Add latest changes from gitlab-org/gitlab@master

1 files changed, 3 insertions, 0 deletions

diff --git a/doc/development/code_review.md b/doc/development/code_review.md
index 93ff10a4132..e2340e39903 100644
--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@@ -221,6 +221,9 @@ See the [test engineering process](https://about.gitlab.com/handbook/engineering
 
 1. You have confirmed that if this MR contains changes to processing or storing of credentials or tokens, authorization, and authentication methods, or other items described in [the security review guidelines](https://about.gitlab.com/handbook/security/#when-to-request-a-security-review), you have added the `~security` label and you have `@`-mentioned `@gitlab-com/gl-security/appsec`.
 1. You have reviewed the documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/security/#internal-application-security-reviews) for **when** and **how** to request a security review and requested a security review if this is warranted for this change.
+1. If there are security scan results that are blocking the MR (due to the [scan result policies](https://gitlab.com/gitlab-com/gl-security/security-policies)):
+    - For true positive findings, they should be corrected before the merge request is merged. This will remove the AppSec approval required by the scan result policy.
+    - For false positive findings, something that should be discussed for risk acceptance, or anything questionable, please ping `@gitlab-com/gl-security/appsec`.
 
 ##### Deployment