Add bypass option widget to merge request widget
What does this MR do and why?
This merge request adds a new "bypass" feature for security policy violations in GitLab's merge request interface. When security policies are blocking a merge request, authorized users can now override these restrictions by providing a documented justification through a new modal dialog.
The bypass modal allows users to select from predefined reasons (like "Emergency production issue" or "Critical business deadline") and provide additional details explaining why the policy should be bypassed. Once bypassed, the system creates an audit trail, notifies security teams, and allows the merge request to proceed immediately despite policy violations.
The feature is controlled by a feature flag called "security_policies_bypass_options_mr_widget" and includes proper user interface elements, validation, and comprehensive test coverage. The bypass functionality respects user permissions and maintains security oversight while providing flexibility for legitimate business needs that require urgent code deployments.
References
Screenshots or screen recordings
| Description | Details |
|---|---|
| Bypass policy violations | bypass options.mov |
How to set up and validate locally
-
Enable feature flags:
Feature.enable(:security_policies_bypass_options_group_roles) Feature.enable(:security_policies_bypass_options_mr_widget) -
Go to Secure Policies
-
Create Merge Request policy with advanced settings bypass exceptions and rules preventing merge without approvals
-
Create MR and check policy violations options, there should be bypass option
-
It is not connected to backend yet but it is behind feature flag
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #541468 (closed)