Add security scan profile to project

Gal Katzrequested to merge
gkatz_add_admin_security_scan_profiles_ability into master

What does this MR do and why?

Add security scan profile to project type, together with read_security_scan_profiles permission.

Changelog: added
EE: true

How to set up and validate locally

  1. Select a root group g that will be used to create a scan profile.
  2. Create a ScanProfile: 
    profile = Security::ScanProfile.create!(
namespace_id: g.id, # <- The selected group
scan_type: :secret_detection,
name: 'Test profile',
description: 'Test profile for secret detection',
gitlab_recommended: false
)
  3. Choose a project p under group g and attach the profile to it: 
    Security::ScanProfileProject.create!(
security_scan_profile_id: profile.id,
project_id: p.id
)
  4. Verify the attachment: 
    p.security_scan_profiles
  5. Sign in to your GDK as a developer (at least).
  6. Using this GraphQL query, fetch for the scan profiles attached to the project: 
     {
   project(fullPath: "<p.full_path>") {
     id
     name
     securityScanProfiles {
       id
       name
       description
       scanType
       updatedAt
       createdAt
       gitlabRecommended
     }
   }
 }
  7. Repeat with lower permission (e.g, reporter) to verify the scan profile is not accessible.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to [Backend] Add scan profile to project type (#581204 - closed) • Gal Katz • 18.7

Edited by Gal Katz

Merge request reports