diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-07 03:08:34 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-07 03:08:34 +0300 |
commit | 7e89568aa1b1c531aa34860fbd9e77d9e988b9b2 (patch) | |
tree | 9d644d947b75594d969f040ef046541c769e0dc3 /doc/development/code_review.md | |
parent | f2143c9986ad7b6206b8a41cc9aeb419e543d3f5 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/development/code_review.md')
-rw-r--r-- | doc/development/code_review.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/development/code_review.md b/doc/development/code_review.md index 93ff10a4132..e2340e39903 100644 --- a/doc/development/code_review.md +++ b/doc/development/code_review.md @@ -221,6 +221,9 @@ See the [test engineering process](https://about.gitlab.com/handbook/engineering 1. You have confirmed that if this MR contains changes to processing or storing of credentials or tokens, authorization, and authentication methods, or other items described in [the security review guidelines](https://about.gitlab.com/handbook/security/#when-to-request-a-security-review), you have added the `~security` label and you have `@`-mentioned `@gitlab-com/gl-security/appsec`. 1. You have reviewed the documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/security/#internal-application-security-reviews) for **when** and **how** to request a security review and requested a security review if this is warranted for this change. +1. If there are security scan results that are blocking the MR (due to the [scan result policies](https://gitlab.com/gitlab-com/gl-security/security-policies)): + - For true positive findings, they should be corrected before the merge request is merged. This will remove the AppSec approval required by the scan result policy. + - For false positive findings, something that should be discussed for risk acceptance, or anything questionable, please ping `@gitlab-com/gl-security/appsec`. ##### Deployment |