8. You chose poorly
Test compliance policies by adding a dependency to the project with open critical vulnerabilities.
-
1. Find the 8-you-chose-poorly
branch inRepository > Branches
-
2. Click Merge Request
to create a new MR from this branch -
3. Uncheck Delete source branch when merge request is accepted.
if you prefer to keep the branch. -
4. Click Create Merge Request
, wait for the pipeline to run -
5. Inspect the dependency scanning results on the Overview
tab -
6. Click Mark as Ready
on theOverview
tab -
7. Note that the Merge Request requires approval due to the open vulnerability on the lodash library (although, the rule will be marked "invalid" since the only available approver is the author of the merge request)
Edited by Paul Pickhardt