Add an optional reason when approving/blacklisting licenses
Problem to solve
When users approve/blacklist licenses, they have a reason for that.
This reason is not tracked anywhere, but it could help developers to better figure out why they are forbidden to add a dependency in the codebase.
This is also useful to Compliance to track if policies are reflected correctly.
We can allow an optional sentence when approving/blacklisting licenses. The sentence will be saved and shown later.
- Development team lead
- Software Developer
The reason should be optional and should not create friction for users that are not interested in setting it. We don't want to introduce something that bugs users and leads to not use the entire feature.
When approving/blacklisting a license in settings or in the merge request view, allow an optional text to specify the reason. It is similar to what you can set when dismissing vulnerabilities. A good example of existing flow is Google Calendar, where you can add a message when accepting/declining an invitation.
Permissions and Security
To set the message, same permissions of setting the rule. To get the message, same permissions of getting the rule.
This option should be documented with use cases and intended scope.
What does success look like, and how can we measure that?
Number of messages set.