Skip to content

Move status checks to policies

Why is this change being made?

To better align our features and capabilities, we've agreed between Security Policies and Compliance teams to move the feature under Security Policies.

As policies are focused on introducing security and compliance controls (enforcement mechanisms), the capability aligns well with policies. For example, merge request approval policies take data from outside of the MR (security scan data) and generate security approval requirements that block the MR and enforce additional approvals.

Status checks capture data outside of the MR (which could come from any external source a user desires, passed through a middleware API/service) and block an MR based on the status provided.

Within the Security Policies team, we plan to evolve the capabilities here by elevating the concept of status checks to a standalone security policy type. See gitlab-org&10177. This will allow for status checks to be created and enforced globally, ensure that checks can be relied on for compliance, and provide more flexibility to address a number of potential compliance use cases.

Author and Reviewer Checklist

Please verify the check list and ensure to tick them off before the MR is merged.

  • Provided a concise title for this Merge Request (MR)
  • Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
    • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
  • Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
    • The when to get approval handbook section explains the workflow in more detail
  • For transparency, share this MR with the audience that will be impacted.
    • Team: For changes that affect your direct team, share in your group Slack channel
    • Department: If the update affects your department, share the MR in your department Slack channel
    • Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR

Merge request reports

Loading