policy name: repository_allows_committer_approvals_policy
severity: LOW
The repository allows merge request contributors (that aren't the merge request author), to approve the merge request. To ensure merge request review is done objectively, it is recommended to toggle this option off.
Users can merge code without being reviewed which can lead to insecure code reaching the main branch and production.
- Make sure you have admin permissions
- Go to the repo's settings page
- Enter "Merge Requests" tab
- Under "Approval settings"
- Check "Prevent approvals by users who add commits"
- Click "Save Changes"