diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-24 06:06:02 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-24 06:06:02 +0000 |
| commit | 4a45a787703cb78c6101750cfbdc9f656b934b42 (patch) | |
| tree | f75dfc23baed5f27be7799411b4ebb8c8bd20ceb /doc/user/application_security | |
| parent | 83ad9ec8cc449dca0b57a34a10afd529326c1d57 (diff) | |
| download | gitlab-ce-4a45a787703cb78c6101750cfbdc9f656b934b42.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/application_security')
| -rw-r--r-- | doc/user/application_security/index.md | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 0e52496ec43..d1d46e6ef96 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -151,7 +151,7 @@ Clicking on this button will create a merge request to apply the solution onto t > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.2. Merge Request Approvals can be configured to require approval from a member -of your security team when a vulnerability would be introduced by a merge request. +of your security team when a vulnerability, or a software license compliance violation would be introduced by a merge request. This threshold is defined as `high`, `critical`, or `unknown` severity. When any vulnerabilities are present within a merge request, an @@ -178,6 +178,29 @@ An approval will be optional when a security report: - Contains no new vulnerabilities. - Contains only new vulnerabilities of `low` or `medium` severity. +### Enabling License Approvals within a project + +To enable License Approvals, a [project approval rule](../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium) +must be created with the case-sensitive name `License-Check`. This approval +group must be set with an "Approvals required" count greater than zero. + +Once this group has been added to your project, the approval rule will be enabled +for all Merge Requests. To configure how this rule behaves, you can choose which +licenses to `approve` or `blacklist` in the +[project policies for License Compliance](license_compliance/index.md#project-policies-for-license-compliance) section. + +Any code changes made will cause the count of approvals required to reset. + +An approval will be required when a license report: + +- Contains a dependency that includes a software license that is `blacklisted`. +- Is not generated during pipeline execution. + +An approval will be optional when a license report: + +- Contains no software license violations. +- Contains only new licenses that are `approved` or unknown. + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues |