Add AppSec as Codeowner of Gemfile and Gemfile.lock / add to reviewer roulette
About
Our process recommends AppSec reviews for changes to our Gemfile
or Gemfile.lock
. However it's currently easy for this process to be overlooked !98681 (comment 1133687535).
MR reviewers tend to lean on some existing tooling to help notify/enforce reviews:
- Codeowners.
- Reviewer roulette.
Proposal
Either or both of these:
- Add AppSec as Codeowners of
Gemfile
andGemfile.lock
- Surface Roulette review recommendations for AppSec when those two files are changed.
Edited by Luke Duncalfe