Add default SAST scan profile

Gal Katzrequested to merge
gkatz_add_sast_scan_profile into master

What does this MR do and why?

Add default SAST scan profile based on Design: Enablement-only SAST profile (#591552) • Michael Fangman

Changelog: changed
EE: true

How to set up and validate locally

  1. Select a root group g without SAST security scan profiles.
  2. Use this GraphQL query to get the available (default) profiles: 
    query test {
  group(fullPath: "<g.full_path>") {
    availableSecurityScanProfiles(type: SAST) {
      id
      scanType
      name
      description
      gitlabRecommended
      triggers
    }
  }
}
  3. Verify there is no SAST profiles available.
  4. Use this mutation to attach the default sast profile to the projects under group g, and verify it fails with The resource that you are attempting to access does not exist: 
        mutation {
   securityScanProfileAttach(
     input: {
       securityScanProfileId: "gid://gitlab/Security::ScanProfile/sast"
       groupIds: ["gid://gitlab/Group/<g.id>"]
     }
   ) {
     errors
   }
 }
  5. Turn :security_scan_profiles_sast feature flag on:
    Feature.enable(:security_scan_profiles_sast)
  6. Using the same query, verify that default SAST profile is returned with the correct name, description and triggers.
  7. Using the same mutation, verify you are able to attach the default SAST profile to projects under g.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to [Backend] Add default SAST profile (#591256) • Gal Katz • 18.11

Edited by Gal Katz

Merge request reports