policy name: code_review_not_required
In order to comply with separation of duties principle and enforce secure code practices, a code review should be mandatory using the source-code-management built-in enforcement.
Users can merge code without being reviewed which can lead to insecure code reaching the main branch and production.
- Make sure you have admin permissions
- Go to the repo’s settings page
- Enter “Merge Requests” tab
- Under “Merge request approvals”
- Click “Add approval rule” on the default branch rule
- Select “Approvals required” and enter at least 1 approvers”
- Select “Add approvers” and select the desired members
- Click “Add approval rule”