Approval notification for license compliance violations
Why are we doing this work
In Spike: Investigate and prepare PoC for Approval... (#411656 - closed), we added a bot comment for scan finding policy violations. This doesn't cover license compliance violations.
We should explore how to surface license policy violations.
Relevant links
Validation steps
- Create a project, enable the feature flag
security_policy_approval_notification
for it - Add
.gitlab-ci.yml
include:
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
- template: Jobs/Secret-Detection.gitlab-ci.yml
test-job:
script:
- echo "Test Job..."
- Create a policy enforcing a license and a secret detection
- Add MR with non-compliant license
- Verify a comment is created
- Remove the license again, verify the comment gets updated to "resolved"
- Create a violation for both licenses and secrets
- Verify that only one comment gets created
- Resolve the validations one by one
- Verify the comments gets updated to "resolved" after no more violations are present
Edited by Martin Čavoj