Policies in GitLab provide security teams a way to require scans of their choice to be run whenever a project pipeline runs according to the configuration specified. Policies can also be setup to require security team approvals if vulnerabilities are detected.
With policies security teams can therefore be confident that the scans they set up have not been changed, altered, or disabled and that vulnerabilities don't make it into the production code base.
