<!-- The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator and this video: https://www.youtube.com/watch?v=rfn9ebgTwKg. The next four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended in your first draft, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. --> ### Release notes Users with access to the Security Configuration page who do not yet have Dependency Scanning enabled can now enable it by clicking "Enable via MR". This will create and/or update your pipeline yml file to add the default Dependency Scanning template. This will make it easier for you to quickly add Dependency Scanning into your project adding an additional layer of security to your standard development workflow. https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/85841 ### Design Design issue: https://gitlab.com/gitlab-org/gitlab/-/issues/243568 ### Decisions #### GraphQL ##### `configureDependencyScanning` mutation This is the mutation that will be called by the frontend for the backend to create the MR and respond with its URL. It is based on the [`configureSast`](https://gitlab.com/gitlab-org/gitlab/-/blob/0d75eede3f6bfdea40828e1a78d958817241adb2/app/assets/javascripts/security_configuration/graphql/configure_sast.mutation.graphql) for the sake of consistency. The main difference being that `configureSast` accepts an `Input` payload as it deals with a full-blown configuration form, while `configureDependencyScanning` only accepts the project's `fullPath` at the moment. In the future, we might want to extend this mutation with more input fields if we end up building a configuration form similar to SAST. ```graphql mutation configureDependencyScanning($input: ConfigureDependencyScanningInput!) { configureDependencyScanning(input: $input) { successPath errors } } ```