Default Merge Request Approval Rules and Settings for New Repositories

Problem to solve

We are working on SOC2 certification. For our GitLab repositories, this requires that the Merge Request setting “Prevent editing approval rules in merge requests” is enabled and that there is an approval rule on any protected branch.

Our problem is that whenever someone creates a new repository, this setting is disabled and there are no approval rules on protected branches so we get violations on our SOC2 scans and potential failures when a SOC2 audit is performed.

I know there is this top level setting for merge requests “Prevent editing approval rules in projects and merge requests” but we want the ability to set approval rules at the project level.

Is there any way to have the flag enabled at the project level by default and to force approval rules to be created?

Versions

Please add an x whether options apply, and add the version information.

• Self-managed
• GitLab.com SaaS
• Dedicated

Versions

• GitLab Premium

Hi,

I believe you have two options:

1. Use the setting in the group → this will make sure that any project created within that group will have those settings by default (but you said you don’t want this?)
2. Create a project template - if you don’t need any specific structure in git, that’s also fine. But the cool thing is that all those settings will also be transferred when creating a new project from a template.

Hope this helps!

Thanks paula.kokic. The template sounds like an interesting idea. Would be easier to educate the users to use that while also giving us control of future changes.