Skip to content

Exclude projects shared with groups when applying a compliance framework

Luke Stahlman requested to merge exclude-shared-projects into main

By default the call to the /groups/:id/projects API endpoint will return projects that are shared with the group. There are a couple of scenarios that can occur as a result:

  • Shared projects that exist in the same common top level group: these would be assigned a compliance framework, which may be unexpected for admins or group owners running this tool
  • Shared projects that exist outside the same common top level group: the assignment would fail as compliance frameworks are defined at top-level groups and cannot be applied to projects in other groups

This change excludes such projects to avoid these scenarios.

Merge request reports