Add Security Policies V2 frontend (SDLC Policy Framework)

Alexander Turinskerequested to merge
policies-v2-frontend into master

What does this MR do and why?

Introduces a new security_policies_v2 feature-flagged frontend under ee/app/assets/javascripts/security_policies/ — a standalone Vue app that implements the SDLC Policy Framework v2 prototype as a guided 4-step policy creation wizard and a dashboard-style list page.

This is a prototype implementation to validate the v2 UX before wiring up real backend APIs. All UI is behind the security_policies_v2 feature flag and the existing security_orchestration module is untouched.

What's included:

  • Policy list page with summary tiles, stats bar, filter/search bar, and policy rows
  • 4-step wizard: Details & Scope → Trigger → Rules → Actions
  • 19 trigger types, 35 rule types, 20 action types matching the v2 prototype
  • All triggers, rules, and actions have full inline config panels driven by a single generic_config.vue schema renderer (field types: text, select, multi_badge, toggle, textarea, segment, sla_matrix)
  • Enforcement mode selector (Enforce/Warn/Audit) with visual card selection
  • Scope selector (All projects / Targeted)
  • Rules and actions support AND/OR logic operators and collapsible accordion items
  • Jest unit tests for all components

References

Screenshots or screen recordings

How to set up and validate locally

  1. Enable the feature flag in the rails console: 
    Feature.enable(:security_policies_v2)
  2. Navigate to any project's security policies page, e.g.: http://gdk.test:3000/<namespace>/<project>/-/security/policies
  3. You should see the new v2 Policies list page with summary tiles and stats bar.
  4. Click New policy to open the 4-step wizard.
  5. Step 1 — Details & Scope:
    • Enter a policy name and optional description
    • Select an enforcement mode (Enforce / Warn / Audit) — card should highlight blue on selection
    • Toggle between "All projects" and "Targeted" scope
    • Click Next
  6. Step 2 — Trigger:
    • 19 trigger cards are shown in a 2-column grid
    • Click any card — it should highlight with a blue border and show an inline config panel below the grid with relevant fields
    • All 19 triggers have config panels; fill in some fields and click Next
  7. Step 3 — Rules:
    • Click any rule card — it is immediately added to the rules list above
    • Added rules are collapsible accordion items with their own inline config panels
    • Add multiple rules and toggle AND/OR operators between them
    • Click Next
  8. Step 4 — Actions:
    • Same add-to-list behaviour as rules
    • Click Save Policy to complete the wizard (returns to list page)

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alexander Turinske

Merge request reports