Add errors into detailed policy bot comment
What does this MR do and why?
This MR adds policy evaluation errors into detailed policy bot comment.
Depends on !147561 (merged).
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Missing artifacts (CI misconfiguration) | Scan removed | Recording |
---|---|---|
CleanShot_2024-03-25_at_18.48.35 |
How to set up and validate locally
- Create a project
- Enable feature flag in rails console:
Feature.enable(:save_policy_violation_data, Project.last)
- Go to Secure -> Policies and create a new Merge request approval policy with the following YAML:
type: approval_policy name: Sec & Lic description: '' enabled: true rules: - type: scan_finding scanners: [] vulnerabilities_allowed: 0 severity_levels: [] vulnerability_states: [] branch_type: protected - type: license_finding match_on_inclusion: true license_types: - BSD 3-Clause "New" or "Revised" License license_states: - newly_detected branch_type: protected actions: - type: require_approval approvals_required: 1 role_approvers: - developer
- Configure with merge request & merge
- Go back to the project and update README.md in a new MR
- Verify that bot comment is created and includes two errors, mentioning missing artifacts.
Related to #433403 (closed)
Edited by Martin Čavoj