Ensure to prevent approvals by users who add commits
By default, users who commit to a merge request can still approve it. You can prevent committers from approving merge requests that are partially their own at both the project and instance level.
Risk Level: medium
Platform: Gitlab
Spectral Rule ID: GL-HRD003
REMEDIATION
To do this:
SaaS:
- Go to your project and select
Settings > General
. - Expand Merge request (MR) approvals.
- Select the "Prevent approvals by users who add commits" checkbox. If this checkbox is cleared, an administrator has disabled it at the instance level, which cannot be changed at the project level.
- Select Save changes.
Read more:
Updated over 1 year ago