Change Scanner and Site Profile Configuration Pages for Browser Based On Demand DAST

Since Browser Based DAST varies slightly in the supported configuration, the Scanner and Site Profile Configuration Pages will need some minor changes.

• Edit Scanner Profile pages:
  • Project Page -> On-demand Scans (under Security and Compliance) -> Change Scanner Profile -> Edit button
  • Project Page -> Security Configuration (under Security and Compliance) -> Scanner Profiles tab -> 3 button menu against any existing profile -> Edit
• New scanner profile pages:
  • Project Page -> On-demand Scans (under Security and Compliance) -> Select Scanner Profile -> New Scanner Profile
  • Project Page -> Security Configuration (under Security and Compliance) -> New -> Scanner Profile
• Edit Site Profile pages:
  • Project Page -> On-demand Scans (under Security and Compliance) -> Select Site Profile -> Edit button
  • Project Page -> Security Configuration (under Security and Compliance) -> Site Profiles tab -> 3 button menu against any existing profile -> Edit
• New site profile pages:
  • Project Page -> On-demand Scans (under Security and Compliance) -> Select Site Profile -> New Profile
  • Project Page -> Security Configuration (under Security and Compliance) -> New -> Site Profile

Implementation Plan

The following should happen if the feature flag for Browser Based ODS (dast_ods_browser_based_scanner) is turned on.

1. backend Push the feature flag as needed in controllers (https://docs.gitlab.com/ee/development/feature_flags/#frontend)
2. Remove the "AJAX Spider" checkbox from the above pages.
3. Modify the tooltip for "Additional Request Headers" to:
   1. point to the documentation for Browser Based DAST (https://docs.gitlab.com/ee/user/application_security/dast/browser_based.html#available-cicd-variables)
   2. Edit the copy to "Headers may appear in vulnerability reports"

Related Epic: &11429 (closed)