Policy Violations Bot Comment
### Release notes ### Problem to solve ### Intended users ### User experience goal ### Proposal This is an iteration to build on top of the Policy Violations API. We will introduce improvements to the bot comment available today that notifies users in an MR if policy violations are detected or removed, via the Security Bot. We will: 1. Introduce a toggle option in `Actions` in the UI and YAML to enable/disable the bot comment, so users can optionally disable per policy if the comments are too noisy or distracting. 2. Surface errors and violations, along with guidance to address them, through a comment. 3. Content/formatting in this MVC will initially be basic. 4. The content will be organized in a structure to allow for us to display relevant content only when necessary, and lay it out such that it is clear to users. See [designs](https://gitlab.com/gitlab-org/gitlab/-/issues/425142/ "🎨 Design: Bot comment for policy violations and errors"). ### Design | Different comment situation | edge-case, multiple policies+errors | In Policy settings | |-----------------------------|-------------------------------------|--------------------| | ![Bot designs.png](/uploads/20f0c3fc0c6c556dc245c27b4a5051f3/Bot_designs.png) | ![Multiple policies.png](/uploads/da425fad0d65495146d1095d7b7057fb/Multiple_policies.png) | ![Settings.png](/uploads/5cd8daa2d76391ffe01121a4b44ba8e6/Settings.png) | ### Further details ### Permissions and Security ### Documentation ### Availability & Testing ### Available Tier ### Feature Usage Metrics ### What does success look like, and how can we measure that? ### What is the type of buyer? ### Is this a cross-stage feature? ### What is the competitive advantage or differentiation for this feature? ### Links / references <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->
epic