Skip to content

Add an avatar to security policy bot

What does this MR do and why?

The security_policy_bot users can only be identified by name. They don't have a specific avatar. An avatar would make it easier to identify the security_policy_bot users.

This MR updates the Security::Orchestration::CreateBotService to create security_policy_bot with security-bot avatar as discussed here.

This update only works for new security_policy_bot users. We will update the avatar to the existing security_policy_bot users in another MR.

Related to: #421386

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
image Screenshot_2024-02-21_at_8.37.15_AM

How to set up and validate locally

  1. Create a new project
  2. Go to Secure > Policies
  3. Click on New policy
  4. Select Merge request approval policy
  5. Change to .yaml mode
  6. Copy the yaml below:
type: approval_policy
name: a
description: ''
enabled: true
rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - 3dfx Glide License
    license_states:
      - newly_detected
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - owner
approval_settings:
  block_branch_modification: true
  prevent_pushing_and_force_pushing: true
  1. Click on Configure with a merge request
  2. Merge the new MR to add the policy
  3. Go to Manage > Members and verify the GitLab Security Policy bot was added with the security-bot avatar.

image

Edited by Marcos Rocha

Merge request reports