Add latest changes from gitlab-org/gitlab@master

2 files changed, 101 insertions, 0 deletions

diff --git a/spec/lib/gitlab/security/scan_configuration_spec.rb b/spec/lib/gitlab/security/scan_configuration_spec.rb
index 9151db3c5ff..706f6664a41 100644
--- a/spec/lib/gitlab/security/scan_configuration_spec.rb
+++ b/spec/lib/gitlab/security/scan_configuration_spec.rb
@@ -86,4 +86,104 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do
       it { is_expected.to be_falsey }
     end
   end
+
+  describe '#security_features' do
+    subject { scan.security_features }
+
+    using RSpec::Parameterized::TableSyntax
+
+    where(:scan_type, :features_hash) do
+      :sast | { name: "Static Application Security Testing (SAST)",
+         short_name: "SAST",
+         description: "Analyze your source code for known vulnerabilities.",
+         help_path: "/help/user/application_security/sast/index",
+         config_help_path: "/help/user/application_security/sast/index#configuration",
+         type: "sast" }
+      :sast_iac | { name: "Infrastructure as Code (IaC) Scanning",
+        short_name: "ciReport|SAST IaC",
+        description: "Analyze your infrastructure as code configuration files for known vulnerabilities.",
+        help_path: "/help/user/application_security/iac_scanning/index",
+        config_help_path: "/help/user/application_security/iac_scanning/index#configuration",
+        type: "sast_iac" }
+      :dast | {
+        badge: { text: "Available on demand",
+                 tooltip_text: "On-demand scans run outside of the DevOps " \
+                               "cycle and find vulnerabilities in your projects",
+                 variant: "info" },
+        secondary: {
+          type: "dast_profiles",
+          name: "DAST profiles",
+          description: "SecurityConfiguration|Manage profiles for use by DAST scans.",
+          configuration_text: "SecurityConfiguration|Manage profiles"
+        },
+        name: "Dynamic Application Security Testing (DAST)",
+        short_name: "ciReport|DAST",
+        description: "ciReport|Analyze a deployed version of your web application for known " \
+                     "vulnerabilities by examining it from the outside in. DAST works by simulating " \
+                     "external attacks on your application while it is running.",
+        help_path: "/help/user/application_security/dast/index",
+        config_help_path: "/help/user/application_security/dast/index#enable-automatic-dast-run",
+        type: "dast",
+        anchor: "dast"
+      }
+      :dependency_scanning | { name: "Dependency Scanning",
+        description: "Analyze your dependencies for known vulnerabilities.",
+        help_path: "/help/user/application_security/dependency_scanning/index",
+        config_help_path: "/help/user/application_security/dependency_scanning/index#configuration",
+        type: "dependency_scanning",
+        anchor: "dependency-scanning" }
+      :container_scanning | { name: "Container Scanning",
+        description: "Check your Docker images for known vulnerabilities.",
+        help_path: "/help/user/application_security/container_scanning/index",
+        config_help_path: "/help/user/application_security/container_scanning/index#configuration",
+        type: "container_scanning" }
+      :secret_detection | { name: "Secret Detection",
+        description: "Analyze your source code and git history for secrets.",
+        help_path: "/help/user/application_security/secret_detection/index",
+        config_help_path: "/help/user/application_security/secret_detection/index#configuration",
+        type: "secret_detection" }
+      :api_fuzzing | { name: "API Fuzzing",
+        description: "Find bugs in your code with API fuzzing.",
+        help_path: "/help/user/application_security/api_fuzzing/index",
+        type: "api_fuzzing" }
+      :coverage_fuzzing | { name: "Coverage Fuzzing",
+        description: "Find bugs in your code with coverage-guided fuzzing.",
+        help_path: "/help/user/application_security/coverage_fuzzing/index",
+        config_help_path: "/help/user/application_security/coverage_fuzzing/index#enable-coverage-guided-fuzz-testing",
+        type: "coverage_fuzzing",
+        secondary: { type: "corpus_management",
+                     name: "Corpus Management",
+                     description: "SecurityConfiguration|Manage corpus files used as " \
+                                  "seed inputs with coverage-guided fuzzing.",
+                     configuration_text: "SecurityConfiguration|Manage corpus" } }
+      :breach_and_attack_simulation | { anchor: "bas",
+        badge: { always_display: true,
+                 text: "SecurityConfiguration|Incubating feature",
+                 tooltip_text: "SecurityConfiguration|Breach and Attack Simulation is an incubating feature " \
+                               "extending existing security " \
+                               "testing by simulating adversary activity.",
+                 variant: "info" },
+        description: "SecurityConfiguration|Simulate breach and attack scenarios against your running " \
+                     "application by attempting to detect " \
+                     "and exploit known vulnerabilities.",
+        name: "SecurityConfiguration|Breach and Attack Simulation (BAS)",
+        help_path: "/help/user/application_security/breach_and_attack_simulation/index",
+        secondary: { config_help_path: "/help/user/application_security/breach_and_attack_simulation/" \
+                                       "index#extend-dynamic-application-security-testing-dast",
+                     description: "SecurityConfiguration|Enable incubating Breach and " \
+                                  "Attack Simulation focused features " \
+                                  "such as callback attacks in your DAST scans.",
+                     name: "SecurityConfiguration|Out-of-Band Application Security Testing (OAST)" },
+        short_name: "SecurityConfiguration|BAS",
+        type: "breach_and_attack_simulation" }
+      :invalid | {}
+    end
+
+    with_them do
+      let(:type) { scan_type }
+      let(:configured) { true }
+
+      it { is_expected.to eq features_hash }
+    end
+  end
 end
diff --git a/spec/presenters/projects/security/configuration_presenter_spec.rb b/spec/presenters/projects/security/configuration_presenter_spec.rb
index fcd170dfd66..9f6efb08fb1 100644
--- a/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -88,6 +88,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter, feature_category: :so
         expect(feature['can_enable_by_merge_request']).to eq(true)
         expect(feature['meta_info_path']).to be_nil
         expect(feature['on_demand_available']).to eq(false)
+        expect(feature['security_features']).not_to be_empty
       end
 
       context 'when checking features configured status' do