Policy bot comment example failure reasons
Description
Update policy bot comment for security policies. If there is a violation, update the text to share a few examples of why a policy may be violated, so developers have more context. This is a simple text update to provide more clarity to users.
File to change:
Current
Security and compliance scanners enforced by your organization have completed and identified that approvals
are required due to one or more policy violations.
Review the policy's rules in the MR widget and assign reviewers to proceed.
TEXT
<<~MARKDOWN
| :warning: **Policy violation(s) detected**|
| ----------------------------------------- |
| #{message} |
#{format('Learn more about [Security and Compliance policies](%{url}).',
url: Rails.application.routes.url_helpers.help_page_url('user/application_security/policies'))}
Proposed
Security and compliance scanners enforced by your organization have completed and identified that approvals are required due to one or more policy violations. Review the policy's rules in the MR widget and assign reviewers to proceed.
Several factors can lead to a violation in your merge request:
- If scan result policies enforced on your project include a scanner in the conditions, the scanner must be properly configured in your pipeline, the job must complete, and a job artifact containing the scan results must be produced (even if empty).
- Your project must have eligible approvers.
- The MR must contain no findings that violate the policy rules.
- Approvals are assumed required until the pipeline completes and no results are detected to be in violation of any enforced policies.
View policies enforced on your project here [link to project's policies page].
View troubleshooting guidance here.
Edited by Grant Hickman