MR Approval Policies Warn Mode (Beta)
## Release post
{width="647" height="489"}
With MR approval policies warn mode, security teams can now test and validate the impact of security policies before applying enforcement, reducing developer friction during security policy rollouts.
When choosing warn mode, you can define your policy requirements to include `security scan` options and the `warn` action.
#### **Non-Blocking Validation**
* Policies in warn mode generate informative bot comments without blocking merge requests
* Optional approvers can be designated as points of contact for policy questions
* Security teams can assess policy impact before enabling enforcement
* Developers may dismiss vulnerabilities while providing a reasoning for the dismissal
#### **Enhanced Visibility**
* Clear indicators in merge requests show when policies are in warn vs. enforce mode
* Bot comments provide detailed violation information and next steps
* Audit events track policy violations and dismissals for security and compliance reporting
### **Getting Started**
1. Navigate to your group's **Secure \> Policies** page
2. Create or edit a Merge Request Approval Policy
3. Select **"Warn in MR comment"** as your action
4. Optionally designate policy owners as points of contact
5. Monitor bot comments and audit events to assess policy impact
6. Switch to enforcement mode when ready
### **What's Next**
Future iterations will include warn mode support for `license scan`, `any merge request`, and `project settings overrides` , allowing security teams to test impact of policies for these options before enabling in enforce mode.
epic