Skip to content

8. You chose poorly

Test compliance policies by adding a dependency to the project with open critical vulnerabilities.

  • 1. Find the 8-you-chose-poorly branch in Repository > Branches
  • 2. Click Merge Request to create a new MR from this branch
  • 3. Uncheck Delete source branch when merge request is accepted. if you prefer to keep the branch.
  • 4. Click Create Merge Request, wait for the pipeline to run
  • 5. Inspect the dependency scanning results on the Overview tab
  • 6. Click Mark as Ready on the Overview tab
  • 7. Note that the Merge Request requires approval due to the open vulnerability on the lodash library (although, the rule will be marked "invalid" since the only available approver is the author of the merge request)
Edited by Paul Pickhardt