Allow notifications on MR approval policy

Release notes

Currently, there is no way to be notified when approvals are required. Being able to setup a notifications (webhook or email) when an MR Approval Policy is raised is relevant for some customers.

Problem to solve

The security officer may need to be aware of vulnerabilities being identified in the MR pipelines.

Proposal

Implement both webhook and email notifications at the MR Approval Policy level to allow notifications.

• webhook enabled
• email notification enabled

Intended users

• Amy (Application Security Engineer)
• Alex (Security Operations Engineer)

Feature Usage Metrics

The number of subscriptions to the webhook and the number of email notifications setup.

Does this feature require an audit event?

Probably not.