Configure security features in Auto DevOps
Users can tune Auto DevOps to skip security checks by setting environment variables. We should create the option to automatically tune them in the Application Control Panel (#38542 (closed)) as well, so defining the security policy will be very easy.
Add a set of checkboxes in the Application Control Panel to enable/disable security features.
Something like this:
Enable Security Tests
- Enable SAST
- Enable Dependency Scanning
- Enable Container Scanning
- Enable DAST
on by default, users can turn
off specific features or the whole security suite if they want. This will set/unset environment variables.