Disallow license scans when policy is in warn-mode
What does this MR do and why?
This MR disallows the creation and use of license scan rules when the policy enforcement type is set to warn. As discussed in here, implementing warn mode for license policies has proven to be too complex for the current development cycle. Rather than implementing a partial solution that could lead to inconsistent behavior. This MR disallows the combination of license scan rules with warn enforcement type in the security policy schema.
References
- Implementation issue: #570791
How to set up and validate locally
- Create a project
- On the left sidebar, select Security & Compliance and Policies.
- Select New Policy.
- Select Merge request approval policy
- Switch to
.yaml mode - Paste the following policy
approval_policy: - name: test description: '' enabled: true enforcement_type: warn policy_scope: projects: excluding: [] rules: - type: license_finding match_on_inclusion_license: true licenses: allowed: [] license_states: [] branch_type: protected actions: - type: require_approval approvals_required: 1 role_approvers: - maintainer - type: send_bot_message enabled: true approval_settings: block_branch_modification: true block_group_branch_modification: true prevent_pushing_and_force_pushing: true prevent_approval_by_author: true prevent_approval_by_commit_author: true remove_approvals_with_new_commit: true require_password_to_approve: false fallback_behavior: fail: closed - Select Create new project with the new policy
- It should fail
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Andy Schoenen