Skip to content

Prevent modification of security_policy_bot members

What does this MR do and why?

With !132097 (merged) we already prevent deletion of security policy bot members. But it is still possible to set an expiry date. This MR fixes this by preventing modification of security_policy_bot members. As a side effect it also prevents changes to the access_level. This is also useful because we want minimal access for bots.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2023-09-28_at_12.46.44 Screenshot_2023-09-28_at_12.46.01

How to set up and validate locally

  1. Create a project.
  2. Create a scan execution policy for the project.
  3. Go to the project members page.
  4. The security policy bot user should not show the option to modify access level or expiry date.
  5. Find the ID of your project (PROJECT_ID) and the ID of the security policy bot user (BOT_USER_ID)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Andy Schoenen

Merge request reports

Loading