PROTECTED_BRANCHES,
  VALID_SCAN_RESULT_BRANCH_TYPE_OPTIONS,
@@ -26,7 +27,7 @@ export const VULNERABILITY_STATE_KEYS = [
  ...Object.keys(APPROVAL_VULNERABILITY_STATES[NEWLY_DETECTED]),
  ...Object.keys(APPROVAL_VULNERABILITY_STATES[PREVIOUSLY_EXISTING]),
 ];
-
+export const ANY_MERGE_REQUEST = 'any_merge_request';
 export const SCAN_FINDING = 'scan_finding';
 export const LICENSE_FINDING = 'license_finding';
 export const MATCHING = s__('ScanResultPolicy|Matching');
@@ -57,6 +58,12 @@ export const licenseScanBuildRule = () => ({
  branch_type: ALL_PROTECTED_BRANCHES.value,
 });
  
+export const anyMergeRequestBuildRule = () => ({
+  type: ANY_MERGE_REQUEST,
+  branch_type: ALL_PROTECTED_BRANCHES.value,
+  commits: ANY_COMMIT,
+});
+
 /*
  Construct a new rule object for when the licenseScanningPolocies flag is on
 */
@@ -156,6 +163,8 @@ export const getDefaultRule = (scanType) => {
      return securityScanBuildRule();
    case LICENSE_FINDING:
      return licenseScanBuildRule();
+    case ANY_MERGE_REQUEST:
+      return anyMergeRequestBuildRule();
    default:
      return emptyBuildRule();
  }

--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_builder.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_builder.vue
 <script>
 import { GlAlert, GlSprintf } from '@gitlab/ui';
-import { SCAN_FINDING, LICENSE_FINDING } from './lib';
+import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
+import { ANY_MERGE_REQUEST, SCAN_FINDING, LICENSE_FINDING } from './lib';
+import AnyMergeRequestRuleBuilder from './any_merge_request_rule_builder.vue';
 import SecurityScanRuleBuilder from './security_scan_rule_builder.vue';
 import LicenseScanRuleBuilder from './license_scan_rule_builder.vue';
 import DefaultRuleBuilder from './default_rule_builder.vue';
@@ -10,9 +12,11 @@ export default {
    GlAlert,
    GlSprintf,
    DefaultRuleBuilder,
+    AnyMergeRequestRuleBuilder,
    SecurityScanRuleBuilder,
    LicenseScanRuleBuilder,
  },
+  mixins: [glFeatureFlagsMixin()],
  props: {
    initRule: {
      type: Object,
@@ -21,6 +25,7 @@ export default {
  },
  data() {
    const previousRules = {
+      [ANY_MERGE_REQUEST]: null,
      [SCAN_FINDING]: null,
      [LICENSE_FINDING]: null,
    };
@@ -39,6 +44,9 @@ export default {
    };
  },
  computed: {
+    isAnyMergeRequestRule() {
+      return this.initRule.type === ANY_MERGE_REQUEST;
+    },
    isSecurityRule() {
      return this.initRule.type === SCAN_FINDING;
    },
@@ -92,6 +100,14 @@ export default {
      @set-scan-type="setScanType"
    />
  
+    <any-merge-request-rule-builder
+      v-else-if="isAnyMergeRequestRule && glFeatures.scanResultAnyMergeRequest"
+      :init-rule="initRule"
+      @changed="updateRule"
+      @remove="removeRule"
+      @set-scan-type="setScanType"
+    />
+
    <security-scan-rule-builder
      v-else-if="isSecurityRule"
      :init-rule="initRule"

--- a/ee/app/controllers/groups/security/policies_controller.rb
+++ b/ee/app/controllers/groups/security/policies_controller.rb
@@ -11,6 +11,7 @@ class PoliciesController < Groups::ApplicationController
  
      before_action do
        push_frontend_feature_flag(:scan_result_policy_settings, group)
+        push_frontend_feature_flag(:scan_result_any_merge_request, group)
      end
  
      feature_category :security_policy_management

--- a/ee/app/controllers/projects/security/policies_controller.rb
+++ b/ee/app/controllers/projects/security/policies_controller.rb
@@ -12,7 +12,8 @@ class PoliciesController < Projects::ApplicationController
  
      before_action do
        push_frontend_feature_flag(:security_policies_branch_exceptions, project)
-        push_frontend_feature_flag(:scan_result_policy_settings, @project)
+        push_frontend_feature_flag(:scan_result_policy_settings, project)
+        push_frontend_feature_flag(:scan_result_any_merge_request, project)
      end
  
      feature_category :security_policy_management

--- a/ee/config/feature_flags/development/scan_result_any_merge_request.yml
+++ b/ee/config/feature_flags/development/scan_result_any_merge_request.yml
+---
+name: scan_result_any_merge_request
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130630
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/423988
+milestone: '16.4'
+type: development
+group: group::security policies
+default_enabled: false
--- a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result_policy/any_merge_request_rule_builder_spec.js
+++ b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result_policy/any_merge_request_rule_builder_spec.js
+import { GlSprintf } from '@gitlab/ui';
+import AnyMergeRequestRuleBuilder from 'ee/security_orchestration/components/policy_editor/scan_result_policy/any_merge_request_rule_builder.vue';
+import SectionLayout from 'ee/security_orchestration/components/policy_editor/section_layout.vue';
+import PolicyRuleBranchSelection from 'ee/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_branch_selection.vue';
+import ScanTypeSelect from 'ee/security_orchestration/components/policy_editor/scan_result_policy/base_layout/scan_type_select.vue';
+
+import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
+import {
+  ANY_COMMIT,
+  ANY_UNSIGNED_COMMIT,
+  PROJECT_DEFAULT_BRANCH,
+} from 'ee/security_orchestration/components/policy_editor/constants';
+import {
+  ANY_MERGE_REQUEST,
+  getDefaultRule,
+  anyMergeRequestBuildRule,
+  SCAN_FINDING,
+} from 'ee/security_orchestration/components/policy_editor/scan_result_policy/lib/rules';
+import { NAMESPACE_TYPES } from 'ee/security_orchestration/constants';
+
+describe('AnyMergeRequestRuleBuilder', () => {
+  let wrapper;
+
+  const UPDATED_RULE = {
+    ...anyMergeRequestBuildRule(),
+    branch_type: PROJECT_DEFAULT_BRANCH.value,
+    commits: ANY_UNSIGNED_COMMIT,
+  };
+
+  const createComponent = ({ props = {} } = {}) => {
+    wrapper = shallowMountExtended(AnyMergeRequestRuleBuilder, {
+      propsData: {
+        initRule: anyMergeRequestBuildRule(),
+        ...props,
+      },
+      provide: {
+        namespaceType: NAMESPACE_TYPES.GROUP,
+      },
+      stubs: {
+        GlSprintf,
+      },
+    });
+  };
+
+  const findAllBaseLayoutComponent = () => wrapper.findAllComponents(SectionLayout);
+  const findCommitsTypeListBox = () => wrapper.findByTestId('commits-type');
+  const findScanTypeSelect = () => wrapper.findComponent(ScanTypeSelect);
+  const findBranches = () => wrapper.findComponent(PolicyRuleBranchSelection);
+
+  describe('initial rendering', () => {
+    beforeEach(() => {
+      createComponent();
+    });
+
+    it('renders one field for each attribute of the rule', () => {
+      expect(findScanTypeSelect().exists()).toBe(true);
+      expect(findBranches().exists()).toBe(true);
+      expect(findCommitsTypeListBox().exists()).toBe(true);
+    });
+
+    it('can remove rule builder', () => {
+      findAllBaseLayoutComponent().at(1).vm.$emit('remove');
+      expect(wrapper.emitted('remove')).toHaveLength(1);
+    });
+
+    it('can change scan type', () => {
+      findScanTypeSelect().vm.$emit('select', SCAN_FINDING);
+
+      expect(wrapper.emitted('set-scan-type')).toEqual([[getDefaultRule(SCAN_FINDING)]]);
+    });
+
+    it('can change branch_type', () => {
+      findBranches().vm.$emit('set-branch-type', UPDATED_RULE);
+
+      expect(wrapper.emitted('changed')).toEqual([[UPDATED_RULE]]);
+    });
+
+    it('can change commits type', () => {
+      expect(findCommitsTypeListBox().props('selected')).toBe(ANY_COMMIT);
+      findCommitsTypeListBox().vm.$emit('select', ANY_UNSIGNED_COMMIT);
+
+      expect(wrapper.emitted('changed')).toEqual([
+        [
+          {
+            ...getDefaultRule(ANY_MERGE_REQUEST),
+            commits: ANY_UNSIGNED_COMMIT,
+          },
+        ],
+      ]);
+    });
+  });
+
+  it('should display saved rule parameters', () => {
+    createComponent({
+      props: {
+        initRule: {
+          ...UPDATED_RULE,
+        },
+      },
+    });
+
+    expect(findBranches().props('initRule')).toEqual(UPDATED_RULE);
+
+    expect(findCommitsTypeListBox().props('selected')).toBe(UPDATED_RULE.commits);
+
+    expect(findScanTypeSelect().props('scanType')).toBe(ANY_MERGE_REQUEST);
+  });
+});
--- a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result_policy/base_layout/scan_type_select_spec.js
+++ b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result_policy/base_layout/scan_type_select_spec.js
 import { GlCollapsibleListbox, GlListboxItem } from '@gitlab/ui';
 import ScanTypeSelect from 'ee/security_orchestration/components/policy_editor/scan_result_policy/base_layout/scan_type_select.vue';
 import {
+  ANY_MERGE_REQUEST,
  LICENSE_FINDING,
  SCAN_FINDING,
 } from 'ee/security_orchestration/components/policy_editor/scan_result_policy/lib';
@@ -14,6 +15,11 @@ describe('ScanTypeSelect', () => {
      propsData: {
        ...props,
      },
+      provide: {
+        glFeatures: {
+          scanResultAnyMergeRequest: true,
+        },
+      },
      stubs: {
        GlCollapsibleListbox,
      },
@@ -25,7 +31,12 @@ describe('ScanTypeSelect', () => {
  
  it('can render defaultOptions', () => {
    createComponent();
-    expect(findListBoxItems()).toHaveLength(2);
+    expect(findListBoxItems()).toHaveLength(3);
+    expect(
+      findListBox()
+        .props('items')
+        .map(({ value }) => value),
+    ).toStrictEqual([ANY_MERGE_REQUEST, SCAN_FINDING, LICENSE_FINDING]);
  });
  
  it('can select scan type', () => {
@@ -40,8 +51,8 @@ describe('ScanTypeSelect', () => {
      items: [{ text: 'test', value: 'test' }],
    });
  
-    expect(findListBoxItems()).toHaveLength(3);
-    expect(findListBoxItems().at(0).text('')).toEqual('test');
+    expect(findListBoxItems()).toHaveLength(4);
+    expect(findListBoxItems().at(1).text('')).toEqual('test');
  });
  
  it('can preselect existing scan', () => {

--- a/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_builder_spec.js
+++ b/ee/spec/frontend/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_builder_spec.js
 import { GlAlert, GlSprintf } from '@gitlab/ui';
 import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
+import AnyMergeRequestRuleBuilder from 'ee/security_orchestration/components/policy_editor/scan_result_policy/any_merge_request_rule_builder.vue';
 import DefaultRuleBuilder from 'ee/security_orchestration/components/policy_editor/scan_result_policy/default_rule_builder.vue';
 import PolicyRuleBuilder from 'ee/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_builder.vue';
 import SecurityScanRuleBuilder from 'ee/security_orchestration/components/policy_editor/scan_result_policy/security_scan_rule_builder.vue';
@@ -10,6 +11,7 @@ import {
  LICENSE_FINDING,
 } from 'ee/security_orchestration/components/policy_editor/scan_result_policy/lib';
 import {
+  anyMergeRequestBuildRule,
  emptyBuildRule,
  securityScanBuildRule,
  licenseScanBuildRule,
@@ -34,6 +36,10 @@ describe('PolicyRuleBuilder', () => {
    license_states: ['newly_detected', 'detected'],
  };
  
+  const ANY_MERGE_REQUEST_RULE = {
+    ...anyMergeRequestBuildRule(),
+  };
+
  const factory = ({ propsData = {}, provide = {} } = {}) => {
    wrapper = shallowMountExtended(PolicyRuleBuilder, {
      propsData: {
@@ -43,6 +49,9 @@ describe('PolicyRuleBuilder', () => {
      provide: {
        namespaceId: '1',
        namespaceType: NAMESPACE_TYPES.PROJECT,
+        glFeatures: {
+          scanResultAnyMergeRequest: true,
+        },
        ...provide,
      },
      stubs: {
@@ -52,28 +61,35 @@ describe('PolicyRuleBuilder', () => {
  };
  
  const findAlert = () => wrapper.findComponent(GlAlert);
+  const findAnyMergeRequestRule = () => wrapper.findComponent(AnyMergeRequestRuleBuilder);
  const findEmptyScanRuleBuilder = () => wrapper.findComponent(DefaultRuleBuilder);
  const findSecurityScanRule = () => wrapper.findComponent(SecurityScanRuleBuilder);
  const findLicenseScanRule = () => wrapper.findComponent(LicenseScanRuleBuilder);
  
  describe('when a rule type is selected', () => {
    it.each`
-      ruleType           | rule                     | showSecurityRule | showLicenseRule
-      ${'unselected'}    | ${emptyBuildRule()}      | ${false}         | ${false}
-      ${'security scan'} | ${SECURITY_SCAN_RULE}    | ${true}          | ${false}
-      ${'license scan'}  | ${LICENSE_SCANNING_RULE} | ${false}         | ${true}
-    `('renders the $ruleType policy', ({ rule, showSecurityRule, showLicenseRule }) => {
-      factory({ propsData: { initRule: rule } });
-      expect(findSecurityScanRule().exists()).toBe(showSecurityRule);
-      expect(findLicenseScanRule().exists()).toBe(showLicenseRule);
-    });
+      ruleType               | rule                      | showSecurityRule | showLicenseRule | showAnyMergeRequestRule
+      ${'unselected'}        | ${emptyBuildRule()}       | ${false}         | ${false}        | ${false}
+      ${'security scan'}     | ${SECURITY_SCAN_RULE}     | ${true}          | ${false}        | ${false}
+      ${'license scan'}      | ${LICENSE_SCANNING_RULE}  | ${false}         | ${true}         | ${false}
+      ${'any merge request'} | ${ANY_MERGE_REQUEST_RULE} | ${false}         | ${false}        | ${true}
+    `(
+      'renders the $ruleType policy',
+      ({ rule, showSecurityRule, showLicenseRule, showAnyMergeRequestRule }) => {
+        factory({ propsData: { initRule: rule } });
+        expect(findSecurityScanRule().exists()).toBe(showSecurityRule);
+        expect(findLicenseScanRule().exists()).toBe(showLicenseRule);
+        expect(findAnyMergeRequestRule().exists()).toBe(showAnyMergeRequestRule);
+      },
+    );
  });
  
-  describe('selects correct rule', () => {
+  describe('change to different rule', () => {
    it.each`
-      initialRule                | findComponent           | expectedRule
-      ${licenseScanBuildRule()}  | ${findLicenseScanRule}  | ${securityScanBuildRule()}
-      ${securityScanBuildRule()} | ${findSecurityScanRule} | ${licenseScanBuildRule()}
+      initialRule                   | findComponent              | expectedRule
+      ${licenseScanBuildRule()}     | ${findLicenseScanRule}     | ${securityScanBuildRule()}
+      ${securityScanBuildRule()}    | ${findSecurityScanRule}    | ${licenseScanBuildRule()}
+      ${anyMergeRequestBuildRule()} | ${findAnyMergeRequestRule} | ${licenseScanBuildRule()}
    `('selects correct rule for scan type', ({ initialRule, findComponent, expectedRule }) => {
      factory({
        propsData: {
@@ -111,10 +127,11 @@ describe('PolicyRuleBuilder', () => {
  
  describe('removing a rule', () => {
    it.each`
-      ruleType           | rule                     | findComponent
-      ${'unselected'}    | ${emptyBuildRule()}      | ${findEmptyScanRuleBuilder}
-      ${'security scan'} | ${SECURITY_SCAN_RULE}    | ${findSecurityScanRule}
-      ${'license scan'}  | ${LICENSE_SCANNING_RULE} | ${findLicenseScanRule}
+      ruleType               | rule                      | findComponent
+      ${'unselected'}        | ${emptyBuildRule()}       | ${findEmptyScanRuleBuilder}
+      ${'security scan'}     | ${SECURITY_SCAN_RULE}     | ${findSecurityScanRule}
+      ${'license scan'}      | ${LICENSE_SCANNING_RULE}  | ${findLicenseScanRule}
+      ${'any merge request'} | ${ANY_MERGE_REQUEST_RULE} | ${findAnyMergeRequestRule}
    `(
      'emits the remove event when removing the $ruleType rule',
      async ({ findComponent, rule }) => {

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -41651,9 +41651,18 @@ msgstr ""
 msgid "ScanResultPolicy|When %{scanType} in an open merge request targeting %{branches} %{branchExceptions} and the licenses match all of the following criteria:"
 msgstr ""
  
+msgid "ScanResultPolicy|When %{scanType} in an open that targets %{branches} with %{commitType}"
+msgstr ""
+
 msgid "ScanResultPolicy|When %{scanners} find scanner specified conditions in an open merge request targeting the %{branches} %{branchExceptions} and match %{boldDescription} of the following criteria"
 msgstr ""
  
+msgid "ScanResultPolicy|any commits"
+msgstr ""
+
+msgid "ScanResultPolicy|any unsigned commits"
+msgstr ""
+
 msgid "ScanResultPolicy|license status"
 msgstr ""
  
@@ -42297,6 +42306,9 @@ msgstr ""
 msgid "SecurityOrchestration|And scans to be performed:"
 msgstr ""
  
+msgid "SecurityOrchestration|Any merge request"
+msgstr ""
+
 msgid "SecurityOrchestration|Are you sure you want to delete this policy? This action cannot be undone."
 msgstr ""