AWS Security ChangesHomeSearch

AWS amazonq low security documentation change

Service: amazonq · 2025-05-19 · Security-related low

File: amazonq/latest/qdeveloper-ug/gitlab-concepts.md

Summary

Clarified code review behavior to only trigger on new/reopened merge requests and added manual review instructions

Security assessment

Change limits automatic code review triggers which could prevent unintended exposure of sensitive code through subsequent commits. However, this is more of a feature behavior change than a direct security fix.

Diff

diff --git a/amazonq/latest/qdeveloper-ug/gitlab-concepts.md b/amazonq/latest/qdeveloper-ug/gitlab-concepts.md
index 8cb2988be..a705c66df 100644
--- a//amazonq/latest/qdeveloper-ug/gitlab-concepts.md
+++ b//amazonq/latest/qdeveloper-ug/gitlab-concepts.md
@@ -148 +148,5 @@ The source version of a Maven project needs to be identified before you can tran
-  * `/q review` – Allows you to initiate a merge request review in GitLab Duo with Amazon Q. An automatic code review is initiated for new merge requests. As a GitLab administrator, you can also configure Amazon Q to turn off automatic reviews. Automated code reviews identify and fix potential issues as Amazon Q generates and suggests code fixes to your merge request. Additionally, automated code reviews provide quality checks, analyzing for quality issues, logical errors, anti-patterns, code duplication, and more. Amazon Q iterates on in-line feedback you provide and gives you code analysis with comments, with each comment providing a separate finding. After committing Amazon Q feedback, the merge request description is updated. This quick action is available for all languages. You can configure code review to run automatically on every new merge request within your GitLab instance or group. For more information, see [Review a merge request](https://docs.gitlab.com/ee/user/duo_amazon_q/#review-a-merge-request).
+  * `/q review` – Allows you to initiate a merge request review in GitLab Duo with Amazon Q. An automatic code review is initiated for new merge requests. As a GitLab administrator, you can also configure Amazon Q to turn off automatic reviews. Automated code reviews identify and fix potential issues as Amazon Q generates and suggests code fixes to your merge request. They provide quality checks, analyzing for issues, logical errors, anti-patterns, code duplication, and more.
+
+Amazon Q gives you code analysis with comments, with each comment providing a separate finding. This quick action is available for all languages. Automatic code reviews are initiated when you open new merge requests or reopen previously closed ones. However, automatic code reviews won't be triggered by subsequent commits made within an existing merge request. You can manually trigger a code review by using the `/q review` quick action.
+
+You can configure code reviews to run automatically on every new merge request within your GitLab instance or group. For more information, see [Review a merge request](https://docs.gitlab.com/ee/user/duo_amazon_q/#review-a-merge-request).