Communicate required permission level to run on-demand scans
Problem
On-Demand Scans are associated with a branch. In order to run an on-demand scan against a protected branch, the user has to have permission to either "merge to protected branch" or "push to protected branch". This needs to be communicated to the user in a better way.
If the user creating an on-demand scan has neither of these permissions, the following error is displayed:
Proposal
- Update the on-demand DAST scan documentation (https://docs.gitlab.com/ee/user/application_security/dast/on-demand_scan.html#run-an-on-demand-dast-scan) to explicitly indicate that either of the two permissions are required to run an on-demand scan against a protected branch.
- Update the "New Scan" (
...<project>/-/on_demand_scans/new
) configuration UI to indicate the level of permission required if the chosen branch is protected. This can be added as a sentence next to "Scan results will be associated with the selected branch" under the Branch selection heading.