Enable or disable security scans.

[shochdoerfer]

Fixes #555. A new field enableSecurityScan is introduced which allows to enable or disable the security scans of a package. It's turned on by default and can only be changed by editing the package information. I felt it might be good to not offer to set the flag when adding a new package. If you feel this should be added, let me know.

When the enableSecurityScan field is set to false, the package details view will look like this - the status "Scan disabled" is also displayed in the package overview:

The package edit form looks like this:

[codecov[bot]]

Codecov Report

Merging #575 (4097446) into master (c0f2e0d) will decrease coverage by 0.04%. The diff coverage is 91.89%.

@@             Coverage Diff              @@
##             master     #575      +/-   ##
============================================
- Coverage     99.18%   99.14%   -0.05%     
- Complexity     1903     1910       +7     
============================================
  Files           301      301              
  Lines          6041     6072      +31     
============================================
+ Hits           5992     6020      +28     
- Misses           49       52       +3     

Impacted Files	Coverage Δ
src/MessageHandler/Security/ScanPackageHandler.php	90.00% <50.00%> (-10.00%)	:arrow_down:
src/Entity/Organization/Package.php	96.69% <75.00%> (-1.57%)	:arrow_down:
src/Controller/Api/PackageController.php	98.29% <100.00%> (+<0.01%)	:arrow_up:
src/Controller/Organization/PackageController.php	100.00% <100.00%> (ø)
src/Form/Type/Api/EditPackageType.php	100.00% <100.00%> (ø)
src/Form/Type/Organization/EditPackageType.php	100.00% <100.00%> (ø)
src/Message/Organization/Package/Update.php	100.00% <100.00%> (ø)
...sageHandler/Organization/Package/UpdateHandler.php	100.00% <100.00%> (ø)
src/Query/Api/Model/Package.php	100.00% <100.00%> (ø)
src/Query/Api/PackageQuery/DbalPackageQuery.php	100.00% <100.00%> (ø)
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update c0f2e0d...4097446. Read the comment docs.

[xvilo]

We would like to see this on organizational level, is this something that can be added? At a quick glance this is not yet available with this PR

[shochdoerfer]

@xvilo sure, can do that. But to be honest, I would love to get approval first or even get the PR merged before tackling this.

Only the question would be what the setting on the org level would control, I see 2 options:

1. it just acts as a default value for the setting on the package level. When the setting gets changed on the org level, the setting of the org's packages won't be updated
2. once the setting on the org level gets changed, it would change the setting for all packages of the org

I think I would prefer option 1 but I'd leave the choice up to you ;)

[xvilo]

Would be great if you could add this (later) to a (new) PR! I guess it would be best to have it set as a default for all new packages and make them overridable in the package settings. However, I think it's a good feature to also allow bulk change of all packages in an org to enabled or disabled for example

[shochdoerfer]

@xvilo sure, happy to improve the product ;) Looks like 2 features then, one to define the default setting for new packages and one to run the bulk update. Sounds doable.

[shochdoerfer]

Is any support needed to get this merged?

[akondas]

Thanks :beers: