Resolve "Clarify license approval policy conditions and prerequisites"
What does this MR do and why?
It's not entirely clear in the license approval policy documentation that dependency scanning is a prerequisite.
A license approval policy relies on output of a dependency scanning (DS) job to verify the policy's requirements have been met. If a DS job has not been run, the policy has no data with which to verify the policy's requirements, so enforces approval.
This MR will add to the license approval policy documentation that dependency scanning is a prerequisite. The recommended method of doing so is to enforce DS by using a scan execution policy. The scan execution policy's scope should be the same as that of the license approval policy, otherwise DS must be enabled per project.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #413277 (closed)