Adds the security_reports_mr_widget_prompt experiment feature flag

What does this MR do and why?

It adds a base experiment for a front end feature that hasn't been written yet. Part of https://gitlab.com/gitlab-org/gitlab/-/issues/333179.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

1. Load any MR page and inspect window.gon.experiment and see that our security_reports_mr_widget_prompt experiment will be present and the variant will be control.
2. Check the experiments_subject table to see that the namespace has been added to that table.
3. Enable the experiment feature flag.

   Feature.enable(:security_reports_mr_widget_prompt, true)

4. Load any MR page and inspect window.gon.experiment and see that our security_reports_mr_widget_prompt experiment will be present and the variant will be candidate.
5. Check the experiments_subject table to see that the variant has been updated there.

MR acceptance checklist

These checklists encourage us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Quality

• Quality checklist confirmed

1. I have self-reviewed this MR per code review guidelines.
2. For the code that that this change impacts, I believe that the automated tests (Testing Guide) validate functionality that is highly important to users (including consideration of all test levels). If the existing automated tests do not cover this functionality, I have added the necessary additional tests or I have added an issue to describe the automation testing gap and linked it to this MR.
3. I have considered the technical aspects of the impact of this change on both gitlab.com hosted customers and self-hosted customers.
4. I have considered the impact of this change on the front-end, back-end, and database portions of the system where appropriate and applied frontend, backend and database labels accordingly.
5. I have tested this MR in all supported browsers, or determiend that this testing is not needed.
6. I have confirmed that this change is backwards compatible across updates, or I have decided that this does not apply.
7. I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
8. If I am introducing a new expectation for existing data, I have confirmed that existing data meets this expectation or I have made this expectation optional rather than required.

Performance, reliability, and availability

• Performance, reliability, and availability checklist confirmed

1. I am confident that this MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
2. I have added information for database reviewers in the MR description, or I have decided that it is unnecessary. (Does this MR have database-related changes?)
3. I have considered the availability and reliability risks of this change. I have also considered the scalability risk based on future predicted growth
4. I have considered the performance, reliability and availability impacts of this change on large customers who may have significantly more data than the average customer.

Documentation

• [-] Documentation checklist confirmed

1. I have included changelog trailers, or I have decided that they are not needed. (Does this MR need a changelog?)
2. I have added/updated documentation, or I have decided that documentation changes are not needed for this MR. (Is documentation required?)

Security

• Security checklist confirmed

1. I have confirmed that if this MR contains changes to processing or storing of credentials or tokens, authorization, and authentication methods, or other items described in the security review guidelines, I have added the label security and I have @-mentioned @gitlab-com/gl-security/appsec.

Deployment

• Deployment checklist confirmed

1. I have considered using a feature flag for this change because the change may be high risk. If I decided to use a feature flag, I plan to test the change in staging before I test it in production, and I have considered rolling it out to a subset of production customers before doing rolling it out to all customers. When to use a feature flag
2. I have informed the Infrastructure department of a default setting or new setting change per definition of done, or decided that this is not needed.

assigned to @jejacks0n

changed title from Adds enable security features experiment to Adds the security_reports_mr_widget_prompt experiment for a front end feature.

changed the description

changed milestone to %14.3

added feature flag groupadoption [DEPRECATED] growth experiment labels

added backend label

	1 Message
	CHANGELOG missing: If you want to create a changelog entry for GitLab FOSS, add the Changelog trailer to the commit message you want to add to the changelog. If you want to create a changelog entry for GitLab EE, also add the EE: true trailer to your commit message. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Maxime Orefice (@morefice) (UTC-4, 2 hours ahead of @jejacks0n)	Peter Leitzen (@splattael) (UTC+2, 8 hours ahead of @jejacks0n)

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added featureenhancement label and removed backend label

added typefeature label

added 1 commit

• 984c0ea1 - Adds enable security features experiment

Compare with previous version

added backend label

mentioned in merge request !70090 (merged)

added 1 commit

• 74e733d6 - Adds enable security features experiment

Compare with previous version

Setting label(s) devopsgrowth sectiongrowth based on groupadoption.

added devopsgrowth sectiongrowth labels

@tigerwnz, can you give this a review please? Ignore the dangerbot warnings about missing documentation and changelog - experiments are like feature flags, and for whatever reason the issue has never been solved with the feature labels being used on experiments. Maybe someone can chime in and let me know if there's a nice way to resolve those warnings on feature flag MRs?

requested review from @tigerwnz

added 2124 commits

• 74e733d6...2108cc52 - 2123 commits from branch master
• 6117966c - Adds enable security features experiment

Compare with previous version

approved this merge request