Collect invalid policy yaml events for the first config only (!198552) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

A security policy project can be linked to multiple projects. When the policy yaml is invalidated in the security policy project, we don't need to generate duplicate audit events for all the configurations. Instead we can generate one event for the first config only, we do this already for security_policy_manage_audit_events

Ensures invalid policy YAML events are collected only for the first configuration of a management project.

References

#555468 (closed)

Screenshots or screen recordings

Before	After

How to set up and validate locally

Enable the feature flag from command line:

rails runner "Feature.enable(:collect_policy_yaml_invalidated_audit_event)"

Switch to admin mode and set up the audit event streaming

Doc: https://docs.gitlab.com/administration/compliance/audit_event_streaming/#add-a-new-http-destination
Localhost path: http://gdk.test:3000/admin/audit_logs?tab=streams
HTTP Listener: https://pipedream.com/ OR https://gitlab.com/imam_h/webhook-inbox

Create a project
Navigate to "Secure => Policies" and create a security policy with a merge request.
Create another project and selected the Security Policy Project created in step 3 as SPP
Manually edit the policy.yml in the SPP with a merge request and make it invalid
Merge the MR with invalid policy.yml file
Verify only one audit event of type policy_yaml_invalidated is recorded.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #555468 (closed)

Edited Jul 22, 2025 by Imam Hossain

Collect invalid policy yaml events for the first config only

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports