Preserve comments in the yaml when editing a security policy in the policy editor

Summary

sometimes users add comments to the policy yaml
https://gitlab.com/gitlab-org/gitlab/-/issues/400221#note_1965765211

Steps to reproduce

Upload a GitLab Ultimate license
Navigate to a project => Secure => Policies => New policy => Any policy type => Navigate to yaml mode => Manually add comments => Save the policy

Example Project

gitlab-org/security-products/analyzers/analyzers-security-policy-project!4 (closed)

What is the current bug behavior?

the comments are not in the policy yaml in the merge request

What is the expected correct behavior?

the comments are in the policy yaml in the merge request

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info


(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

The frontend sends the policy yaml with the comments, so the backend must be removing them

backend

Edited Aug 25, 2025 by 🤖 GitLab Bot 🤖