Skip to content

Move license_finding violations to enforced policy bot section

Dominic Bauerrequested to merge
563868-update-bot-comment-message-for-warn-mode-mrap-settings-5 into master

What does this MR do and why?

We are working on warn mode for merge request approval policies (&15552). Violations associated to a policy that is in warn mode can be bypassed by users, and their approval_settings don't take effect.

This MR is the fifth in a series to update the policy bot comment to partition violations into warn-mode and enforced sections. Because the Beta release of warn mode doesn't include support for license_finding violations, but currently they would render underneath the bypassable section, this MR moves license_finding violations into the enforced section.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Enable the feature flag: echo "Feature.enable(:security_policy_approval_warn_mode)" | rails c
  2. Enable Package Metadata Database synchronization
  3. Create a new project
  4. Commit the following .gitlab-ci.yml to the default branch:
include:
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
  1. Navigate to Secure > Policies and create the following **Merge request approval policy:
approval_policy:
  - name: Exclude MIT License
    enabled: true
    enforcement_type: enforce
    rules:
      - type: license_finding
        match_on_inclusion_license: true
        licenses:
          denied:
            - name: MIT License
        license_states:
          - newly_detected
          - detected
        branch_type: protected
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - owner
      - type: send_bot_message
        enabled: true
  1. Push a new branch containing the following files:
GEM
  remote: https://rubygems.org/
  specs:
    rack (3.2.3)

PLATFORMS
  arm64-darwin-24
  ruby

DEPENDENCIES
  rack

BUNDLED WITH
   2.7.2
source 'https://rubygems.org'

gem 'rack'
  1. Open a new merge request targeting the default branch
  2. Compare the policy bot message in the merge request to the screenshot above

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #563868 (closed)

Edited by Dominic Bauer

Merge request reports