Add button to Security Configuration to enable SAST scanning
requested to merge 220573-frontend-modify-secure-configuration-page-to-provide-entry-point-to-sast-config-ui-page-2 into master
What does this MR do?
Add button to enable SAST scanning
This adds a button to the Security Configuration page, allowing the user to enable SAST scanning via a merge request with a simple click. This button is only displayed when:
- The
sast_configuration_by_click
feature flag is enabled. - The project does not have an existing
.gitlab-ci.yml
file.
Some other changes include (and are not behind any feature flag):
- Add third status text string for when Auto DevOps is enabled.
- Add third column headed "Manage" to the Security Configuration
table, which contains a link to that scanner's documentation. This
is where the button appears in the SAST case when the
sast_configuration_by_click
feature flag is enabled. - Extract
thClass
constant in app component. - Do not guard the
SASTConfigurationController#create
action behind the sast_configuration_ui feature flag. This feature flag is intended for a future iteration when an actual configuration UI exists for SAST, which is what that controller is actually for. In this iteration, it's simply a placeholder for the temporary REST endpoint, which will be replaced by a GraphQL mutation in another iteration.
This is an MVC for creating a Configuration UI for SAST. Some technical debt has been incurred here:
- The REST (POST) endpoint used to create the merge request will be replaced by a GraphQL mutation.
- The
type
of each feature has been added to the security configuration features exposed to the fronted. This should be replaced by a field exposing the scanner's configuration UI path (or similar). - The CreateMergeRequestButton component will likely be removed in the next iteration of the SAST Configuration UI, particularly if the GraphQL mutation is ready by then.
Addresses #220573 (closed), part of Configuration UI for SAST.
Screenshots
sast_configuration_by_click
disabled
Before | After |
---|---|
sast_configuration_by_click
enabled
Auto DevOps disabled | Auto DevOps enabled |
---|---|
Demo video demonstrating redirection to new MR page
(Follow the Testing locally steps to reproduce this.)
Testing locally
- Enable the
sast_configuration_by_click
feature flag - Merge in the backend work from !36225 (merged)
- Navigate to the Security Configuration page for a project which does not have a
.gitlab-ci.yml
file in its repository.
Note: This MR is not blocked by !36225 (merged), since the parts that depend on it are hidden behind the sast_configuration_by_click
feature flag.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Edited by Mark Florian