ISSUE-502 High Quick Access and Authorization
Merge request approval rule is below the minimum level of approvals required
Control: MR approval rules must have at least N approvals required · Config key: mrApprovalRulesMustHaveAtLeastNApprovals
📋 What is this?
The merge request approval rule is configured with fewer approvers than the minimum required by your Policy controls.
⚠️ Impact
Having insufficient approvals can lead to unreviewed code being merged, increasing the risk of introducing bugs, security vulnerabilities, or non-compliant changes.
🔧 How to fix
Increase the minimum number of approvals required in the merge request approval rule to meet or exceed the minimum number required by your Policy controls.
✗ Before The approval rule requires only 1 approval, but the policy requires at least 2.
# GitLab project settings — ❌ Insufficient approvals# Settings > Merge requests > Approval rules:## Rule name: Security Team# Eligible approvers: Security Team (5 members)# Approvals required: 1 ← Below minimum (2 required by policy)## .plumber.yaml# mrApprovalRulesMustHaveAtLeastNApprovals:# enabled: true# minimumApprovals: 2✓ After Approval rule meets the minimum number of required approvals.
# GitLab project settings — ✅ Sufficient approvals configured# Settings > Merge requests > Approval rules:## Rule name: Security Team# Eligible approvers: Security Team (5 members)# Approvals required: 2 ← Meets minimum requirement## .plumber.yamlcontrols: mrApprovalRulesMustHaveAtLeastNApprovals: enabled: true minimumApprovals: 2💡 Tips
- Set the minimum in
.plumber.yamlundermrApprovalRulesMustHaveAtLeastNApprovals.minimumApprovals. - Consider requiring different approval counts for different branch patterns (e.g., more for
main). - Combine with code owner approvals for critical areas of your codebase.
⚙️ Configuration
This control is configured in .plumber.yaml under the key:
controls:
mrApprovalRulesMustHaveAtLeastNApprovals:
enabled: trueSee the CLI documentation for the full configuration reference.