Resolve Merge Request Approval Policy violation comment when approved
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Allow the Security Bot comment from Merge Request Approval Policy violations to be "resolved" once the MR is approved. Currently, once approved, the comment remains unchanged in the MR.
From Slack discussion (internal).
Important context from Slack thread (to keep after archival):
It is not designed to be updated to "resolved" when approval is given. Technically, the violations are not resolved, they are just accepted
🤔 The comment gets updated to the resolved state when the violations are no longer detected in the MR, but for some rules, such as any_merge_request targeting any commits, this never gets resolved.
This is especially impactful for projects with settings enforced to require all threads to be resolved before merging: 
How to validate
- Create a Merge Request Approval Policy similar to below example YAML
- Create an MR targeting a protected branch
What you should see:
- The GitLab Security Bot makes a comment on the MR with
Policy violation(s) detected
If you later approve the MR, there is no change to the MR's comments, so it looks like the policy violation is still occurring.
Example YAML:
name: Merge request approval policy
description: ''
enabled: true
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 4
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
policy_scope:
projects:
excluding: []Workarounds
- Manually resolve the thread containing bot comments before merging.