From e403f94ae0a159fa026c551a1386122c38a3c1e4 Mon Sep 17 00:00:00 2001 From: Alexander Turinske Date: Wed, 10 Dec 2025 11:26:42 -0700 Subject: [PATCH 1/3] Default enable feature flag - security_policy_warn_mode_license_scanning Changelog: changed EE: true --- .../beta/security_policy_warn_mode_license_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/config/feature_flags/beta/security_policy_warn_mode_license_scanning.yml b/ee/config/feature_flags/beta/security_policy_warn_mode_license_scanning.yml index 4cad64082650c8..0817a0fb462dd4 100644 --- a/ee/config/feature_flags/beta/security_policy_warn_mode_license_scanning.yml +++ b/ee/config/feature_flags/beta/security_policy_warn_mode_license_scanning.yml @@ -6,4 +6,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/579664 milestone: '18.7' group: group::security policies type: beta -default_enabled: false +default_enabled: true -- GitLab From d168f80172f3ee3d558a316d311a5acb4446dc77 Mon Sep 17 00:00:00 2001 From: Alexander Turinske Date: Wed, 10 Dec 2025 21:12:48 -0700 Subject: [PATCH 2/3] Update the documentation - add feature flag for license scanning --- .../policies/merge_request_approval_policies.md | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/doc/user/application_security/policies/merge_request_approval_policies.md b/doc/user/application_security/policies/merge_request_approval_policies.md index 4f6cc96514b72a..2d2e573a7e4390 100644 --- a/doc/user/application_security/policies/merge_request_approval_policies.md +++ b/doc/user/application_security/policies/merge_request_approval_policies.md @@ -443,6 +443,7 @@ the bot message is sent as long as at least one of those policies has the `send_ - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/15552) in GitLab 17.8 [with a flag](../../../administration/feature_flags/_index.md) named `security_policy_approval_warn_mode`. Disabled by default - [Enabled on GitLab.com, GitLab Self-Managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/505352) in GitLab 18.6. +- License scanning support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/579664) in GitLab 18.7 [with a flag](../../../administration/feature_flags/_index.md) named `security_policy_warn_mode_license_scanning`. Enabled by default {{< /history >}} @@ -494,19 +495,6 @@ approval_policy: enabled: true ``` -### Supported rule types - -Warn mode supports the following rule types: - -- `scan_finding`: For security scan results -- `any_merge_request`: For general merge request conditions - -{{< alert type="note" >}} - -The `license_finding` rule type is not supported with warn mode enforcement. - -{{< /alert >}} - ## `approval_settings` {{< history >}} -- GitLab From 029e200812ceb3b533dfb1d2786148e449ec84f2 Mon Sep 17 00:00:00 2001 From: Alexander Turinske Date: Thu, 11 Dec 2025 09:43:41 -0700 Subject: [PATCH 3/3] Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Ryan Lehmann --- .../policies/merge_request_approval_policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/user/application_security/policies/merge_request_approval_policies.md b/doc/user/application_security/policies/merge_request_approval_policies.md index 2d2e573a7e4390..824c9e523a291f 100644 --- a/doc/user/application_security/policies/merge_request_approval_policies.md +++ b/doc/user/application_security/policies/merge_request_approval_policies.md @@ -441,9 +441,9 @@ the bot message is sent as long as at least one of those policies has the `send_ {{< history >}} -- [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/15552) in GitLab 17.8 [with a flag](../../../administration/feature_flags/_index.md) named `security_policy_approval_warn_mode`. Disabled by default +- [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/15552) in GitLab 17.8 [with a feature flag](../../../administration/feature_flags/_index.md) named `security_policy_approval_warn_mode`. Disabled by default - [Enabled on GitLab.com, GitLab Self-Managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/505352) in GitLab 18.6. -- License scanning support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/579664) in GitLab 18.7 [with a flag](../../../administration/feature_flags/_index.md) named `security_policy_warn_mode_license_scanning`. Enabled by default +- License scanning support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/579664) in GitLab 18.7 [with a feature flag](../../../administration/feature_flags/_index.md) named `security_policy_warn_mode_license_scanning`. Enabled by default {{< /history >}} -- GitLab