Ensure requiring user password to approve

By default, users who commit to a merge request can still approve it. You can prevent committers from approving merge requests that are partially their own at both the project level or instance level.

Risk Level: medium
Platform: Gitlab
Spectral Rule ID: GL-HRD004

REMEDIATION

To do this:

SaaS:

  1. Enable password authentication for the web interface, as described here.
  2. Go to your project and select Settings > General.
  3. Expand Merge request (MR) approvals.
  4. Select the "Require user password to approve" checkbox.
  5. Select Save changes.

Read more: