Create security policy bot only if needed
What does this MR do and why?
Create security policy bot only if needed
Currently every approve of a MR causes the security policy bot for that project to be created, even if no audit events are getting created. This creates an unnecessary amount of security policy bots that can be prevented by moving the creation to a later step after the conditions have been checked.
References
Screenshots or screen recordings
No UI changes
How to set up and validate locally
- Ensure the security policy feature is available
- Create a project without a security policy
- Create a MR in that project
- Approve the MR
- Verify that no security policy bot was created for that project
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.