Discussion: should separate security gate from approvals widget and merge it MR security widget?
Background
In the context of this issue, terminology note: Security gate setup = vulnerability-check setup in Settings(See picture below); Security gate MR widget = MR approval widget
Security gate setup (=vulnerability-check setup)
Security gate MR widget(=MR approval widget)
MR security widget
This is an issue created from original comment and comment. The concerns are around, from a user's perspective:
- In MR, security widget is more connect with security gate. It follows the mind patter: I see high-risk vulns found, I decide to fix/approve or not. Currently, when the security gate is together with all other approval rules, user need to follow I see high-risk vulns found, they are false positive, but where should I allow it? oh, It is approval rules, I need to go to approval rules widget
- if we separate security gate from approvals, should we introduce new status to job status, such as block jobs. See illustration below:
| No Vulns found | Vulns Found | |
|---|---|---|
| No tech error for pipeline & Security gate disabled |  |
 |
| No tech error for pipeline & Security gate enabled |  |
 |
| tech error for pipeline & Security gate disabled |  |
 |
| tech error for pipeline & Security gate enabled |  |
 |
Open question
- What are the pros/cons you think to separate security gate from approvals?
Edited by Camellia X Yang