Enabling SAST experience

This Issue is a follow up from the Static Analysis UX FE PM sync and is a brainstorming document on how to make it easiest for our users the enable SAST on a Project.

Demo

Current state of the enabling Process
2022-04-01_11-35-54

Issues & potential enhancements

The current process is working great but has a few weak spots IMO:

• It get's tricky when there already is an existing .gitlab-ci.yml. We will try do what's needed to add SAST to the existing file. But I feel like we could do a better job explaining what's going on in the diff. To me this really feels like manual work which has to be done to review the MR. A higher level of automation or information provided to the user would be helpful here.
• I'm not sure if it is clear to all of our users that creating the MR will not enable SAST. What will enable SAST is getting the MR merged. Even though this seems like a no-brainer for heavy-users I'm not sure it is for everybody and there is currently 0 indication of this in the process.
• An Indicator about which scanners are currently active and their state in a popular place in the project would be really helpful since it's currently taking too long to find an answer to "What's the state of the security-scans of the project I'm currently looking at"