Security Row with SAST vuln count only + artifact downloads
This epic represents the next stage for https://gitlab.com/groups/gitlab-org/-/epics/4388, once https://gitlab.com/groups/gitlab-org/-/epics/4393 has been done. | MVC iteration (https://gitlab.com/groups/gitlab-org/-/epics/4393) | This epic's goal | | ------ | ------ | | ![MVC iteration of Core MR widget](https://gitlab.com/gitlab-org/gitlab/uploads/aed507bb5b5624f6c45844cfe1d36246/Screenshot_from_2020-10-07_19-40-37.png) | ![Target UI of this (and parent) epic](https://gitlab.com/groups/gitlab-org/-/uploads/7cc918dee42905d007421f91d5ad6037/image.png)<br>Updated colorized state: ![image](/uploads/07ab278b75cc460423b57ed3619c758a/image.png) | ## Implementation plan ~backend 1. [Expose download paths to security report artifacts](https://gitlab.com/gitlab-org/gitlab/-/issues/251015) 1. [Move the `enabled_reports` field from EE to CE](https://gitlab.com/gitlab-org/gitlab/-/issues/273424) (draft implementation: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43716) - This turned out to be trickier than it first appeared, since the Rails application still considers `sast` and `secret_detection` to be [EE Ultimate features](https://gitlab.com/gitlab-org/gitlab/blob/dd49c16a68a7ef29f82327ed5a7483e4d05444ee/ee/app/models/license.rb#L145-147) ~frontend 1. [Make the basic security MR widget available for Free users on `.com`, and Starter/Premium users on `.com`/self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/273205) 1. [Check all pipeline jobs for security artifacts in basic security MR widget](https://gitlab.com/gitlab-org/gitlab/-/issues/276440) 1. [Add dropdown for getting report artifacts](gitlab#249544), consuming GraphQL API implemented in https://gitlab.com/gitlab-org/gitlab/-/issues/251015 1. [Enable `mr_security_artifacts_downloads` feature flag by default](https://gitlab.com/gitlab-org/gitlab/-/issues/273413) 1. [Remove `mr_security_artifacts_downloads` feature flag](https://gitlab.com/gitlab-org/gitlab/-/issues/273418) 1. [Implement vulnerability counts](https://gitlab.com/gitlab-org/gitlab/-/issues/273423) 1. [Implement upgrade popover](https://gitlab.com/gitlab-org/gitlab/-/issues/273425) 1. [Consume `enabled_reports` from backend](https://gitlab.com/gitlab-org/gitlab/-/issues/273431) (blocked by https://gitlab.com/gitlab-org/gitlab/-/issues/273424) ### Release notes [13.5 release post](https://about.gitlab.com/releases/2020/10/22/gitlab-13-5-released/#improved-merge-request-experience-for-security-scans) 13.6 release post https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/67957
epic