<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security-Policies on Software Factory</title><link>/tags/security-policies/</link><description>Recent content in Security-Policies on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/tags/security-policies/index.xml" rel="self" type="application/rss+xml"/><item><title>Security Policies</title><link>/use/tools/gitlab/secure/policies/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/gitlab/secure/policies/</guid><description>&lt;div style="display: flex; align-items: flex-start; gap: 1.5rem; margin-bottom: 1rem; max-width: 80%;"&gt;
 &lt;img src="/logo/gitlab.svg" alt="GitLab logo"
 width="100"
 style="flex-shrink: 0;"&gt;
 &lt;div&gt;You can automate vulnerability management and enforce requirements on
merge requests, security scans, and pipeline execution with &lt;em&gt;policies&lt;/em&gt;.&lt;/div&gt;
&lt;/div&gt;

&lt;h2 id="merge-request-approval-policies"&gt;Merge Request Approval Policies&lt;a class="td-heading-self-link" href="#merge-request-approval-policies" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;GitLab enforces security requirements at the &lt;strong&gt;merge request&lt;/strong&gt; level, not at the pipeline level.
When a policy is triggered, GitLab automatically adds required approvers to the MR — the
pipeline itself continues to pass, but the &lt;strong&gt;merge is blocked&lt;/strong&gt; until the required approvals
are obtained.&lt;/p&gt;</description></item></channel></rss>