<!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "type::bug" label: - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=regression - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=type::bug and verify the issue you're about to submit isn't a duplicate. ---> ### Summary <!-- Summarize the bug encountered concisely. --> Security policy bot comment includes false positive violation details. ### Steps to reproduce <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. --> 1. Create a Group 2. Create 2 a group security policy targeting specific protected branches - Restricted Licenses on Feature Branches - Unsigned Commits on Develop Branch <details> <summary>Policy YML</summary> ```yml --- approval_policy: - name: Restricted Licenses on Feature Branches enabled: true actions: - type: require_approval approvals_required: 1 user_approvers_ids: - <some_id> rules: - type: license_finding branches: - feature/* license_states: - newly_detected match_on_inclusion_license: false license_types: - AGPL-3.0 - GPL-2.0 approval_settings: block_branch_modification: true block_group_branch_modification: true prevent_pushing_and_force_pushing: true prevent_approval_by_author: true prevent_approval_by_commit_author: true remove_approvals_with_new_commit: true require_password_to_approve: false fallback_behavior: fail: closed - name: Unsigned Commits on Develop Branch description: '' enabled: true policy_scope: projects: excluding: [] rules: - type: any_merge_request commits: unsigned branches: - develop actions: - type: require_approval approvals_required: 1 user_approvers_ids: - <some_id> - type: send_bot_message enabled: true approval_settings: block_branch_modification: true block_group_branch_modification: true prevent_pushing_and_force_pushing: true prevent_approval_by_author: true prevent_approval_by_commit_author: true remove_approvals_with_new_commit: true require_password_to_approve: false fallback_behavior: fail: closed scan_execution_policy: - name: License Scan description: '' enabled: true policy_scope: projects: excluding: [] rules: - type: pipeline branch_type: all actions: - scan: dependency_scanning skip_ci: allowed: true ``` </details> 3. Create a new project 4. Specify protected branch rules in `Settings > Repository > Protected Branches`  1. Create an MR with an unsigned commit targeting the `develop` branch. 2. Security Policy Bot post comments with violation details ### Example Project https://gitlab.com/gitlab-org/security-risk-management/security-policies/team-member-environment/imam-test-group/hackathon/project-1/-/merge_requests/4 <!-- If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report. If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version. --> ### What is the current *bug* behavior? <!-- Describe what actually happens. --> - Event though only the `Unsigned Commits on Develop Branch` is violated, security policy bot comment shows violation details from `Restricted Licenses on Feature Branches`  ### What is the expected *correct* behavior? <!-- Describe what you should see instead. --> Policy bot comments only include the violations applicable to the current MR / branch rules. False positive violations are filtered in the policy bot comment details. ### Relevant logs and/or screenshots <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise. --> ### Output of checks <!-- If you are reporting a bug on GitLab.com, uncomment below --> <!-- This bug happens on GitLab.com --> <!-- and uncomment below if you have /label privileges --> <!-- /label ~"reproduced on GitLab.com" --> <!-- or follow up with an issue comment of `@gitlab-bot label ~"reproduced on GitLab.com"` if you do not --> #### Results of GitLab environment info <!-- Input any relevant GitLab environment information if needed. --> <details> <summary>Expand for output related to GitLab environment info</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`) </pre> </details> #### Results of GitLab application Check <!-- Input any relevant GitLab application check information if needed. --> <details> <summary>Expand for output related to the GitLab application check</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing) </pre> </details> <!-- If you don't have /label privileges, follow up with an issue comment of `@gitlab-bot label ~"type::bug"` -->