Merge branch 'kmann-master-patch-89285' into 'master'

Add 'License-Approval' to license compliance page

See merge request gitlab-org/gitlab!35246

doc/user/application_security/index.md

@@ -296,14 +296,16 @@ An approval is optional when a security report:
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13067) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.3.
 
-To enable License Approvals, a [project approval rule](../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium)
-must be created with the case-sensitive name `License-Check`. This approval group must be set
-with the number of approvals required greater than zero.
-
-Once this group is added to your project, the approval rule is enabled for all Merge Requests. To
-configure how this rule behaves, you can choose which licenses to `allow` or `deny` in the
-[project policies for License Compliance](../compliance/license_compliance/index.md#policies)
-section.
+`License-Check` is an approval rule you can enable to allow an individual or group to approve a
+merge request that contains a `denied` license.
+
+You can enable `License-Check` one of two ways:
+
+- Create a [project approval rule](../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium)
+  with the case-sensitive name `License-Check`.
+- Create an approval group in the [project policies section for License Compliance](../compliance/license_compliance/index.md#policies).
+  You must set this approval group's number of approvals required to greater than zero. Once you
+  enable this group in your project, the approval rule is enabled for all merge requests.
 
 Any code changes cause the approvals required to reset.
 

doc/user/compliance/license_compliance/index.md

@@ -46,7 +46,7 @@ When GitLab detects a **Denied** license, you can view it in the [license list](
 
 You can view and modify existing policies from the [policies](#policies) tab.
 
-![Edit Policy](img/policies_maintainer_edit_v13_0.png)
+![Edit Policy](img/policies_maintainer_edit_v13_2.png)
 
 ## Use cases
 
@@ -657,34 +657,39 @@ and the associated classifications for each.
 
 Policies can be configured by maintainers of the project.
 
-![Edit Policy](img/policies_maintainer_edit_v13_0.png)
-![Add Policy](img/policies_maintainer_add_v13_0.png)
+![Edit Policy](img/policies_maintainer_edit_v13_2.png)
+![Add Policy](img/policies_maintainer_add_v13_2.png)
 
 Developers of the project can view the policies configured in a project.
 
 ![View Policies](img/policies_v13_0.png)
 
-## License Compliance report under pipelines
+### Enabling License Approvals within a project
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5491) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.2.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13067) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.3.
 
-From your project's left sidebar, navigate to **CI/CD > Pipelines** and click on the
-pipeline ID that has a `license_scanning` job to see the Licenses tab with the listed
-licenses (if any).
+`License-Check` is an approval rule you can enable to allow an approver, individual, or group to
+approve a merge request that contains a `denied` license.
 
-![License Compliance Pipeline Tab](img/license_compliance_pipeline_tab_v13_0.png)
+You can enable `License-Check` one of two ways:
 
-<!-- ## Troubleshooting
+- Create a [project approval rule](../../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium)
+  with the case-sensitive name `License-Check`.
+- Create an approval group in the [project policies section for License Compliance](#policies).
+  You must set this approval group's number of approvals required to greater than zero. Once you
+  enable this group in your project, the approval rule is enabled for all merge requests.
 
-Include any troubleshooting steps that you can foresee. If you know beforehand what issues
-one might have when setting this up, or when something is changed, or on upgrading, it's
-important to describe those, too. Think of things that may go wrong and include them here.
-This is important to minimize requests for support, and to avoid doc comments with
-questions that you know someone might ask.
+Any code changes cause the approvals required to reset.
 
-Each scenario can be a third-level heading, e.g. `### Getting error message X`.
-If you have none to add when creating a doc, leave this section in place
-but commented out to help encourage others to add to it in the future. -->
+An approval is required when a license report:
+
+- Contains a dependency that includes a software license that is `denied`.
+- Is not generated during pipeline execution.
+
+An approval is optional when a license report:
+
+- Contains no software license violations.
+- Contains only new licenses that are `allowed` or unknown.
 
 ## Troubleshooting
 

ee/app/controllers/projects/licenses_controller.rb

@@ -5,7 +5,7 @@ module Projects
     before_action :authorize_read_licenses!, only: [:index]
     before_action :authorize_admin_software_license_policy!, only: [:create, :update]
     before_action do
-      push_frontend_feature_flag(:license_approvals, default_enabled: false)
+      push_frontend_feature_flag(:license_approvals, default_enabled: true)
       push_frontend_feature_flag(:license_compliance_denies_mr, default_enabled: false)
     end
 

ee/changelogs/unreleased/kmann-master-patch-89285.yml

+---
+title: Add license approval rule section and enable feature by default
+merge_request: 35246
+author:
+type: added