From c9b8bc490d7d02b64bd550261bb599a534546453 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Lafoucrie=CC=80re?=
 <philippe.lafoucriere@tech-angels.com>
Date: Mon, 19 Nov 2018 07:43:41 -0500
Subject: Create linkable section for security requirements

---
 doc/development/code_review.md | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/doc/development/code_review.md b/doc/development/code_review.md
index 9970bd88060..9b63017dbb9 100644
--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@@ -29,6 +29,13 @@ or more [maintainers](https://about.gitlab.com/handbook/engineering/#maintainer)
 For approvals, we use the approval functionality found in the merge request
 widget. Reviewers can add their approval by [approving additionally](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html#adding-or-removing-an-approval).
 
+Getting your merge request **merged** also requires a maintainer. If it requires
+more than one approval, the last maintainer to review and approve it will also merge it.
+
+As described in the section on the responsibility of the maintainer below, you
+are recommended to get your merge request approved and merged by maintainer(s)
+from other teams than your own.
+
    1. If your merge request includes backend changes [^1], it must be
       **approved by a [backend maintainer](https://about.gitlab.com/handbook/engineering/projects/#gitlab-ce_maintainers_backend)**.
    1. If your merge request includes frontend changes [^1], it must be
@@ -41,20 +48,15 @@ widget. Reviewers can add their approval by [approving additionally](https://doc
       **approved by a [UX lead][team]**.
    1. If your merge request includes a new dependency or a filesystem change, it must be
       **approved by a [Distribution team member][team]**. See how to work with the [Distribution team](https://about.gitlab.com/handbook/engineering/dev-backend/distribution/) for more details.
+
+### Security requirements
+
    1. If your merge request is processing, storing, or transferring any kind of [RED data][red data], possibly orange data too, it must be
       **approved by a [Security Engineer][team]**.
    1. If your merge request is implementing, utilizing, or related to any type of authentication, authorization, or session handling mechanism, it must be
       **approved by a [Security Engineer][team]**.
    1. If your merge request has a goal which requires a cryptographic function such as: confidentiality, integrity, authentication, or non-repudiation, it must be
       **approved by a [Security Engineer][team]**.
-   
-
-Getting your merge request **merged** also requires a maintainer. If it requires
-more than one approval, the last maintainer to review and approve it will also merge it.
-
-As described in the section on the responsibility of the maintainer below, you
-are recommended to get your merge request approved and merged by maintainer(s)
-from other teams than your own.
 
 ### The responsibility of the merge request author
 
-- 
cgit v1.2.1