Commit 39d8d84c authored by mo khan's avatar mo khan Committed by Achilleas Pipinellis

Update documentation for License-Check rule

parent 0d8338e2
...@@ -151,7 +151,7 @@ Clicking on this button will create a merge request to apply the solution onto t ...@@ -151,7 +151,7 @@ Clicking on this button will create a merge request to apply the solution onto t
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.2. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.2.
Merge Request Approvals can be configured to require approval from a member Merge Request Approvals can be configured to require approval from a member
of your security team when a vulnerability would be introduced by a merge request. of your security team when a vulnerability, or a software license compliance violation would be introduced by a merge request.
This threshold is defined as `high`, `critical`, or `unknown` This threshold is defined as `high`, `critical`, or `unknown`
severity. When any vulnerabilities are present within a merge request, an severity. When any vulnerabilities are present within a merge request, an
...@@ -178,6 +178,29 @@ An approval will be optional when a security report: ...@@ -178,6 +178,29 @@ An approval will be optional when a security report:
- Contains no new vulnerabilities. - Contains no new vulnerabilities.
- Contains only new vulnerabilities of `low` or `medium` severity. - Contains only new vulnerabilities of `low` or `medium` severity.
### Enabling License Approvals within a project
To enable License Approvals, a [project approval rule](../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium)
must be created with the case-sensitive name `License-Check`. This approval
group must be set with an "Approvals required" count greater than zero.
Once this group has been added to your project, the approval rule will be enabled
for all Merge Requests. To configure how this rule behaves, you can choose which
licenses to `approve` or `blacklist` in the
[project policies for License Compliance](license_compliance/index.md#project-policies-for-license-compliance) section.
Any code changes made will cause the count of approvals required to reset.
An approval will be required when a license report:
- Contains a dependency that includes a software license that is `blacklisted`.
- Is not generated during pipeline execution.
An approval will be optional when a license report:
- Contains no software license violations.
- Contains only new licenses that are `approved` or unknown.
<!-- ## Troubleshooting <!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues Include any troubleshooting steps that you can foresee. If you know beforehand what issues
......
...@@ -337,6 +337,16 @@ of your security team when a vulnerability would be introduced by a merge reques ...@@ -337,6 +337,16 @@ of your security team when a vulnerability would be introduced by a merge reques
For more information, see For more information, see
[Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests-ultimate). [Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests-ultimate).
## License compliance approvals in merge requests **(ULTIMATE)**
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.3.
Merge Request Approvals can be configured to require approval from a member
of your security team when a blacklisted software license would be introduced by a merge request.
For more information, see
[Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests-ultimate).
<!-- ## Troubleshooting <!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues Include any troubleshooting steps that you can foresee. If you know beforehand what issues
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment