Document API Security scanner concepts

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem

A team member new to the code base needs to understand a lot of concepts that are specific to our application. It would also be helpful to know which concepts are less important to understand, because they are not relevant to GitLab's current usage of the application, so that they can focus their attention on more important topics.

Proposal

Create high-level documentation of the major concepts of the scanner, how they relate to each other, and to what degree they are used in the GitLab offering.

1. Session/Job
   1. Local/Remote/Worker
2. Project/ProjectFile
3. Profile
4. Check
   • This does not include documenting each individual check, but rather what checks are and how they are used, and the subtypes.
   1. Global
   2. Passive
   3. Active
   4. Mutation
5. Machine/Strategy
6. Proxy
7. Runner
8. Spec/SpecFile
9. Request
10. Parameter
11. Exchange
12. Route
13. Finding
14. Report

/cc @mikeeddington @sethgitlab @derekferguson @herbmadrigal