AWS devopsagent documentation change
Summary
Added new section 'Configuring Code Review and Automated Testing' explaining how to enable automated security reviews and sandbox testing for GitLab merge requests
Security assessment
The change introduces documentation for automated security features (release readiness code reviews and sandbox testing) that help identify vulnerabilities in merge requests. It promotes security best practices through automated scanning and isolated testing environments, but doesn't address a specific existing vulnerability.
Diff
diff --git a/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-gitlab.md b/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-gitlab.md index cfe5ec910..b790bd693 100644 --- a//devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-gitlab.md +++ b//devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-gitlab.md @@ -7 +7 @@ -Registering GitLab (account-level)Connecting projects to an Agent SpaceManaging GitLab connections +Registering GitLab (account-level)Connecting projects to an Agent SpaceConfiguring Code Review and Automated TestingManaging GitLab connections @@ -111,0 +112,32 @@ AWS DevOps Agent will monitor these projects for deployments from GitLab Pipelin +## Configuring Code Review and Automated Testing + +When you select projects in the GitLab connection step, they are automatically added to the **Code Review and Automated Testing** section. This section configures which projects will automatically trigger a [Release readiness code reviews](./release-management-release-readiness-code-review.html) when a merge request is created. + +The Code Review and Automated Testing configuration includes: + + * **Project list** — Shows all projects you selected during the connection step. Use the search field to filter projects by name. + + * **Change review** — When enabled for a project, AWS DevOps Agent automatically runs a release readiness code review each time a merge request is opened or updated. Review findings appear as inline comments on the merge request. This is enabled by default for all connected projects. + + * **Runtime role** — Select the IAM role that DevOps Agent assumes to access internal services needed during builds, such as GitLab self-hosted instances and artifact storage systems. We recommend using a different role from your primary agent role. + + + + +To configure automated code reviews and automated sandobx testing: + + 1. After connecting your projects, navigate to the **Code Review and Automated Testing** section in your GitLab integration settings. + + 2. Verify that the **Change review** checkbox is enabled for each project where you want automatic merge request reviews. + + 3. Verify that the **Automated sandbox testing** is enabled to enable [Simulated Verification](./release-management-release-readiness-code-review.html) in an AWS-managed sandbox environment. + + 4. Select an IAM role from the **Runtime role** dropdown that DevOps Agent will assume when running automated capabilities. + + 5. Choose **Save** to apply your configuration. + + + + +Once configured, any new merge request in an enabled project will automatically trigger a release readiness code review. For more information about code reviews, see [Release readiness code reviews](./release-management-release-readiness-code-review.html). +