Move Code Quality category back to Static Analysis

Summary and reasoning

This MR moves the Code Quality category back to Static Analysis.

A brief history:

• This category was previously in Static Analysis as of 2021 or earlier. Before then, it was in Pipeline Insights.
• It was moved to the new Secret Detection group in February 2024 (see !133169 (merged)) when we split the Secret Detection group out from Static Analysis. The group has largely not been able to invest in CQ, but the PM for Secret Detection has often been brought into customer discussions to explain why this is the case.
• Since then, the Static Analysis group has grown (including via the Oxeye acquisition).

We propose to move CQ back to Static Analysis because:

• Code Quality and SAST are philosophically similar. For example:
  • They use much of the same underlying technology.
  • Users follow the same basic workflow to understand and fix findings.
  • Many tools use the same formats, like SARIF, to report results.
• By comparison, Secret Detection and CQ are not intrinsically related.
• SAST and CQ are presented the same way in the merge request (a feature previously developed by groupstatic analysis).
• The SD group has growing responsibilities for new features like push protection.
• We believe that alignment between SAST and CQ will be a more promising path that resolves longstanding customer complaints with CQ.

Process/approvals

Approvals

Merge requests with changes to stages and groups and significant changes to categories need to be created, approved, and/or merged by each of the below:

• Chief Product Officer @david (post MR link in chief-product-officer once all others have approved and tag Gena Schwam in slack) @gschwam for triage on behalf of David
• PLT Leader relevant to the affected Section(s) @hbenson
• The Product Director relevant to the affected Section(s) - @sarahwaldner
• The Engineering Director relevant to the affected Section(s) - equivalent is @twoodham
• Director of Product Design @vkarnes

Note: Chief Product Officer approval should be requested once all other approvals have been completed. To request approval, post the MR link in the #chief-product-officer channel tagging @david and cc'ing @Gena Schwam.

The following people need to be on the merge request so they stay informed:

• Chief Technology Officer @sabrinafarmer
• Development Leader relevant to the affected Section(s) @bmarnane
• VP of Infrastructure & Quality Engineering @meks
• VP of UX @ampesta
• Director of Technical Writing @susantacker
• Engineering Productivity (by @ mentioning @gl-quality/eng-prod)
• The Product Marketing Manager relevant to the stage group(s) (FYI @dsteer)

After Approvals and Merge

• Create an issue in the gitlab-org/quality/triage-ops project to update GitLab Bot automation:
  • for Category change
  • for Stage or Group change
  • If label migration is required, please follow the self-serve instructions to get started on a one-off label migration MR
  • @connorgilbert filed Category move: Code Quality moving back to Stat... (gitlab-org/quality/triage-ops#1561 - closed) • Unassigned
• Rename Slack channels to reflect the new category/stage/group name
  • N/A
• Open an MR in the gitlab-org/gitlab project to update any reference of the previous group label to the new one
  • @connorgilbert: There don't appear to be any changes required.
• Mention the product group Technical Writer to update the documentation metadata
  • !134979 (comment 1971841568)
• Share MR in #product, #development, #g_engineering_analytics and relevant #s_, #g_, and #f_ Slack channels
  • Shared in #product, #development, #s_secure, #sec-section, #g_secure-static-analysis.
  • Note: g_engineering_analytics does not exist
• Review direction pages, groups, projects, epics, issues, templates and documentation to ensure the name change is applied consistently
  • @connorgilbert: Move and set redirects for Code Quality directi... (!135242 - merged) • Connor Gilbert
• (for group change only) Update the event and metric definitions belonging to the group by following this guide
  • @connorgilbert: There do not appear to be any metrics associated with secret_detection that need to be changed; all secret_detection metrics appear to be properly for the Secret Detection category.