Explain scan result policy approval scenarios
What does this MR do and why?
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Merge request reports
Activity
assigned to @g.hickman
- A deleted user
added documentation label
1 Warning 
This merge request does not refer to an existing milestone. 1 Message 
This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/user/application_security/policies/scan-result-policies.md(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.mdfiles that you've changed. The first few lines of each*.mdfile identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
-
Resolved by Grant Hickman
1 Error 
Please add typebug typefeature, or typemaintenance label to this merge request.
added docs-only label
added typemaintenance label and removed docs-only label
added docs-only label
4 Warnings 18c51e95: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines. c11c95fb: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines. cda9ee82: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines. 2f3c377e: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines. 1 Message This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/user/application_security/policies/scan-result-policies.md(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.mdfiles that you've changed. The first few lines of each*.mdfile identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
-
requested review from @sashi_kumar and @rdickenson
requested review from @alan
Resolved by Alan (Maciej) Paruszewski@sashi_kumar @rdickenson @alan
Proposing a few docs improvements to provide more detail around how approvals actually work in security policies.
@sashi_kumar Can you confirm again the current state regarding source branch results? Is it accurate to say we consider the latest completed pipeline for most pipeline sources? Also I tried to document all pipeline sources I could find as supported/unsupported and wanted to confirm. I couldn't track down the list you had shared previously in code that showed all sources
@rdickenson I tried multiple times and have failed to see what I'm doing wrong with the broken relative link. I'd like to know what I'm doing wrong so I don't need help on this in the future
@alan Do you have any ideas/contributions that can help us reduce the support burden for the known cases we've been discussing in &11020 (closed)? My hope is that as we deprioritize that epic (for now), we can better explain the current state and our plans, which should help support/CSMs block for us until we are able to get back to work on those plans.
- Last reply by Alan (Maciej) Paruszewski
changed milestone to %16.6
added devopsgovern sectionsec labels and removed devopssecure label
mentioned in commit b304bb04
-
@g.hickman I've reviewed, approved, and merged this MR.
praise: Thanks for raising this MR. Having this explained clearly will be a huge help to those trying to understand just why an SRP behaves as it does.
-
Thank you for your support @rdickenson! I think it's definitely a good start and hopefully will help customers understand these tricky details a bit better
added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
added releasedcandidate label
