User awareness of projects with vulnerability-check

Problem to solve

Context: we currently have the Vulnerability-Check at the project level. This will disallow a merge request if a Critical, high, or unknown severity vulnerability is detected (regardless of dismissal). Issue part of: &3202 (closed)

Problem: the feature is not visible in the UI, unless activated, therefore it’s hard to know if the project is set up with the check. #31922 (closed) and #213707 (closed) aim to help surface the check for configuration and developer awareness. If a user wanted to set up the check across multiple projects, they would need to do so project-to-project vs being able to select multiple projects to apply the rule to. Even if they set up the rule across multiple projects, there is no overview of what projects have the rule enabled (again would need to be project-to-project).

Intended users

User experience goal

Allow users to see across multiple projects, which are configured with the Vulnerability-check.

Proposal

Display at the group (or instance?) level what projects have the Vulnerability-check rule enabled.
Provide a link to settings where the user may configure the feature

Further details

Issue part of introducing group-level security check: &3202 (closed)

Permissions and Security

...

Documentation

Availability & Testing

...

What does success look like, and how can we measure that?

Can the user identify which projects have Vulnerability-check enabled?
Can the user find where to identify which projects are enabled (info-architecture of awareness UI)

What is the type of buyer?

GitLab Ultimate

Is this a cross-stage feature?

This a cross-stage feature for devopssecure as it is related to the scanning results of all but license scan. Additionally, it will affect the merge request experience, configuration page, and vulnerability management ~"devops::defend"