Run security testing before code is committed (Vision)
Problem to solve
Users want to know if their code is good even before they commit it to the git repo. Otherwise, they need to commit and to wait for the full pipeline to start. An early feedback may be very useful to save a lot of time.
This is particularly valid for security tests. In this way the vulnerable code never lands on the project.
This requires synchronous communication with GitLab. It can be done as part of the WebIDE interactions with the runners, that don't require code to be committed or a full pipeline to start.
Some of the checks (like dependency scanning) doesn't require access to the full source code, but just to a few files. It can be run only when those specific files are modified to increase performances and optimize the usage.
Implement an integration with the WebIDE to provide security testing tools even before code has been commited to the repository.
What does success look like, and how can we measure that?
Number of sessions using the security testing features of the WebIDE.