Add default DS scan profile

Gal Katzrequested to merge
gkatz_add_ds_default_profile into master

What does this MR do and why?

Add default DS scan profile based on Design: Enablement-only dependency scanning pro... (#591553) • Michael Fangman • 18.11

Changelog: changed
EE: true

How to set up and validate locally

  1. Select a root group g without DS security scan profiles.
  2. Use this GraphQL query to get the available (default) profiles: 
    query test {
  group(fullPath: "<g.full_path>") {
    availableSecurityScanProfiles(type: DEPENDENCY_SCANNING) {
      id
      scanType
      name
      description
      gitlabRecommended
      triggers
    }
  }
}
  3. Verify there is no DEPENDENCY_SCANNING profiles available.
  4. Use this mutation to attach the default dependency_scanning profile to the projects under group g, and verify it fails with The resource that you are attempting to access does not exist: 
        mutation {
   securityScanProfileAttach(
     input: {
       securityScanProfileId: "gid://gitlab/Security::ScanProfile/dependency_scanning"
       groupIds: ["gid://gitlab/Group/<g.id>"]
     }
   ) {
     errors
   }
 }
  5. Turn :security_scan_profiles_dependency_scanning feature flag on:
    Feature.enable(:security_scan_profiles_dependency_scanning)
  6. Using the same query, verify that default DEPENDENCY_SCANNING profile is returned with the correct name, description and triggers.
  7. Using the same mutation, verify you are able to attach the default DEPENDENCY_SCANNING profile to projects under g.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to [Backend] Add default DS profile (#593009) • Gal Katz • 18.11

Merge request reports