Add an avatar to security policy bot
What does this MR do and why?
The security_policy_bot users can only be identified by name. They don't have a specific avatar.
An avatar would make it easier to identify the security_policy_bot users.
This MR updates the Security::Orchestration::CreateBotService to create security_policy_bot with security-bot avatar as discussed here.
This update only works for new security_policy_bot users. We will update the avatar to the existing security_policy_bot users in another MR.
Related to: #421386
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Create a new project
- Go to Secure > Policies
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: a
description: ''
enabled: true
rules:
- type: license_finding
match_on_inclusion: true
license_types:
- 3dfx Glide License
license_states:
- newly_detected
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- owner
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true- Click on Configure with a merge request
- Merge the new MR to add the policy
- Go to Manage > Members and verify the GitLab Security Policy bot was added with the
security-botavatar.
Edited by Marcos Rocha