With a git repo that contains multiple projects with the same language, I would like for each of those projects to be scanned for security issues, So that I can use the [monorepo](https://en.wikipedia.org/wiki/Monorepo) pattern while still gaining the benefit of GitLab's security scanners. I think the main issue that would need to be solved would be to add support for finding multiple projects in https://gitlab.com/gitlab-org/security-products/analyzers/common ### Problem to solve Improve support for scanning repos with multiple projects in the same language ### Intended users * [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer) ### Further details For certain languages we scan all applicable files; i.e. checking for the presence of `**/*.py`. Other languages instead rely on a special project file to detect the base directory and run the scan. - `brakeman` looks for `application.rb` and scans location as first applicable project - `spotbugs` does not support inheritance https://gitlab.com/gitlab-org/gitlab/-/issues/24076 ### Proposal A. Automatically scan all applicable projects within a repo *OR* B. Provide improved documentation on how to configure scanners to scan distinct projects within a single repository ### Permissions and Security No change to permissions ### What does success look like, and how can we measure that? Better out-of-the-box scanning of monorepos ### What is the type of buyer? gitlab~3207279 ### Links / references ### Release notes https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/70002