Enable sast_configuration_ui feature flag

This enables the [SAST Configuration UI][1] by default, and adds
documentation for it.

Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/231357.

[1]: https://gitlab.com/groups/gitlab-org/-/epics/3659

doc/user/application_security/configuration/index.md

@@ -24,6 +24,13 @@ NOTE: **Note:**
 If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
 all security features will be configured by default.
 
+## SAST Configuration
+
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
+
+For projects that do not already have a `.gitlab-ci.yml` file,
+[configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
+
 ## Limitations
 
 It is not yet possible to enable or disable most features using the

doc/user/application_security/index.md

@@ -45,6 +45,12 @@ To add Container Scanning, follow the steps listed in the [Container Scanning do
 
 To further configure any of the other scanners, refer to each scanner's documentation.
 
+### SAST configuration
+
+You can set up and configure Static Application Security Testing
+(SAST) for your project, without opening a text editor. For more details,
+see [configure SAST in the UI](sast/index.md#configure-sast-in-the-ui).
+
 ### Override the default registry base address
 
 By default, GitLab security scanners use `registry.gitlab.com/gitlab-org/security-products/analyzers` as the

doc/user/application_security/sast/index.md

@@ -24,6 +24,8 @@ You can take advantage of SAST by doing one of the following:
 - [Including the SAST template](#configuration) in your existing `.gitlab-ci.yml` file.
 - Implicitly using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate) provided by
   [Auto DevOps](../../../topics/autodevops/index.md).
+- Using the [SAST Configuration tool](#configure-sast-in-the-ui) to create the necessary
+  `.gitlab-ci.yml` file for you.
 
 GitLab checks the SAST report, compares the found vulnerabilities between the
 source and target branches.
@@ -151,6 +153,19 @@ The results will be saved as a
 that you can later download and analyze. Due to implementation limitations, we
 always take the latest SAST artifact available.
 
+### Configure SAST in the UI
+
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
+
+For projects that do not already have a `.gitlab-ci.yml` file, the above
+configuration can also be achieved by using the **SAST Configuration** tool.
+
+1. Navigate to **Security & Compliance > Configuration**.
+1. Click **Enable** on the Static Application Security Testing (SAST)
+row.
+
+A merge request is created, containing the necessary changes for you to review and merge.
+
 ### Customizing the SAST settings
 
 The SAST settings can be changed through [environment variables](#available-variables)

ee/app/controllers/projects/security/configuration_controller.rb

@@ -9,7 +9,7 @@ module Projects
 
       before_action only: [:show] do
         push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
-        push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: false)
+        push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: true)
       end
 
       before_action only: [:auto_fix] do

ee/app/controllers/projects/security/sast_configuration_controller.rb

@@ -31,7 +31,7 @@ module Projects
       private
 
       def ensure_sast_configuration_enabled!
-        not_found unless ::Feature.enabled?(:sast_configuration_ui, project)
+        not_found unless ::Feature.enabled?(:sast_configuration_ui, project, default_enabled: true)
       end
     end
   end

ee/changelogs/unreleased/231357-enable-sast_configuration_ui-feature-flag-by-default.yml

+---
+title: Add SAST Configuration UI
+merge_request: 39085
+author:
+type: added