Change security policy project setting name (!129804) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge andysoiron/change-security-policy-approval-setting-name into master Aug 21, 2023

What does this MR do and why?

This renames the security policy override project setting:

- Block users from unprotecting branches
+ Block users from modifying protected branches

The change is based on this discussion that came to the conclusion that it is necessary to prevent unprotecting and deletion of a protected branch in order to close the loophole described in Prevent deletion of protected branches via secu... (#420728 - closed).

The backend part of the feature is not implemented yet and the feature is behind the scan_result_policy_settings feature flag.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Enable the feature flag Feature.enable(:scan_result_policy_settings)
Open the scan result policy editor

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Change security policy project setting name

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports