ISSUE-503 High Quick Access and Authorization
Merge request approval settings are not compliant
Control: MR approval settings must be compliant · Config key: mrApprovalSettingsMustBeCompliant
📋 What is this?
The current merge request approval settings do not align with your Policy controls.
⚠️ Impact
Non-compliance with approval settings may lead to unreviewed code being merged, increasing the risk of introducing bugs, security vulnerabilities, or non-compliant changes.
🔧 How to fix
Update the merge request approval settings of the project to ensure compliance with your Policy controls.
✗ Before Approval settings allow the author to approve their own MR and don't reset on new commits.
# GitLab project settings — ❌ Non-compliant approval settings# Settings > Merge requests > Approvals:## Prevent approval by author: false ← Author can approve own MR# Prevent approvals by users who add commits: false# Remove all approvals when commits are added: false## These settings allow the MR author to approve their own changes,# and approvals remain valid even after new commits are pushed.✓ After Approval settings prevent self-approval and reset on new commits.
# GitLab project settings — ✅ Compliant approval settings# Settings > Merge requests > Approvals:## Prevent approval by author: true# Prevent approvals by users who add commits: true# Remove all approvals when commits are added: true## .plumber.yamlcontrols: mrApprovalSettingsMustBeCompliant: enabled: true preventApprovalByAuthor: true preventApprovalByCommitAuthor: true resetApprovalsOnPush: true💡 Tips
- Enable 'Prevent approval by author' to ensure code is reviewed by someone other than the author.
- 'Remove all approvals when commits are added' ensures the latest changes are always reviewed.
- These settings can also be enforced at the group level for consistency.
⚙️ Configuration
This control is configured in .plumber.yaml under the key:
controls:
mrApprovalSettingsMustBeCompliant:
enabled: trueSee the CLI documentation for the full configuration reference.