Feature Request: Add wildcard pattern support for branch targeting in security policies

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Background

It's currently not possible to use wildcards with security policies. Currently, merge request approval policies perform literal string comparisons when matching branch names, not wildcard expansion. This means that even if branch protection uses wildcards (like release/*), the merge request approval policy requires explicit branch names (like release/production).

Problem to solve

This limitation creates challenges for organizations with complex branching strategies or that follow branch naming conventions with multiple similar branches (e.g., release/v1.0, release/v2.0, etc.):

• Teams must manually list every branch that needs a specific policy applied
• As new branches are created following established patterns, policies must be updated to include each branch
• Maintaining consistent policy application across similar branches becomes difficult and error-prone
• There's a mismatch between how branch protection rules work (supporting wildcards) and how security policies work (requiring exact matches)

Proposal

Enhance security policies to support wildcard pattern matching for branch names, similar to how branch protection rules already work. Specifically:

1. Allow the use of the * wildcard in the branches field of security policy rules to match any sequence of characters
2. Ensure proper pattern matching so that release/* would match any branch beginning with release/
3. Maintain backward compatibility with existing policies using exact branch names

This enhancement would align the behavior of security policies with branch protection rules, providing a more intuitive and maintainable way to manage security policies across branch patterns.