Allow enabling External Policy Control without URL

When enabling this feature without a URL, all cross project features
will remain accessible and no requests will be made.

A classification label can still be specified for projects and will be
shown on all project pages.

doc/user/admin_area/settings/external_authorization.md

@@ -37,7 +37,9 @@ admin area under the settings page:
 
 The available required properties are:
 
-- **Service URL**: The URL to make authorization requests to
+- **Service URL**: The URL to make authorization requests to. When leaving the
+  URL blank, cross project features will remain available while still being able
+  to specify classification labels for projects.
 - **External authorization request timeout**: The timeout after which an
   authorization request is aborted. When a request times out, access is denied
   to the user.

ee/app/helpers/ee/application_settings_helper.rb

@@ -13,6 +13,12 @@ module EE
         "denied.")
     end
 
+    def external_authorization_url_help_text
+      _("When leaving the URL blank, classification labels can still be "\
+        "specified whitout disabling cross project features or performing "\
+        "external authorization checks.")
+    end
+
     override :visible_attributes
     def visible_attributes
       super + [

ee/app/models/ee/application_setting.rb

@@ -40,14 +40,12 @@ module EE
                 presence: { message: "can't be blank when using aws hosted elasticsearch" },
                 if: ->(setting) { setting.elasticsearch_indexing? && setting.elasticsearch_aws? }
 
-      validates :external_authorization_service_url,
-                :external_authorization_service_default_label,
-                :external_authorization_service_timeout,
+      validates :external_authorization_service_default_label,
                 presence: true,
                 if: :external_authorization_service_enabled?
 
       validates :external_authorization_service_url,
-                url: true,
+                url: true, allow_blank: true,
                 if: :external_authorization_service_enabled?
 
       validates :external_authorization_service_timeout,

ee/app/policies/ee/base_policy.rb

@@ -4,7 +4,7 @@ module EE
 
     prepended do
       condition(:external_authorization_enabled, scope: :global, score: 0) do
-        ::EE::Gitlab::ExternalAuthorization.enabled?
+        ::EE::Gitlab::ExternalAuthorization.perform_check?
       end
 
       rule { external_authorization_enabled & ~admin & ~auditor }.policy do

ee/app/views/admin/application_settings/_external_authorization_service_form.html.haml

@@ -13,6 +13,8 @@
           = link_to icon('question-circle'), help_page_path('user/admin_area/settings/external_authorization')
     .form-group
       = f.label :external_authorization_service_url, _('Service URL'), class: 'control-label col-sm-2'
+      %span.help-block
+        = external_authorization_url_help_text
       .col-sm-10
         = f.text_field :external_authorization_service_url, class: 'form-control'
     .form-group

ee/changelogs/unreleased/bvl-classification-only.yml

+---
+title: Allow enabling classification policy control without external authorization
+  service
+merge_request: 5083
+author:
+type: changed

ee/lib/ee/gitlab/external_authorization.rb

@@ -4,7 +4,7 @@ module EE
       RequestFailed = Class.new(StandardError)
 
       def self.access_allowed?(user, label)
-        return true unless enabled?
+        return true unless perform_check?
         return false unless user
 
         access_for_user_to_label(user, label).has_access?
@@ -33,6 +33,10 @@ module EE
           .external_authorization_service_enabled?
       end
 
+      def self.perform_check?
+        enabled? && service_url.present?
+      end
+
       def self.service_url
         ::Gitlab::CurrentSettings
           .current_application_settings

ee/spec/controllers/boards/issues_controller_spec.rb

@@ -93,7 +93,7 @@ describe Boards::IssuesController do
     context 'with external authorization' do
       before do
         sign_in(user)
-        enable_external_authorization_service
+        enable_external_authorization_service_check
       end
 
       it 'returns a 404 for group boards' do

ee/spec/controllers/dashboard/groups_controller_spec.rb

@@ -9,7 +9,7 @@ describe Dashboard::GroupsController do
 
   describe '#index' do
     it 'works when the external authorization service is enabled' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
 
       get :index
 

ee/spec/controllers/dashboard/projects_controller_spec.rb

@@ -11,7 +11,7 @@ describe Dashboard::ProjectsController do
     subject { get :index }
 
     it 'it works when the external authorization service is enabled' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
 
       get :index
 

ee/spec/controllers/groups/avatars_controller_spec.rb

@@ -12,7 +12,7 @@ describe Groups::AvatarsController do
   end
 
   it 'works when external authorization service is enabled' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
 
     delete :destroy, group_id: group
 

ee/spec/controllers/groups/children_controller_spec.rb

@@ -12,7 +12,7 @@ describe Groups::ChildrenController do
   end
 
   it 'works when external authorization service is enabled' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
 
     get :index, group_id: group, format: :json
 

ee/spec/controllers/groups/group_members_controller_spec.rb

@@ -14,7 +14,7 @@ describe Groups::GroupMembersController do
 
   context 'with external authorization enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     describe 'GET #index' do

ee/spec/controllers/groups/groups_controller_spec.rb

@@ -13,7 +13,7 @@ describe GroupsController do
 
   context 'with external authorization service enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     describe 'GET #show' do

ee/spec/controllers/groups/settings/ci_cd_controller_spec.rb

@@ -13,7 +13,7 @@ describe Groups::Settings::CiCdController do
 
   context 'with external authorization enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     describe 'GET #show' do

ee/spec/controllers/groups/variables_controller_spec.rb

@@ -13,7 +13,7 @@ describe Groups::VariablesController do
 
   context 'with external authorization enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     describe 'GET #show' do

ee/spec/controllers/search_controller_spec.rb

@@ -13,7 +13,7 @@ describe SearchController do
 
   context 'with external authorization service enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     describe 'GET #show' do

ee/spec/features/dashboards/group_dashboard_with_external_authorization_service_spec.rb

@@ -23,7 +23,7 @@ feature 'The group dashboard' do
     end
 
     it 'hides some links when an external authorization service is enabled' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
       visit dashboard_groups_path
 
       within('.navbar') do

ee/spec/features/groups/group_page_with_external_authorization_service_spec.rb

@@ -11,24 +11,35 @@ feature 'The group page' do
     group.add_owner(user)
   end
 
+  def expect_all_sidebar_links
+    within('.nav-sidebar') do
+      expect(page).to have_link('Overview')
+      expect(page).to have_link('Details')
+      expect(page).to have_link('Activity')
+      expect(page).to have_link('Contribution Analytics')
+      expect(page).to have_link('Issues')
+      expect(page).to have_link('Merge Requests')
+      expect(page).to have_link('Members')
+    end
+  end
+
   describe 'The sidebar' do
     it 'has all the expected links' do
       visit group_path(group)
 
-      within('.nav-sidebar') do
-        expect(page).to have_link('Overview')
-        expect(page).to have_link('Details')
-        expect(page).to have_link('Activity')
-        expect(page).to have_link('Contribution Analytics')
+      expect_all_sidebar_links
+    end
 
-        expect(page).to have_link('Issues')
-        expect(page).to have_link('Merge Requests')
-        expect(page).to have_link('Members')
-      end
+    it 'shows all project features when policy control is enabled' do
+      stub_ee_application_setting(external_authorization_service_enabled: true)
+
+      visit group_path(group)
+
+      expect_all_sidebar_links
     end
 
-    it 'hides some links when an external authorization service is enabled' do
-      enable_external_authorization_service
+    it 'hides some links when an external authorization service configured with an url' do
+      enable_external_authorization_service_check
       visit group_path(group)
 
       within('.nav-sidebar') do
@@ -57,7 +68,7 @@ feature 'The group page' do
       end
 
       it 'hides the epics link when an external authorization service is enabled' do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
         visit group_path(group)
 
         within('.nav-sidebar') do

ee/spec/features/projects/classification_label_on_project_pages_spec.rb

 require 'spec_helper'
 
 describe 'Classification label on project pages' do
-  include ExternalAuthorizationServiceHelpers
-
   let(:project) do
     create(:project, external_authorization_classification_label: 'authorized label')
   end
   let(:user) { create(:user) }
 
   before do
+    stub_ee_application_setting(external_authorization_service_enabled: true)
     project.add_master(user)
     sign_in(user)
   end
 
   it 'shows the classification label on the project page when the feature is enabled' do
-    external_service_allow_access(user, project)
+    stub_licensed_features(external_authorization_service: true)
 
     visit project_path(project)
 

ee/spec/features/projects/forks/fork_list_spec.rb

@@ -23,7 +23,7 @@ describe 'listing forks of a project' do
   end
 
   it 'does not show the commit message when an external authorization service is used' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
 
     visit project_forks_path(source)
 

ee/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb

@@ -73,7 +73,7 @@ describe 'viewing an issue with cross project references' do
 
   context 'when an external authorization service is enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     it 'only hits the external service for the project the user is viewing' do

ee/spec/features/projects/settings/ee/external_authorization_service_settings_spec.rb

 require 'spec_helper'
 
 describe 'Project settings > [EE] repository' do
-  include ExternalAuthorizationServiceHelpers
-
   let(:user) { create(:user) }
   let(:project) { create(:project_empty_repo) }
 
@@ -12,7 +10,7 @@ describe 'Project settings > [EE] repository' do
   end
 
   it 'shows the field to set a classification label when the feature is enabled' do
-    external_service_allow_access(user, project)
+    stub_ee_application_setting(external_authorization_service_enabled: true)
 
     visit edit_project_path(project)
 

ee/spec/features/users/show_spec.rb

@@ -12,7 +12,7 @@ describe 'User page' do
 
   describe 'when external authorization is enabled' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     it 'hides the most recent activity' do

ee/spec/lib/ee/gitlab/external_authorization_spec.rb

@@ -33,7 +33,7 @@ describe EE::Gitlab::ExternalAuthorization, :request_store do
 
   describe '#access_for_user_to_label' do
     it 'only loads the access once per request' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
 
       expect(EE::Gitlab::ExternalAuthorization::Access)
         .to receive(:new).with(user, label).once.and_call_original

ee/spec/models/application_setting_spec.rb

@@ -30,9 +30,9 @@ describe ApplicationSetting do
         setting.external_authorization_service_enabled = true
       end
 
-      it { is_expected.not_to allow_value(nil).for(:external_authorization_service_url) }
       it { is_expected.not_to allow_value('not a URL').for(:external_authorization_service_url) }
       it { is_expected.to allow_value('https://example.com').for(:external_authorization_service_url) }
+      it { is_expected.to allow_value('').for(:external_authorization_service_url) }
       it { is_expected.not_to allow_value(nil).for(:external_authorization_service_default_label) }
       it { is_expected.not_to allow_value(11).for(:external_authorization_service_timeout) }
       it { is_expected.not_to allow_value(0).for(:external_authorization_service_timeout) }

ee/spec/models/issue_spec.rb

@@ -66,7 +66,7 @@ describe Issue do
 
   context 'when an external authentication service' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     describe '#publicly_visible?' do

ee/spec/models/project_spec.rb

@@ -1269,7 +1269,7 @@ describe Project do
 
   describe '#external_authorization_classification_label' do
     it 'falls back to the default when none is configured' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
 
       expect(build(:project).external_authorization_classification_label)
         .to eq('default_label')
@@ -1286,7 +1286,7 @@ describe Project do
     end
 
     it 'returns the classification label if it was configured on the project' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
 
       project = build(:project,
                       external_authorization_classification_label: 'hello')
@@ -1296,7 +1296,7 @@ describe Project do
     end
 
     it 'does not break when not stubbing the license check' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
       enable_namespace_license_check!
       project = build(:project)
 

ee/spec/policies/base_policy_spec.rb

@@ -13,7 +13,7 @@ describe BasePolicy do
 
     context 'when an external authorization service is enabled' do
       before do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
       end
 
       it { is_expected.not_to be_allowed(:read_cross_project) }

ee/spec/policies/epic_policy_spec.rb

@@ -139,7 +139,7 @@ describe EpicPolicy do
     let(:group) { create(:group) }
 
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
       group.add_owner(user)
     end
 

ee/spec/policies/issue_policy_spec.rb

@@ -10,7 +10,7 @@ describe IssuePolicy do
     let(:policies) { described_class.new(user, issue) }
 
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     it 'can read the issue iid without accessing the external service' do

ee/spec/policies/merge_request_policy_spec.rb

@@ -118,7 +118,7 @@ describe MergeRequestPolicy do
     let(:policies) { described_class.new(user, merge_request) }
 
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     it 'can read the issue iid without accessing the external service' do

ee/spec/policies/project_policy_spec.rb

@@ -139,7 +139,7 @@ describe ProjectPolicy do
 
     context 'with an external authorization service' do
       before do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
       end
 
       it 'allows access when the external service allows it' do

ee/spec/serializers/group_child_entity_spec.rb

@@ -19,7 +19,7 @@ describe GroupChildEntity do
     end
 
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
       object.add_master(user)
     end
 

ee/spec/services/ee/notification_service_spec.rb

@@ -23,7 +23,7 @@ describe EE::NotificationService, :mailer do
 
     context 'when the service is enabled' do
       before do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
       end
 
       it 'does not send an email' do

ee/spec/support/external_authorization_service_helpers.rb

 module ExternalAuthorizationServiceHelpers
-  def enable_external_authorization_service
+  def enable_external_authorization_service_check
     stub_licensed_features(external_authorization_service: true)
 
-    # Not using `stub_application_setting` because the method is prepended in
-    # `EE::ApplicationSetting` which breaks when using `any_instance`
-    # https://gitlab.com/gitlab-org/gitlab-ce/issues/33587
-    allow(::Gitlab::CurrentSettings.current_application_settings)
-      .to receive(:external_authorization_service_enabled) { true }
-    allow(::Gitlab::CurrentSettings.current_application_settings)
-      .to receive(:external_authorization_service_enabled?) { true }
+    stub_ee_application_setting(external_authorization_service_enabled: true)
 
-    stub_application_setting(external_authorization_service_url: 'https://authorize.me')
-    stub_application_setting(external_authorization_service_default_label: 'default_label')
+    stub_ee_application_setting(external_authorization_service_url: 'https://authorize.me')
+    stub_ee_application_setting(external_authorization_service_default_label: 'default_label')
     stub_request(:post, "https://authorize.me").to_return(status: 200)
   end
 
   def external_service_set_access(allowed, user, project)
-    enable_external_authorization_service
+    enable_external_authorization_service_check
     classification_label = ::Gitlab::CurrentSettings.current_application_settings
                              .external_authorization_service_default_label
 

ee/spec/support/shared_examples/controllers/external_authorization_service_shared_examples.rb

@@ -10,7 +10,7 @@ shared_examples 'disabled when using an external authorization service' do
   end
 
   it 'renders a 404 with a message when the feature is enabled' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
 
     subject
 

ee/spec/support/shared_examples/finders/finder_with_external_authorization_enabled.rb

@@ -16,7 +16,7 @@ shared_examples 'a finder with external authorization service' do
 
   context 'with an external authorization service' do
     before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
     end
 
     it 'does not include the subject when no project was given' do

locale/gitlab.pot

@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gitlab 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-03-14 16:41+0100\n"
-"PO-Revision-Date: 2018-03-14 16:41+0100\n"
+"POT-Creation-Date: 2018-03-23 20:21+0100\n"
+"PO-Revision-Date: 2018-03-23 20:21+0100\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -385,6 +385,9 @@ msgstr ""
 msgid "Assign to"
 msgstr ""
 
+msgid "Assigned to :name"
+msgstr ""
+
 msgid "Assignee"
 msgstr ""
 
@@ -690,7 +693,7 @@ msgstr ""
 msgid "Cancel"
 msgstr ""
 
-msgid "Cancel edit"
+msgid "Cannot be merged automatically"
 msgstr ""
 
 msgid "Cannot modify managed Kubernetes cluster"
@@ -1249,6 +1252,9 @@ msgstr ""
 msgid "Compare Revisions"
 msgstr ""
 
+msgid "Compare changes with the last commit"
+msgstr ""
+
 msgid "CompareBranches|%{source_branch} and %{target_branch} are the same."
 msgstr ""
 
@@ -1264,6 +1270,9 @@ msgstr ""
 msgid "CompareBranches|There isn't anything to compare."
 msgstr ""
 
+msgid "Confidential"
+msgstr ""
+
 msgid "Confidentiality"
 msgstr ""
 
@@ -1581,6 +1590,9 @@ msgstr ""
 msgid "DownloadSource|Download"
 msgstr ""
 
+msgid "Downvotes"
+msgstr ""
+
 msgid "Due date"
 msgstr ""
 
@@ -1593,6 +1605,9 @@ msgstr ""
 msgid "Edit files in the editor and commit changes here"
 msgstr ""
 
+msgid "Editing"
+msgstr ""
+
 msgid "Emails"
 msgstr ""
 
@@ -2090,9 +2105,6 @@ msgstr ""
 msgid "GroupsEmptyState|You can manage your group member’s permissions and access to each project in the group."
 msgstr ""
 
-msgid "GroupsTree|Are you sure you want to leave the \"${group.fullName}\" group?"
-msgstr ""
-
 msgid "GroupsTree|Create a project in this group."
 msgstr ""
 
@@ -2141,6 +2153,9 @@ msgstr ""
 msgid "HealthCheck|Unhealthy"
 msgstr ""
 
+msgid "Help"
+msgstr ""
+
 msgid "Hide value"
 msgid_plural "Hide values"
 msgstr[0] ""
@@ -2408,6 +2423,9 @@ msgstr ""
 msgid "Make everyone on your team more productive regardless of their location. GitLab Geo creates read-only mirrors of your GitLab instance so you can reduce the time it takes to clone and fetch large repos."
 msgstr ""
 
+msgid "Manage all notifications"
+msgstr ""
+
 msgid "Manage group labels"
 msgstr ""
 
@@ -3319,6 +3337,9 @@ msgstr ""
 msgid "Related Merged Requests"
 msgstr ""
 
+msgid "Related merge requests"
+msgstr ""
+
 msgid "Remind later"
 msgstr ""
 
@@ -3372,12 +3393,18 @@ msgstr ""
 msgid "Revert this merge request"
 msgstr ""
 
+msgid "Reviewing"
+msgstr ""
+
 msgid "Roadmap"
 msgstr ""
 
 msgid "Run CI/CD pipelines for external repositories"
 msgstr ""
 
+msgid "Runners"
+msgstr ""
+
 msgid "Running"
 msgstr ""
 
@@ -3545,7 +3572,7 @@ msgstr ""
 msgid "Something went wrong when toggling the button"
 msgstr ""
 
-msgid "Something went wrong while closing the %{issuable}. Please try again later"
+msgid "Something went wrong while fetching Dependency Scanning."
 msgstr ""
 
 msgid "Something went wrong while fetching SAST."
@@ -3557,12 +3584,6 @@ msgstr ""
 msgid "Something went wrong while fetching the registry list."
 msgstr ""
 
-msgid "Something went wrong while reopening the %{issuable}. Please try again later"
-msgstr ""
-
-msgid "Something went wrong while resolving this discussion. Please try again."
-msgstr ""
-
 msgid "Something went wrong. Please try again."
 msgstr ""
 
@@ -3799,6 +3820,9 @@ msgstr ""
 msgid "Target Branch"
 msgstr ""
 
+msgid "Target branch"
+msgstr ""
+
 msgid "Team"
 msgstr ""
 
@@ -4211,9 +4235,6 @@ msgstr ""
 msgid "Turn on Service Desk"
 msgstr ""
 
-msgid "Unable to load the diff."
-msgstr ""
-
 msgid "Unknown"
 msgstr ""
 
@@ -4262,6 +4283,9 @@ msgstr ""
 msgid "UploadLink|click to upload"
 msgstr ""
 
+msgid "Upvotes"
+msgstr ""
+
 msgid "Use Service Desk to connect with your users (e.g. to offer customer support) through email right inside GitLab"
 msgstr ""
 
@@ -4274,6 +4298,9 @@ msgstr ""
 msgid "Variables are applied to environments via the runner. They can be protected by only exposing them to protected branches or tags. You can use variables for passwords, secret keys, or whatever you want."
 msgstr ""
 
+msgid "View and edit lines"
+msgstr ""
+
 msgid "View epics list"
 msgstr ""
 
@@ -4328,6 +4355,9 @@ msgstr ""
 msgid "Weight"
 msgstr ""
 
+msgid "When leaving the URL blank, classification labels can still be specified whitout disabling cross project features or performing external authorization checks."
+msgstr ""
+
 msgid "Wiki"
 msgstr ""
 
@@ -4457,6 +4487,12 @@ msgstr ""
 msgid "You are going to transfer %{project_full_name} to another owner. Are you ABSOLUTELY sure?"
 msgstr ""
 
+msgid "You are on a read-only GitLab instance."
+msgstr ""
+
+msgid "You are on a secondary (read-only) Geo node. If you want to make any changes, you must visit the %{primary_node}."
+msgstr ""
+
 msgid "You can also create a project from the command line."
 msgstr ""
 
@@ -4529,6 +4565,9 @@ msgstr ""
 msgid "You'll need to use different branch names to get a valid comparison."
 msgstr ""
 
+msgid "You're receiving this email because of your account on %{host}. %{manage_notifications_link} &middot; %{help_link}"
+msgstr ""
+
 msgid "Your Kubernetes cluster information on this page is still editable, but you are advised to disable and reconfigure"
 msgstr ""
 
@@ -4568,6 +4607,18 @@ msgstr ""
 msgid "ciReport|DAST detected no alerts by analyzing the review app"
 msgstr ""
 
+msgid "ciReport|Dependency scanning"
+msgstr ""
+
+msgid "ciReport|Dependency scanning detected"
+msgstr ""
+
+msgid "ciReport|Dependency scanning detected no new security vulnerabilities"
+msgstr ""
+
+msgid "ciReport|Dependency scanning detected no security vulnerabilities"
+msgstr ""
+
 msgid "ciReport|Failed to load %{reportName} report"
 msgstr ""
 
@@ -4595,9 +4646,6 @@ msgstr ""
 msgid "ciReport|SAST"
 msgstr ""
 
-msgid "ciReport|SAST degraded on"
-msgstr ""
-
 msgid "ciReport|SAST detected"
 msgstr ""
 
@@ -4616,15 +4664,12 @@ msgstr ""
 msgid "ciReport|Unapproved vulnerabilities (red) can be marked as approved. %{helpLink}"
 msgstr ""
 
-msgid "ciReport|no security vulnerabilities"
+msgid "ciReport|no vulnerabilities"
 msgstr ""
 
 msgid "command line instructions"
 msgstr ""
 
-msgid "commit"
-msgstr ""
-
 msgid "confidentiality|You are going to turn off the confidentiality. This means <strong>everyone</strong> will be able to see and leave a comment on this issue."
 msgstr ""