Allow user to specify opt-in/out setting for suggested solution per scan type
Problem to solve
Context: In #36500 (closed) introduce auto-creating merge request with fixes. This will apply to container and dependency scanning results with fixes available (suggested solutions). The feature is on/opt-in by default, once either or both scanners are configured.
Problem: (In the case that both scanners are configured, therefore the feature is opted-in). If the user wanted to opt-out of one of the scans suggested solutions, opt-ing out would disable suggested solutions for both scan types. As seen below, in the MVC, the opt-out didn't specify the scan type to out out from.
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sam (Security Analyst)
- Simone (Software Engineer in Test)
- Allison (Application Ops)
Proposal
Display two opt-in/out options for the user to select for feature enable/disable: 1) dependency scanning, and 2) container scanning.
Permissions and Security
The developer may view, but checkboxes are disabled. The maintainer and above may make changes.
Documentation
...
Availability & Testing
SET should create a new end to end test that supports this functionality. Toggle suggested solution for scan types on/off, then attempt to run a scan, observe that the expected results occur for suggested solutions.
What does success look like, and how can we measure that?
- User is able to opt-in on one scan feature and opt-out of the other vs all or nothing
What is the type of buyer?
Links / references
...