Enabling a security scanner via GUI should not delete commented-out code in .gitlab-ci.yml
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Many of GitLab's security scanners can be added to a CI/CD pipeline using the GitLab GUI: if you navigate to Security & Compliance > Configuration, many of the scanners have buttons that allow you to create a merge request. That auto-generated MR edits .gitlab-ci.yml to enable whatever scanner you've chosen.
This works fine, but the auto-generated MR removes any commented-out code that's already in .gitlab-ci.yml. In most cases, it probably makes more sense to keep that commented-out code in .gitlab-ci.yml. The author deliberately commented it out rather than removing it, so there's probably a reason they want the commented-out version to stick around in that file.
I see this behavior when enabling either SAST or Dependency Scanning with the GUI, but it might occur when enabling other scanners as well (I just haven't tried them).
My feature request is for the auto-generated merge request to leave any commented-out code in .gitlab-ci.yml as-is.
