ISSUE-502 High Quick Platform Access and Authorization
Merge request approval rule is below the minimum level of approvals required
Control: MR approval rules must have at least N approvals required · Config key: mrApprovalRulesMustHaveAtLeastNApprovals
📋 What is this?
The merge request approval rule is configured with fewer approvers than the minimum required by your Policy controls.
⚠️ Impact
Having insufficient approvals can lead to unreviewed code being merged, increasing the risk of introducing bugs, security vulnerabilities, or non-compliant changes.
🔧 How to fix
Increase the minimum number of approvals required in the merge request approval rule to meet or exceed the minimum number required by your Policy controls.
✗ Before The approval rule requires only 1 approval, but the policy requires at least 2.
# GitLab project settings — ❌ Insufficient approvals# Settings > Merge requests > Approval rules:## Rule name: Security Team# Eligible approvers: Security Team (5 members)# Approvals required: 1 ← Below minimum (2 required by policy)✓ After Approval rule meets the minimum number of required approvals.
# GitLab project settings — ✅ Sufficient approvals configured# Settings > Merge requests > Approval rules:## Rule name: Security Team# Eligible approvers: Security Team (5 members)# Approvals required: 2 ← Meets minimum requirement💡 Tips
- Set the minimum in your Plumber Platform policy under
mrApprovalRulesMustHaveAtLeastNApprovals.minimumApprovals. - Consider requiring different approval counts for different branch patterns (e.g., more for
main). - Combine with code owner approvals for critical areas of your codebase.