I currently have some policies to ask for MR approvals when something happen. But I don’t know why all my MRs get asked for approvals, no pipeline fails and I can’t see what (if anything) is found on each one.
My policies are
---
scan_execution_policy:
- name: Executa Secret Detection, SAST e Dependency Scanning
description: ""
enabled: true
rules:
- type: pipeline
branches:
- "*"
actions:
- scan: secret_detection
tags: []
- scan: sast
tags: []
- scan: dependency_scanning
tags: []
scan_result_policy:
- name: License Scan
description: ""
enabled: true
rules:
- type: license_finding
branches: []
match_on_inclusion: false
license_types:
- MIT
license_states:
- newly_detected
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 13519293
- name: Secret Detection
description: "Secret Detection"
enabled: true
rules:
- type: scan_finding
branches: []
scanners:
- secret_detection
vulnerabilities_allowed: 0
severity_levels:
- high
- critical
- medium
vulnerability_states:
- new_needs_triage
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 13519293
- name: SAST
description: "SAST"
enabled: true
rules:
- type: scan_finding
branches: []
scanners:
- sast
vulnerabilities_allowed: 0
severity_levels:
- high
- critical
- medium
vulnerability_states:
- new_needs_triage
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 13519293
- name: Dependency Scanning
description: "Dependency Scanning"
enabled: true
rules:
- type: scan_finding
branches: []
scanners:
- dependency_scanning
vulnerabilities_allowed: 0
severity_levels:
- high
- critical
- medium
vulnerability_states:
- new_needs_triage
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 13519293
My understanding is that using this configuration of mine the approvals should only be asked if anything is found, right?
So if all my MRs are asking for all approvals this means that always something is found? Where can I what is found?
Or am I doing something wrong?
Thank you.
