Render Discover link for `Security & Compliance`

Changelog: fixed
EE: true

ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb

@@ -11,6 +11,7 @@ module EE
           def configure_menu_items
             return false unless can?(context.current_user, :access_security_and_compliance, context.project)
 
+            add_item(discover_project_security_menu_item)
             add_item(security_dashboard_menu_item)
             add_item(vulnerability_report_menu_item)
             add_item(on_demand_scans_menu_item)
@@ -26,17 +27,12 @@ module EE
 
           override :link
           def link
-            return project_security_discover_path(context.project) unless has_items?
+            return discover_project_security_menu_item.link if discover_project_security_menu_item.render?
             return security_dashboard_menu_item.link if security_dashboard_menu_item.render?
             return audit_events_menu_item.link if audit_events_menu_item.render?
             return dependencies_menu_item.link if dependencies_menu_item.render?
 
-            renderable_items.first.link
-          end
-
-          override :render?
-          def render?
-            super || context.show_discover_project_security
+            renderable_items.first&.link
           end
 
           private
@@ -60,6 +56,21 @@ module EE
               (context.project.licensed_feature_available?(:security_dashboard) && can?(context.current_user, :read_project_security_dashboard, context.project))
           end
 
+          def discover_project_security_menu_item
+            strong_memoize(:discover_project_security_menu_item) do
+              unless context.show_discover_project_security
+                next ::Sidebars::NilMenuItem.new(item_id: :discover_project_security)
+              end
+
+              ::Sidebars::MenuItem.new(
+                title: _('Discover'),
+                link: project_security_discover_path(context.project),
+                active_routes: { path: 'projects/security/discover#show' },
+                item_id: :discover_project_security
+              )
+            end
+          end
+
           def security_dashboard_menu_item
             strong_memoize(:security_dashboard_menu_item) do
               unless can?(context.current_user, :read_project_security_dashboard, context.project)

ee/spec/lib/ee/sidebars/projects/menus/security_compliance_menu_spec.rb

@@ -10,44 +10,44 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
   let(:show_discover_project_security) { true }
   let(:context) { Sidebars::Projects::Context.new(current_user: user, container: project, show_promotions: show_promotions, show_discover_project_security: show_discover_project_security) }
 
-  subject { described_class.new(context) }
+  subject(:menu) { described_class.new(context) }
 
   describe 'render?' do
-    context 'when user can access security and compliance' do
-      it 'returns true' do
-        expect(subject.render?).to eq true
-      end
-    end
+    subject { menu.render? }
 
-    context 'when user cannot access security and compliance' do
+    context 'when user is not authenticated' do
       let(:user) { nil }
 
-      context 'when show discover project security is enabled' do
-        it 'returns true' do
-          expect(subject.render?).to eq true
+      it { is_expected.to be_falsey }
+    end
+
+    context 'when user is authenticated' do
+      context 'when the Security & Compliance is disabled' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :access_security_and_compliance, project).and_return(false)
         end
-      end
 
-      context 'when show discover project security is disabled' do
-        let(:show_discover_project_security) { false }
+        it { is_expected.to be_falsey }
+      end
 
-        it 'returns false' do
-          expect(subject.render?).to eq false
-        end
+      context 'when the Security & Compliance is not disabled' do
+        it { is_expected.to be_truthy }
       end
     end
   end
 
   describe '#link' do
     let(:show_promotions) { false }
+    let(:show_discover_project_security) { false }
 
     using RSpec::Parameterized::TableSyntax
 
-    where(:security_dashboard_feature, :audit_events_feature, :dependency_scanning_feature, :expected_link) do
-      true  | true  | true  | "/-/security/dashboard"
-      false | true  | true  | "/-/audit_events"
-      false | false | true  | "/-/dependencies"
-      false | false | false | "/-/security/configuration"
+    where(:security_dashboard_feature, :audit_events_feature, :dependency_scanning_feature, :show_discover_project_security, :expected_link) do
+      true  | true  | true  | false | "/-/security/dashboard"
+      false | true  | true  | false | "/-/audit_events"
+      false | false | true  | false | "/-/dependencies"
+      false | false | true  | true  | "/-/security/discover"
+      false | false | false | false | "/-/security/configuration"
     end
 
     with_them do
@@ -61,9 +61,9 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
     context 'when no security menu item and show promotions' do
       let(:user) { nil }
 
-      it 'returns the link to the discover security path', :aggregate_failures do
+      it 'returns nil', :aggregate_failures do
         expect(subject.renderable_items).to be_empty
-        expect(subject.link).to eq("/#{project.full_path}/-/security/discover")
+        expect(subject.link).to be_nil
       end
     end
   end
@@ -94,6 +94,20 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
       end
     end
 
+    describe 'Discover Security & Compliance' do
+      let(:item_id) { :discover_project_security }
+
+      context 'when show_discover_project_security is true' do
+        it { is_expected.not_to be_nil }
+      end
+
+      context 'when show_discover_project_security is not true' do
+        let(:show_discover_project_security) { false }
+
+        it { is_expected.to be_nil }
+      end
+    end
+
     describe 'Security Dashboard' do
       let(:item_id) { :dashboard }
 

ee/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb

@@ -181,7 +181,7 @@ RSpec.describe 'layouts/nav/sidebar/_project' do
   end
 
   describe 'Security and Compliance' do
-    describe 'when user does not have permissions' do
+    context 'when user does not have permissions' do
       before do
         allow(view).to receive(:current_user).and_return(nil)
       end
@@ -191,16 +191,6 @@ RSpec.describe 'layouts/nav/sidebar/_project' do
 
         expect(rendered).not_to have_link('Security & Compliance', href: project_security_dashboard_index_path(project))
       end
-
-      context 'when user can see discover project security' do
-        it 'top level navigation link is visible and pointing to that page' do
-          allow(view).to receive(:show_discover_project_security?).and_return(true)
-
-          render
-
-          expect(rendered).to have_link('Security & Compliance', href: project_security_discover_path(project))
-        end
-      end
     end
 
     context 'when user has permissions' do

locale/gitlab.pot

@@ -11579,6 +11579,9 @@ msgstr ""
 msgid "DiscordService|Send notifications about project events to a Discord channel."
 msgstr ""
 
+msgid "Discover"
+msgstr ""
+
 msgid "Discover GitLab Geo"
 msgstr ""