Add an optional reason when approving/denying licenses
Problem to solve
When users approve/blacklist licenses, they have a reason for that.
This reason is not tracked anywhere, but it could help developers to better figure out why they are forbidden to add a dependency in the codebase.
This is also useful to Compliance to track if policies are reflected correctly.
We can allow an optional sentence when approving/blacklisting licenses. The sentence will be saved and shown later.
Intended users
- Development team lead
- Software Developer
Further details
The reason should be optional and should not create friction for users that are not interested in setting it. We don't want to introduce something that bugs users and leads to not use the entire feature.
Proposal
When approving/blacklisting a license in settings or in the merge request view, allow an optional text to specify the reason. It is similar to what you can set when dismissing vulnerabilities.
| Add note | License list | MR widget | License modal |
|---|---|---|---|
 |
 |
 |
 |
| Optional input when user is adding a license / also include in https://gitlab.com/gitlab-org/gitlab-ee/issues/12941 | Not visible in the compliance list (https://gitlab.com/gitlab-org/gitlab-ee/issues/13582). Comment icon displays not on hover | Visible in the MR, hover on icon displays note | Note displayed in license modal (from MR widget in 3) |
Permissions and Security
To set the message, same permissions of setting the rule. To get the message, same permissions of getting the rule.
Documentation
This option should be documented with use cases and intended scope.
What does success look like, and how can we measure that?
Number of messages set.