Expose `missing_security_scan_types` attribute

Expose the `missing_security_scan_types` attribute which will carry the
information of scan types difference between `base_pipeline` and the
`actual_head_pipeline` of MRs on `MergeRequestPollCachedWidgetEntity`.

ee/app/presenters/ee/merge_request_presenter.rb

@@ -48,11 +48,20 @@ module EE
       expose_mr_approval_path? ? APPROVALS_WIDGET_FULL_TYPE : super
     end
 
+    def missing_security_scan_types
+      merge_request.missing_security_scan_types if present_missing_security_scan_types?
+    end
+
     private
 
     def expose_mr_approval_path?
       approval_feature_available? && merge_request.iid
     end
+
+    def present_missing_security_scan_types?
+      ::Feature.enabled?(:missing_mr_security_scan_types, project) &&
+        can?(current_user, :read_pipeline, merge_request.actual_head_pipeline)
+    end
   end
 end
 

ee/app/serializers/ee/merge_request_poll_cached_widget_entity.rb

@@ -12,6 +12,10 @@ module EE
       expose :policy_violation do |merge_request|
         presenter(merge_request).has_denied_policies?
       end
+
+      expose :missing_security_scan_types do |merge_request|
+        presenter(merge_request).missing_security_scan_types
+      end
     end
   end
 end

ee/spec/presenters/merge_request_presenter_spec.rb

@@ -106,4 +106,54 @@ RSpec.describe MergeRequestPresenter do
       end
     end
   end
+
+  describe '#missing_security_scan_types' do
+    let(:presenter) { described_class.new(merge_request, current_user: user) }
+    let(:pipeline) { instance_double(Ci::Pipeline) }
+
+    subject(:missing_security_scan_types) { presenter.missing_security_scan_types }
+
+    before do
+      stub_feature_flags(missing_mr_security_scan_types: missing_mr_security_scan_types_feature_enabled?)
+      allow(merge_request).to receive(:actual_head_pipeline).and_return(pipeline)
+      allow(presenter).to receive(:can?).with(user, :read_pipeline, pipeline).and_return(can_read_pipeline?)
+    end
+
+    context 'when the `missing_mr_security_scan_types` feature flag is not enabled' do
+      let(:missing_mr_security_scan_types_feature_enabled?) { false }
+
+      context 'when the `current_user` can not read the pipeline' do
+        let(:can_read_pipeline?) { false }
+
+        it { is_expected.to be_nil }
+      end
+
+      context 'when the `current_user` can read the pipeline' do
+        let(:can_read_pipeline?) { true }
+
+        it { is_expected.to be_nil }
+      end
+    end
+
+    context 'when the `missing_mr_security_scan_types` feature flag is enabled' do
+      let(:missing_mr_security_scan_types_feature_enabled?) { true }
+
+      context 'when the `current_user` can not read the pipeline' do
+        let(:can_read_pipeline?) { false }
+
+        it { is_expected.to be_nil }
+      end
+
+      context 'when the `current_user` can read the pipeline' do
+        let(:can_read_pipeline?) { true }
+        let(:missing_types) { %w(sast) }
+
+        before do
+          allow(merge_request).to receive(:missing_security_scan_types).and_return(missing_types)
+        end
+
+        it { is_expected.to eq(missing_types) }
+      end
+    end
+  end
 end

ee/spec/serializers/ee/merge_request_poll_cached_widget_entity_spec.rb

@@ -18,4 +18,8 @@ RSpec.describe MergeRequestPollCachedWidgetEntity do
   it 'includes policy violation status' do
     is_expected.to include(:policy_violation)
   end
+
+  it 'includes missing security scan types' do
+    is_expected.to include(:missing_security_scan_types)
+  end
 end