<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> ## Problem to Solve Provide UI to easily configure the SAST wide settings rather than directly editing a CI file. ### Details * Render the [JSON format](https://gitlab.com/gitlab-org/gitlab/-/issues/220576) for any detected CI file. * If no CI file is detected set the default values for our [SAST CI file](https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml). ### Cases | Auto DevOps off | Auto DevOps on | | ------ | ------ | | ensure we setup the include to vendored SAST template | ensure we setup the include to vendored ADO template | | [SAST.gitlab-ci.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) | [auto-devops.gitlab-ci.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml) | Design is latest from https://gitlab.com/gitlab-org/gitlab/-/issues/228830#note_379242038:  ## Implementation Plan ~frontend All implemented behind the `sast_configuration_ui` feature (development) flag. Total weight (ignoring tech discovery): 18. This seems high; I think there'll be overlap between some of these, and/or some have been over-estimated, and some was already done during %13.2. - [x] ~"frontend-weight::5" Technical discovery - https://gitlab.com/gitlab-org/gitlab/-/issues/223759 - [x] ~"frontend-weight::2" Add basic page/route/controller - https://gitlab.com/gitlab-org/gitlab/-/issues/225973 - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/34947 - [x] ~"frontend-weight::2" Add scaffolding/boilerplate/shell Vue app - https://gitlab.com/gitlab-org/gitlab/-/issues/225974 - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35866 - [x] ~"frontend-weight::3" Add form control components (to be orchestrated by container component) - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37812 - https://gitlab.com/gitlab-org/gitlab/-/issues/225224 - [x] ~"frontend-weight::3" Add dynamic form container component - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38162 - https://gitlab.com/gitlab-org/gitlab/-/issues/231370 - [-] ~"frontend-weight::3" ~~Add analyzer components (to be orchestrated by container component)~~ - ~~Expandable section~~ - ~~Toggleable analyzer row~~ - This will happen in %13.4 or later; the [MVC does not include the analyzers section](https://gitlab.com/gitlab-org/gitlab/-/issues/228830#note_379242038). - [x] ~"frontend-weight::3" Add GraphQL query/boilerplate (possibly using `@client` if backend not ready yet), and feed response into dynamic form container component/analyzer component(s) - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38318 - https://gitlab.com/gitlab-org/gitlab/-/issues/231372 - [x] ~"frontend-weight::3" Add form submission behaviour - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38480 - https://gitlab.com/gitlab-org/gitlab/-/issues/223879 - While a GraphQL mutation will in theory be built for this in 13.3, the REST endpoint will still be available. The REST endpoint is what we _should_ use in %13.3, because it already exists. See https://gitlab.com/gitlab-org/gitlab/-/issues/227465#note_382448102. - Data structure: flat, or mirroring query response? - [ ] ~"frontend-weight::2" Update Security Configuration page to link to SAST Configuration UI rather than directly create merge request. - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38810 - https://gitlab.com/gitlab-org/gitlab/-/issues/231373 - This will require some ~backend work, although a small enough amount that perhaps ~frontend could take a stab at and fix up in review? Some details: https://gitlab.com/gitlab-org/gitlab/-/issues/227575#note_378452790 - Should address feature flag oddity https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36432#note_378601193. Basically, remove the ` except: [:create]`. - [ ] ~"frontend-weight::2" Add History button - https://gitlab.com/gitlab-org/gitlab/-/issues/220578 - This _might_ not be needed in %13.3? See https://gitlab.com/gitlab-org/gitlab/-/issues/220578#note_384389102. - [ ] ~"frontend-weight::2" Remove or enable-by-default feature flag + ~documentation - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39085 - https://gitlab.com/gitlab-org/gitlab/-/issues/231357 ~backend 1. GraphQL query endpoint gitlab#223757 1. GraphQL mutation endpoint