Fix license approval policies to consider non-default branches
What does this MR do and why?
Addresses #395701 (closed)
License approval policies can be created through scan approval policies for specific or all protected branches. The approval rules configured through the policy should be applied to MRs that target those protected branches only. This MR fixes a bug where license approval rules does not work properly for MRs that target non-default branch as it considers only the licenses found in default branch.
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Create new project with Gemfile/Gemfile.lock and couple gems included,
- Create new .gitlab-ci.yml file and include Security/License-Scanning.yml template,
- Wait for pipeline to finish.
- Create new License approval policy (Security & Compliance -> Policies) and apply to a protected branch
- Create an MR that adds a new dependency targeting the protected branch mentioned in the policy
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Sashi Kumar Kumaresan