SAST Config UI - Analyzers
## Problem to Solve Provide UI to easily configure SAST analyzers **Note:** Button labels should be `Expand` and `Collapse` ## Collapsed analyzer section (Default) ![image](/uploads/f77283c4e6754ac85b9aea4ba99312fb/image.png) ## Expanded analyzer section (user clicked `Expand` button) ![image](/uploads/2f4e9054400d3ea8e0481a3ce6f2b0d8/image.png) ## Unchecked analyzer ("off" state) See Flawfinder example below where text input is disabled ![image](/uploads/39df94ce59a6653c9021c1e591275803/image.png) ## Implementation Strategy ~frontend (this is perhaps best done _after_ https://gitlab.com/gitlab-org/gitlab/-/issues/227575, otherwise *more* would have to ported to GQL later) - [ ] ~"frontend-weight::2" Create expandable container component (likely under `ee/app/assets/javascripts/security_configuration/sast/components`) - See [internal discussion](https://gitlab.slack.com/archives/C0GQHHPGW/p1593535076466100) on this. - [ ] ~"frontend-weight::2" Create `AnalyzersConfiguration` component - Uses the expand/collapse component - Receives `analyzers` configuration from GQL query as a prop - emits an `input` event with updated deep copy of `analyzers` prop, with changes applied - [ ] ~"frontend-weight::3" Consume `AnalyzersConfiguration` component in [`ConfigurationForm`](https://gitlab.com/gitlab-org/gitlab/blob/07047f1faa5906d737b856bdcc23fd77d0845c4b/ee/app/assets/javascripts/security_configuration/sast/components/configuration_form.vue) - Update `ConfigurationForm` to receive the analyzers configurations in addition to global + pipeline entities. Perhaps just the whole GQL response as-is? Perhaps rename `entities` prop to `sastCiConfiguration`, or `configuration`? - emits new copy of above prop with changes included - Update form submission logic to structure expected by ~backend (TBD) ~backend - [ ] ~"backend-weight::3" Read SAST template file and `.gitlab-ci.yml` files to decide whether analyzer is enabled. This [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/235878) will address this work. - [ ] ~"backend-weight::3" Read SAST template file and `.gitlab-ci.yml` files to get information about different variables at analyzer level. This [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/235880) will address this work. - [ ] ~"backend-weight::3" Store the information about analyzers in `.gitlab-ci.yml` file [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/235799) TBC @ssarka @rossfuhrman ## Relevant links: - 13.5 release post - [analyzers & existing config parsing](https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/64767) ### Release notes Release post items have been generated: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/64767
epic