diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-31 21:09:25 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-31 21:09:25 +0300 |
commit | 30b8ea126ffffc9bef610d38f8ebcd91bb687aba (patch) | |
tree | 3705b43015a6d3a1fd85864f1fc555383b8e248b /doc/development/code_review.md | |
parent | a5519693560d1ac4e120e1afd7d806d13a2d09fd (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/development/code_review.md')
-rw-r--r-- | doc/development/code_review.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/development/code_review.md b/doc/development/code_review.md index 280af21a864..978b89f4289 100644 --- a/doc/development/code_review.md +++ b/doc/development/code_review.md @@ -212,8 +212,8 @@ See the [test engineering process](https://about.gitlab.com/handbook/engineering ##### Security -1. I have confirmed that if this MR contains changes to processing or storing of credentials or tokens, authorization, and authentication methods, or other items described in [the security review guidelines](https://about.gitlab.com/handbook/engineering/security/#when-to-request-a-security-review), I have added the `~security` label and I have `@`-mentioned `@gitlab-com/gl-security/appsec`. -1. I have reviewed the documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/engineering/security/#internal-application-security-reviews) for **when** and **how** to request a security review and requested a security review if this is warranted for this change. +1. I have confirmed that if this MR contains changes to processing or storing of credentials or tokens, authorization, and authentication methods, or other items described in [the security review guidelines](https://about.gitlab.com/handbook/security/#when-to-request-a-security-review), I have added the `~security` label and I have `@`-mentioned `@gitlab-com/gl-security/appsec`. +1. I have reviewed the documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/security/#internal-application-security-reviews) for **when** and **how** to request a security review and requested a security review if this is warranted for this change. ##### Deployment @@ -508,7 +508,7 @@ people who add commits to an MR are not authorized to approve the merge request, so they must seek a maintainer who has not contributed to the MR to approve the MR before it can be merged. This policy is in place to satisfy the CHG-04 control of the GitLab -[Change Management Controls](https://about.gitlab.com/handbook/engineering/security/security-assurance/security-compliance/guidance/change-management.html). +[Change Management Controls](https://about.gitlab.com/handbook/security/security-assurance/security-compliance/guidance/change-management.html). To implement this policy in `gitlab-org/gitlab`, we have enabled the following settings to ensure MRs get an approval from a top-level CODEOWNERS maintainer: |