Add DAST Profiles to Security Configuration page

Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/241263.

ee/app/assets/javascripts/security_configuration/components/app.vue

@@ -93,10 +93,9 @@ export default {
           thClass,
         },
         {
-          key: 'configured',
+          key: 'status',
           label: s__('SecurityConfiguration|Status'),
           thClass,
-          formatter: this.getStatusText,
         },
         {
           key: 'manage',
@@ -115,15 +114,6 @@ export default {
     },
   },
   methods: {
-    getStatusText(value) {
-      if (value) {
-        return this.autoDevopsEnabled
-          ? s__('SecurityConfiguration|Enabled with Auto DevOps')
-          : s__('SecurityConfiguration|Enabled');
-      }
-
-      return s__('SecurityConfiguration|Not enabled');
-    },
     dismissAutoDevopsAlert() {
       this.autoDevopsAlertDismissed = 'true';
     },

ee/app/assets/javascripts/security_configuration/components/manage_feature.vue

@@ -33,6 +33,9 @@ export default {
     canCreateSASTMergeRequest() {
       return Boolean(this.feature.type === 'sast' && this.createSastMergeRequestPath);
     },
+    canManageProfiles() {
+      return this.feature.type === 'dast_profiles';
+    },
     getFeatureDocumentationLinkLabel() {
       return sprintf(s__('SecurityConfiguration|Feature documentation for %{featureName}'), {
         featureName: this.feature.name,
@@ -44,7 +47,16 @@ export default {
 
 <template>
   <gl-button
-    v-if="canConfigureFeature && feature.configured"
+    v-if="canManageProfiles"
+    variant="success"
+    category="primary"
+    :href="feature.configuration_path"
+    data-testid="manageButton"
+    >{{ s__('SecurityConfiguration|Manage') }}</gl-button
+  >
+
+  <gl-button
+    v-else-if="canConfigureFeature && feature.configured"
     :href="feature.configuration_path"
     data-testid="configureButton"
     >{{ s__('SecurityConfiguration|Configure') }}</gl-button

ee/app/presenters/projects/security/configuration_presenter.rb

@@ -12,6 +12,7 @@ module Projects
       SCAN_DOCS = {
         container_scanning: 'user/application_security/container_scanning/index',
         dast: 'user/application_security/dast/index',
+        dast_profiles: 'user/application_security/dast/index',
         dependency_scanning: 'user/application_security/dependency_scanning/index',
         license_management: 'user/compliance/license_compliance/index',
         license_scanning: 'user/compliance/license_compliance/index',
@@ -24,6 +25,7 @@ module Projects
         {
           container_scanning: _('Check your Docker images for known vulnerabilities.'),
           dast: _('Analyze a review version of your web application.'),
+          dast_profiles: _('Saved scan settings and target site settings which are reusable.'),
           dependency_scanning: _('Analyze your dependencies for known vulnerabilities.'),
           license_management: _('Search your project dependencies for their licenses and apply policies.'),
           license_scanning: _('Search your project dependencies for their licenses and apply policies.'),
@@ -37,6 +39,7 @@ module Projects
         {
           container_scanning: _('Container Scanning'),
           dast: _('Dynamic Application Security Testing (DAST)'),
+          dast_profiles: _('DAST Profiles'),
           dependency_scanning: _('Dependency Scanning'),
           license_management: 'License Management',
           license_scanning: _('License Compliance'),
@@ -93,14 +96,16 @@ module Projects
       def features
         scans = scan_types.map do |scan_type|
           if scanner_enabled?(scan_type)
-            scan(scan_type, configured: true)
+            scan(scan_type, configured: true, status: auto_devops_source? ? s_('SecurityConfiguration|Enabled with Auto DevOps') : s_('SecurityConfiguration|Enabled'))
           else
-            scan(scan_type, configured: false)
+            scan(scan_type, configured: false, status: s_('SecurityConfiguration|Not enabled'))
           end
         end
 
         # TODO: remove this line with #8912
         license_compliance_substitute(scans)
+
+        dast_profiles_insert(scans)
       end
 
       def latest_pipeline_path
@@ -122,16 +127,29 @@ module Projects
         if license_compliance_config
           scans.map do |scan_type|
             scan_type[:configured] = true if scan_type[:name] == _('License Compliance')
+            scan_type[:status] = s_('SecurityConfiguration|Enabled') if scan_type[:name] == _('License Compliance')
           end
         end
 
         scans
       end
 
-      def scan(type, configured: false)
+      # DAST On-demand scans is a static (non job) entry.  Add it manually following DAST
+      def dast_profiles_insert(scans)
+        index = scans.index { |scan| scan[:name] == localized_scan_names[:dast] }
+
+        unless index.nil?
+          scans.insert(index + 1, scan(:dast_profiles, configured: true, status: s_('SecurityConfiguration|Available for on-demand DAST')))
+        end
+
+        scans
+      end
+
+      def scan(type, configured: false, status:)
         {
           type: type,
           configured: configured,
+          status: status,
           description: self.class.localized_scan_descriptions[type],
           link: help_page_path(SCAN_DOCS[type]),
           configuration_path: configuration_path(type),
@@ -153,7 +171,8 @@ module Projects
 
       def configuration_path(type)
         {
-          sast: project_security_configuration_sast_path(project)
+          sast: project_security_configuration_sast_path(project),
+          dast_profiles: project_profiles_path(project)
         }[type]
       end
     end

ee/changelogs/unreleased/241263-dast-ondemand-configure-link.yml

+---
+title: On-demand scans item on Security & Compliance configuration page
+merge_request: 40474
+author:
+type: added

ee/spec/controllers/projects/security/configuration_controller_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe Projects::Security::ConfigurationController do
       it 'responds in json format when requested' do
         get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
 
-        types = %w(sast dast dependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning)
+        types = %w(sast dast dast_profiles dependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning)
 
         expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['features'].map { |f| f['type'] }).to match_array(types)

ee/spec/frontend/security_configuration/components/app_spec.js

@@ -184,7 +184,10 @@ describe('Security Configuration App', () => {
 
     describe('given a feature enabled by Auto DevOps', () => {
       it('displays the expected status text', () => {
-        const features = generateFeatures(1, { configured: true });
+        const features = generateFeatures(1, {
+          configured: true,
+          status: 'Enabled with Auto DevOps',
+        });
 
         createComponent({ propsData: { features, autoDevopsEnabled: true } });
 

ee/spec/frontend/security_configuration/components/helpers.js

@@ -6,6 +6,7 @@ export const generateFeatures = (n, overrides = {}) => {
     link: `link-feature-${i}`,
     configuration_path: i % 2 ? `configuration_path-${i}` : null,
     configured: i % 2 === 0,
+    status: i % 2 === 0 ? 'Enabled' : 'Not enabled',
     ...overrides,
   }));
 };

ee/spec/frontend/security_configuration/components/manage_feature_spec.js

@@ -86,6 +86,22 @@ describe('ManageFeature component', () => {
     });
   });
 
+  describe('given a feature with type "dast-profiles"', () => {
+    beforeEach(() => {
+      [feature] = generateFeatures(1, { type: 'dast_profiles', configuration_path: 'foo' });
+
+      createComponent({
+        propsData: { feature, autoDevopsEnabled: true },
+      });
+    });
+
+    it('shows the DAST Profiles manage button', () => {
+      const button = findTestId('manageButton');
+      expect(button.exists()).toBe(true);
+      expect(button.attributes('href')).toBe(feature.configuration_path);
+    });
+  });
+
   describe('given a feature type that is not "sast"', () => {
     beforeEach(() => {
       [feature] = generateFeatures(1, { type: 'something_that_is_not_sast' });

ee/spec/presenters/projects/security/configuration_presenter_spec.rb

@@ -61,13 +61,14 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
 
       it 'reports that all scanners are configured for which latest pipeline has builds' do
         expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
-          security_scan(:dast, configured: true),
-          security_scan(:sast, configured: true),
-          security_scan(:container_scanning, configured: false),
-          security_scan(:dependency_scanning, configured: false),
-          security_scan(:license_scanning, configured: false),
-          security_scan(:secret_detection, configured: true),
-          security_scan(:coverage_fuzzing, configured: false)
+          security_scan(:dast, configured: true, auto_dev_ops_enabled: true),
+          security_scan(:dast_profiles, configured: true, auto_dev_ops_enabled: true),
+          security_scan(:sast, configured: true, auto_dev_ops_enabled: true),
+          security_scan(:container_scanning, configured: false, auto_dev_ops_enabled: true),
+          security_scan(:dependency_scanning, configured: false, auto_dev_ops_enabled: true),
+          security_scan(:license_scanning, configured: false, auto_dev_ops_enabled: true),
+          security_scan(:secret_detection, configured: true, auto_dev_ops_enabled: true),
+          security_scan(:coverage_fuzzing, configured: false, auto_dev_ops_enabled: true)
         )
       end
     end
@@ -84,6 +85,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
       it 'reports all security jobs as unconfigured' do
         expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
           security_scan(:dast, configured: false),
+          security_scan(:dast_profiles, configured: true),
           security_scan(:sast, configured: false),
           security_scan(:container_scanning, configured: false),
           security_scan(:dependency_scanning, configured: false),
@@ -113,6 +115,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
       it 'uses the latest default branch pipeline to determine whether a security job is configured' do
         expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
           security_scan(:dast, configured: true),
+          security_scan(:dast_profiles, configured: true),
           security_scan(:sast, configured: true),
           security_scan(:container_scanning, configured: false),
           security_scan(:dependency_scanning, configured: false),
@@ -129,6 +132,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
 
         expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
           security_scan(:dast, configured: false),
+          security_scan(:dast_profiles, configured: true),
           security_scan(:sast, configured: true),
           security_scan(:container_scanning, configured: false),
           security_scan(:dependency_scanning, configured: false),
@@ -151,6 +155,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
 
         expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
           security_scan(:dast, configured: false),
+          security_scan(:dast_profiles, configured: true),
           security_scan(:sast, configured: true),
           security_scan(:container_scanning, configured: false),
           security_scan(:dependency_scanning, configured: false),
@@ -165,6 +170,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
 
         expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
           security_scan(:dast, configured: true),
+          security_scan(:dast_profiles, configured: true),
           security_scan(:sast, configured: true),
           security_scan(:container_scanning, configured: false),
           security_scan(:dependency_scanning, configured: false),
@@ -222,16 +228,41 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
     end
   end
 
-  def security_scan(type, configured:)
-    configuration_path = project_security_configuration_sast_path(project) if type == :sast
+  def security_scan(type, configured:, auto_dev_ops_enabled: false)
+    configuration_path = configuration_path(type)
+
+    status_str = scan_status(type, configured, auto_dev_ops_enabled)
 
     {
       "type" => type.to_s,
       "configured" => configured,
+      "status" => status_str,
       "description" => described_class.localized_scan_descriptions[type],
       "link" => help_page_path(described_class::SCAN_DOCS[type]),
       "configuration_path" => configuration_path,
       "name" => described_class.localized_scan_names[type]
     }
   end
+
+  def configuration_path(type)
+    if type === :dast_profiles
+      project_profiles_path(project)
+    elsif type === :sast
+      project_security_configuration_sast_path(project)
+    else
+      nil
+    end
+  end
+
+  def scan_status(type, configured, auto_dev_ops_enabled)
+    if type == :dast_profiles
+      "Available for on-demand DAST"
+    elsif configured && auto_dev_ops_enabled
+      "Enabled with Auto DevOps"
+    elsif configured
+      "Enabled"
+    else
+      "Not enabled"
+    end
+  end
 end

locale/gitlab.pot

@@ -7707,6 +7707,9 @@ msgstr ""
 msgid "DAG visualization requires at least 3 dependent jobs."
 msgstr ""
 
+msgid "DAST Profiles"
+msgstr ""
+
 msgid "DNS"
 msgstr ""
 
@@ -21487,6 +21490,9 @@ msgstr ""
 msgid "Save variables"
 msgstr ""
 
+msgid "Saved scan settings and target site settings which are reusable."
+msgstr ""
+
 msgid "Saving"
 msgstr ""
 
@@ -21822,6 +21828,9 @@ msgstr ""
 msgid "SecurityConfiguration|An error occurred while creating the merge request."
 msgstr ""
 
+msgid "SecurityConfiguration|Available for on-demand DAST"
+msgstr ""
+
 msgid "SecurityConfiguration|Configure"
 msgstr ""