| Field | Value |
|---|---|
| Category | CICD-SEC-1 |
| Platform | GitLab CI |
| Severity | MEDIUM |
| Auto-fix | ✗ |
What the check does
Flags a project that requires zero approvals before merge. (Premium-tier setting; skipped when the approvals API is unavailable.)Why it matters
With no required approvals, a single actor can author and merge changes unreviewed — removing the two-person-integrity control that catches malicious or mistaken changes. Require at least one (ideally two) approvals under Settings → Merge requests → Approval rules. This is a GitLab project-settings check: it reads the project configuration over the GitLab API (CLI:--git at a GitLab host with --gitlab-token; the web
app uses its connected GitLab token) and reports under the Repository
configuration group. See the rules overview.