[Feature flag] Enable on-demand scans scheduler

Feature

This feature uses the :dast_on_demand_scans_scheduler feature flag!

This feature flag controls the ability to defined schedules for running on-demand DAST scans.

• On-demand DAST scan scheduler

Owners

• Team: Dynamic Analysis
• Most appropriate slack channel to reach out to: #g_secure-dynamic-analysis
• Best individual to reach out to: @mc_rocha @pgascouvaillancourt
• PM: @derekferguson

The Rollout Plan

• Rollout on GitLab.com for a certain period (~1 milestone)
• Rollout Feature for everyone as soon as it's ready

Beta Groups/Projects:

• /gitlab-org/security-products/dast-testing project

Expectations

What are we expecting to happen?

Users should be able to defined schedules to run on-demand scans. DAST scans should be triggered properly based on these schedules.

What might happen if this goes wrong?

• Broken on-demand scans form.
• Scheduled scans not running.

What can we monitor to detect problems with this?

TBD

Rollout Timeline

Initial Rollout

Preparation Phase

• Enable on staging (/chatops run feature set feature_name true --staging)

• Test on staging

• Ensure that documentation has been updated (More info)

• Announce on the issue an estimated time this will be enabled on GitLab.com

Partial Rollout Phase

• Enable on GitLab.com for individual groups/projects listed above and verify behaviour (/chatops run feature set --project=gitlab-org/gitlab feature_name true)

• Verify behaviour (See Beta Groups) and add details with screenshots as a comment on this issue

• Make the feature flag enabled by default i.e. Change default_enabled to true

• Cross post chatops slack command to #support_gitlab-com (more guidance when this is necessary in the dev docs) and in your team channel

Cleanup

This is an important phase, that should be either done in the next Milestone or as soon as possible. For the cleanup phase, please follow our documentation on how to clean up the feature flag.

• Announce on the issue that the flag has been enabled

• Remove :dast_on_demand_scans_scheduler feature flag

  • Remove all references to the feature flag from the codebase
  • Remove the YAML definitions for the feature from the repository
  • Create a Changelog Entry

• Clean up the feature flag from all environments by running this chatops command in #production channel /chatops run feature delete some_feature.

Final Step

• Close this rollout issue for the feature flag after the feature flag is removed from the codebase.

Rollback Steps

• This feature can be disabled by running the following Chatops command:

/chatops run feature set dast_on_demand_scans_scheduler false