[Backend] Support pipeline based scans

Summary

Security scan profiles with merge_request_pipeline or default_branch_pipeline triggers should automatically add scan jobs to pipelines and enable pipelines when no other configuration source exists.

Requirements

  • Security scan profiles should add scan jobs to pipelines when configured with:
    • merge_request_pipeline trigger
    • default_branch_pipeline trigger
  • Pipelines should be automatically enabled if no other source is present:
    • No CI file configuration
    • No security policy configuration
    • No Auto DevOps configuration

Scope

Phase 1 Focus: SAST

  • Priority scanner: gitlab-advanced-sast

Expected Behavior

When a security scan profile is configured with the specified triggers and no other pipeline sources exist, we should:

  1. Add the appropriate SAST scan jobs to the pipeline
  2. Enable pipeline execution
  3. Prioritize using the gitlab-advanced-sast scanner over other SAST scanners

Description was generated using AI

Edited by Gal Katz