diff --git a/app/assets/javascripts/security_configuration/components/app.vue b/app/assets/javascripts/security_configuration/components/app.vue
index 7048e5b8b60baad122435d47614814502324dc7a..00e35adc8f267b26f31a7d39d0f94562e34dfb82 100644
--- a/app/assets/javascripts/security_configuration/components/app.vue
+++ b/app/assets/javascripts/security_configuration/components/app.vue
@@ -1,5 +1,14 @@
 <script>
-import { GlTab, GlTabs, GlSprintf, GlLink, GlAlert, GlButton, GlExperimentBadge } from '@gitlab/ui';
+import {
+  GlTab,
+  GlTabs,
+  GlSprintf,
+  GlLink,
+  GlAlert,
+  GlButton,
+  GlExperimentBadge,
+  GlBadge,
+} from '@gitlab/ui';
 import Api from '~/api';
 import LocalStorageSync from '~/vue_shared/components/local_storage_sync.vue';
 import UserCalloutDismisser from '~/vue_shared/components/user_callout_dismisser.vue';
@@ -25,6 +34,7 @@ import PipelineSecretDetectionFeatureCard from './pipeline_secret_detection_feat
 import SecretPushProtectionFeatureCard from './secret_push_protection_feature_card.vue';
 import TrainingProviderList from './training_provider_list.vue';
 import RefTrackingList from './ref_tracking_list.vue';
+import ScannerProfileConfiguration from './scan_profiles/scanner_profile_configuration.vue';
 
 export default {
   i18n,
@@ -43,6 +53,7 @@ export default {
     GlSprintf,
     GlTab,
     GlTabs,
+    GlBadge,
     LocalStorageSync,
     SectionLayout,
     GlButton,
@@ -52,6 +63,7 @@ export default {
     UserCalloutDismisser,
     TrainingProviderList,
     RefTrackingList,
+    ScannerProfileConfiguration,
     ContainerScanningForRegistryFeatureCard: () =>
       import(
         'ee_component/security_configuration/components/container_scanning_for_registry_feature_card.vue'
@@ -138,8 +150,6 @@ export default {
       );
     },
     trackedRefsHelpPagePath() {
-      // Once the help page content is available, we can use the anchor to link to the specific section
-      // See issue: https://gitlab.com/gitlab-org/gitlab/-/issues/578081
       return helpPagePath('user/application_security/vulnerability_report/_index.md');
     },
   },
@@ -176,6 +186,9 @@ export default {
         Api.trackRedisHllUserEvent(SERVICE_PING_SECURITY_CONFIGURATION_THREAT_MANAGEMENT_VISIT);
       }
     },
+    handleApplyProfile() {
+      // console.log('Apply profile for scanner:', scanner);
+    },
   },
   autoDevopsEnabledAlertStorageKey: AUTO_DEVOPS_ENABLED_ALERT_DISMISSED_STORAGE_KEY,
 };
@@ -233,6 +246,25 @@ export default {
           @dismiss="dismissAutoDevopsEnabledAlert"
         />
 
+        <section-layout stacked class="gl-border-b-0" :heading="$options.i18n.securityProfiles">
+          <template #heading>
+            <div class="gl-display-flex gl-align-items-center">
+              <span>{{ $options.i18n.securityProfiles }}</span>
+              <gl-badge variant="info" class="gl-ml-3">
+                {{ __('Recommended') }}
+              </gl-badge>
+            </div>
+          </template>
+          <template #description>
+            <p>
+              {{ $options.i18n.securityProfilesDesc }}
+            </p>
+          </template>
+          <template #features>
+            <scanner-profile-configuration @apply-profile="handleApplyProfile" />
+          </template>
+        </section-layout>
+
         <section-layout stacked class="gl-border-b-0" :heading="$options.i18n.securityTesting">
           <template #description>
             <p>
diff --git a/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_profile_configuration.vue b/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_profile_configuration.vue
new file mode 100644
index 0000000000000000000000000000000000000000..4e9c445595def2068c8becb09d606a389ad3cf41
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_profile_configuration.vue
@@ -0,0 +1,283 @@
+<script>
+import { GlTable, GlButton, GlIcon, GlAlert, GlTooltipDirective } from '@gitlab/ui';
+import { __ } from '~/locale';
+
+import availableProfilesQuery from '../../graphql/scan_profiles/group_available_security_scan_profiles.query.graphql';
+import projectProfilesQuery from '../../graphql/scan_profiles/project_security_scan_profiles.query.graphql';
+import attachMutation from '../../graphql/scan_profiles/security_scan_profile_attach.mutation.graphql';
+import detachMutation from '../../graphql/scan_profiles/security_scan_profile_detach.mutation.graphql';
+import ScannerProfileModal from './scanner_profile_modal.vue';
+
+export default {
+  name: 'ScannerProfileConfiguration',
+
+  components: {
+    GlTable,
+    GlButton,
+    GlIcon,
+    GlAlert,
+    ScannerProfileModal,
+  },
+
+  directives: { GlTooltip: GlTooltipDirective },
+
+  inject: ['projectFullPath', 'groupFullPath'],
+
+  data() {
+    return {
+      alertMessage: '',
+      busy: false,
+
+      modalVisible: false,
+      modalProfileId: null,
+
+      fields: [
+        { key: 'scanner', label: __('Scanner') },
+        { key: 'profile', label: __('Profile') },
+        { key: 'status', label: __('Status') },
+        { key: 'lastScan', label: __('Last scan') },
+        { key: 'actions', label: '' },
+      ],
+
+      scanners: [
+        {
+          id: 'secret-detection',
+          scannerCode: 'SD',
+          scannerName: __('Secret Push Protection'),
+          scannerTooltip: __('Prevents secrets from being pushed to your repository'),
+          profile: __('No profile applied'),
+          statusIcon: 'close',
+          statusText: __('Not configured'),
+          statusDescription: __('Apply profile to enable'),
+          lastScan: '—',
+          showApplyButton: true,
+          attachedProfileId: null,
+        },
+      ],
+
+      availableProfiles: [],
+      attachedProfiles: [],
+    };
+  },
+
+  apollo: {
+    availableProfiles: {
+      query: availableProfilesQuery,
+      variables() {
+        return { fullPath: this.groupFullPath, type: 'SECRET_DETECTION' };
+      },
+      update: (data) => data.group.availableSecurityScanProfiles || [],
+    },
+
+    attachedProfiles: {
+      query: projectProfilesQuery,
+      variables() {
+        return { fullPath: this.projectFullPath };
+      },
+      update: (data) => data.project.securityScanProfiles || [],
+      result() {
+        this.syncScannerState();
+      },
+    },
+  },
+
+  methods: {
+    syncScannerState() {
+      const profile = this.attachedProfiles[0];
+      const scanner = this.scanners[0];
+
+      if (profile) {
+        scanner.profile = profile.name;
+        scanner.attachedProfileId = profile.id;
+        scanner.statusIcon = 'check-circle-filled';
+        scanner.statusText = __('Configured');
+        scanner.statusDescription = __('Profile applied');
+        scanner.showApplyButton = false;
+      } else {
+        scanner.profile = __('No profile applied');
+        scanner.attachedProfileId = null;
+        scanner.statusIcon = 'close';
+        scanner.statusText = __('Not configured');
+        scanner.statusDescription = __('Apply profile to enable');
+        scanner.showApplyButton = true;
+      }
+    },
+
+    findDefaultProfileId() {
+      const profiles = this.availableProfiles;
+
+      const userDefined = profiles.find((p) => !p.gitlabRecommended);
+      if (userDefined) return userDefined.id;
+
+      const recommended = profiles.find((p) => p.gitlabRecommended);
+      return recommended?.id || 'gid://gitlab/Security::ScanProfile/secret_detection';
+    },
+
+    async handleApplyProfile() {
+      this.busy = true;
+      try {
+        const defaultId = this.findDefaultProfileId();
+
+        const projectId = this.$apollo.queries.attachedProfiles?.data?.project?.id;
+
+        await this.$apollo.mutate({
+          mutation: attachMutation,
+          variables: {
+            input: {
+              securityScanProfileId: defaultId,
+              projectIds: [projectId],
+            },
+          },
+          refetchQueries: [
+            {
+              query: projectProfilesQuery,
+              variables: { fullPath: this.projectFullPath },
+            },
+          ],
+        });
+      } finally {
+        this.busy = false;
+      }
+    },
+
+    async detachProfile() {
+      this.busy = true;
+      try {
+        const profileId = this.scanners[0].attachedProfileId;
+        const projectId = this.$apollo.queries.attachedProfiles.data.project.id;
+
+        await this.$apollo.mutate({
+          mutation: detachMutation,
+          variables: {
+            input: {
+              securityScanProfileId: profileId,
+              projectIds: [projectId],
+            },
+          },
+          refetchQueries: [
+            {
+              query: projectProfilesQuery,
+              variables: { fullPath: this.projectFullPath },
+            },
+          ],
+        });
+      } finally {
+        this.busy = false;
+      }
+    },
+
+    openProfile() {
+      this.modalProfileId = this.scanners[0].attachedProfileId;
+      this.modalVisible = true;
+    },
+  },
+};
+</script>
+
+<template>
+  <div>
+    <gl-table :items="scanners" :fields="fields" stacked="sm">
+      <template #head(profile)="data">
+        <div class="gl-display-flex gl-align-items-center">
+          <span>{{ data.label }}</span>
+          <gl-icon
+            v-gl-tooltip
+            name="information-o"
+            :title="__('Profiles define scanner configurations')"
+            class="gl-ml-2"
+          />
+        </div>
+      </template>
+
+      <template #cell(scanner)="{ item }">
+        <div class="gl-display-flex gl-align-items-center">
+          <div
+            class="gl-display-flex gl-align-items-center gl-justify-content-center gl-border gl-mr-3 gl-rounded-base gl-p-2"
+            style="width: 32px; height: 32px"
+          >
+            <span class="gl-font-weight-bold gl-font-sm">{{ item.scannerCode }}</span>
+          </div>
+          <span class="gl-font-weight-bold">{{ item.scannerName }}</span>
+          <gl-icon v-gl-tooltip name="information-o" :title="item.scannerTooltip" class="gl-ml-2" />
+        </div>
+      </template>
+
+      <template #cell(profile)="{ item }">
+        <span>{{ item.profile }}</span>
+
+        <gl-button
+          v-if="item.attachedProfileId"
+          icon="eye"
+          category="tertiary"
+          size="small"
+          :aria-label="__(`View profile`)"
+          class="gl-ml-2"
+          @click="openProfile(item)"
+        />
+      </template>
+
+      <template #cell(status)="{ item }">
+        <div>
+          <div class="gl-display-flex gl-align-items-center gl-mb-2">
+            <gl-icon :name="item.statusIcon" class="gl-mr-2 gl-text-red-500" />
+            <span>{{ item.statusText }}</span>
+          </div>
+          <div class="gl-font-sm gl-text-secondary">
+            {{ item.statusDescription }}
+          </div>
+        </div>
+      </template>
+
+      <template #cell(lastScan)="{ item }">
+        <span>{{ item.lastScan }}</span>
+      </template>
+
+      <template #cell(actions)="{ item }">
+        <div class="gl-display-flex gl-align-items-center gl-gap-3">
+          <!-- Apply -->
+          <gl-button
+            v-if="item.showApplyButton"
+            variant="confirm"
+            category="secondary"
+            size="small"
+            icon="check-circle"
+            :disabled="busy"
+            @click="handleApplyProfile(item)"
+          >
+            {{ __('Apply default profile') }}
+          </gl-button>
+
+          <!-- Detach -->
+          <gl-button
+            v-else
+            variant="danger"
+            category="secondary"
+            size="small"
+            icon="close"
+            :disabled="busy"
+            @click="detachProfile(item)"
+          >
+            {{ __('Detach') }}
+          </gl-button>
+
+          <!-- Preview profile (eye icon) -->
+          <gl-button
+            category="secondary"
+            size="small"
+            icon="eye"
+            aria-label="Preview profile"
+            class="gl-ml-1"
+            @click="openProfile(item)"
+          />
+        </div>
+      </template>
+    </gl-table>
+
+    <scanner-profile-modal
+      v-if="modalVisible"
+      :profile-id="modalProfileId"
+      :visible="modalVisible"
+      @close="modalVisible = false"
+    />
+  </div>
+</template>
diff --git a/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_profile_modal.vue b/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_profile_modal.vue
new file mode 100644
index 0000000000000000000000000000000000000000..27ed4952df4acafa899329ac33b559531426d6e9
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_profile_modal.vue
@@ -0,0 +1,78 @@
+<script>
+import { GlModal, GlBadge, GlIcon } from '@gitlab/ui';
+import { __, s__ } from '~/locale';
+import queryProfile from '../../graphql/scan_profiles/security_scan_profile.client.query.graphql';
+
+export default {
+  name: 'ScannerProfileModal',
+  props: {
+    profileId: {
+      type: String,
+      required: false,
+    },
+    visible: {
+      type: Boolean,
+      required: true,
+    },
+  },
+
+  components: {
+    GlModal,
+    GlBadge,
+    GlIcon,
+  },
+  data() {
+    return {
+      profile: {},
+    };
+  },
+  apollo: {
+    profile: {
+      query: queryProfile,
+      variables() {
+        return { id: this.profileId };
+      },
+      skip() {
+        return !this.profileId;
+      },
+    },
+  },
+
+  watch: {
+    visible(val) {
+      if (val && this.profileId) {
+        this.$apollo.queries.profile.refetch();
+      }
+    },
+  },
+
+  methods: {
+    close() {
+      this.$emit('close');
+    },
+  },
+};
+</script>
+
+<template>
+  <gl-modal :visible="visible" @close="close" size="lg">
+    <template #modal-title>
+      {{ profile?.name }}
+    </template>
+
+    <div class="gl-mb-4">
+      <div class="gl-font-weight-bold gl-mb-2">Description</div>
+      <div>{{ profile?.description }}</div>
+    </div>
+
+    <div class="gl-mb-4">
+      <div class="gl-font-weight-bold gl-mb-2">Analyzer type</div>
+      <div>{{ profile?.scanType }}</div>
+    </div>
+
+    <div class="gl-mb-4">
+      <div class="gl-font-weight-bold gl-mb-2">Triggers</div>
+      <div v-for="t in profile?.triggers || []" :key="t.type">• {{ t.description }}</div>
+    </div>
+  </gl-modal>
+</template>
diff --git a/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_row.vue b/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_row.vue
new file mode 100644
index 0000000000000000000000000000000000000000..7541fbd19e011d094c3c21275ed42475cc453dd6
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/components/scan_profiles/scanner_row.vue
@@ -0,0 +1,88 @@
+<script>
+import { GlButton, GlIcon, GlBadge, GlLoadingIcon } from '@gitlab/ui';
+
+export default {
+  name: 'ScannerRow',
+  props: {
+    item: { type: Object, required: true },
+    busy: { type: Boolean, required: true },
+  },
+
+  components: {
+    GlButton,
+    GlIcon,
+    GlBadge,
+    GlLoadingIcon,
+  },
+
+  emits: ['attach', 'detach', 'viewProfile'],
+
+  methods: {
+    onAttach() {
+      this.$emit('attach', this.item);
+    },
+    onDetach() {
+      this.$emit('detach', this.item);
+    },
+    onView() {
+      this.$emit('viewProfile', this.item.attachedProfileId);
+    },
+  },
+};
+</script>
+
+<template>
+  <tr>
+    <td>
+      <div class="gl-display-flex gl-align-items-center">
+        <div class="gl-border gl-mr-3 gl-rounded-base gl-p-2" style="width: 32px; height: 32px">
+          {{ item.scannerCode }}
+        </div>
+        <strong>{{ item.scannerName }}</strong>
+        <gl-icon v-gl-tooltip name="information-o" class="gl-ml-2" :title="item.scannerTooltip" />
+      </div>
+    </td>
+
+    <td>
+      <span>{{ item.profileLabel }}</span>
+      <gl-icon
+        v-if="item.isConfigured"
+        name="eye"
+        class="gl-ml-2 gl-cursor-pointer"
+        @click="onView"
+      />
+    </td>
+
+    <td>
+      <gl-badge :variant="item.statusVariant">{{ item.statusText }}</gl-badge>
+    </td>
+
+    <td>{{ item.lastScan }}</td>
+
+    <td>
+      <gl-button
+        v-if="!item.isConfigured"
+        variant="confirm"
+        category="secondary"
+        size="small"
+        :disabled="busy"
+        @click="onAttach"
+      >
+        <gl-loading-icon v-if="busy" inline class="gl-mr-2" />
+        Apply default profile
+      </gl-button>
+
+      <gl-button
+        v-else
+        variant="danger"
+        category="secondary"
+        size="small"
+        :disabled="busy"
+        @click="onDetach"
+      >
+        <gl-loading-icon v-if="busy" inline class="gl-mr-2" />
+        Detach
+      </gl-button>
+    </td>
+  </tr>
+</template>
diff --git a/app/assets/javascripts/security_configuration/components/scanner_profile_configuration.vue b/app/assets/javascripts/security_configuration/components/scanner_profile_configuration.vue
new file mode 100644
index 0000000000000000000000000000000000000000..f7a7c4bf1a44fffb897b85ab0e9e9792147231a9
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/components/scanner_profile_configuration.vue
@@ -0,0 +1,124 @@
+<script>
+import { GlTable, GlButton, GlIcon } from '@gitlab/ui';
+import { __ } from '~/locale';
+
+export default {
+  name: 'ScannerProfileConfiguration',
+  components: {
+    GlTable,
+    GlButton,
+    GlIcon,
+  },
+  inject: ['projectFullPath'],
+  emits: ['apply-profile'],
+  data() {
+    return {
+      fields: [
+        {
+          key: 'scanner',
+          label: __('Scanner'),
+        },
+        {
+          key: 'profile',
+          label: __('Profile'),
+        },
+        {
+          key: 'status',
+          label: __('Status'),
+        },
+        {
+          key: 'lastScan',
+          label: __('Last scan'),
+        },
+        {
+          key: 'actions',
+          label: '',
+        },
+      ],
+      scanners: [
+        {
+          id: 'secret-push-protection',
+          scannerCode: 'SD',
+          scannerName: __('Secret Push Protection'),
+          scannerTooltip: __('Prevents secrets from being pushed to your repository'),
+          profile: __('No profile applied'),
+          statusIcon: 'close',
+          statusText: __('Not configured'),
+          statusDescription: __('Apply profile to enable'),
+          lastScan: '—',
+          showApplyButton: true,
+        },
+      ],
+    };
+  },
+  methods: {
+    handleApplyProfile(scanner) {
+      this.$emit('apply-profile', scanner);
+    },
+  },
+};
+</script>
+
+<template>
+  <div>
+    <gl-table :items="scanners" :fields="fields" stacked="sm">
+      <template #head(profile)="data">
+        <div class="gl-display-flex gl-align-items-center">
+          <span>{{ data.label }}</span>
+          <gl-icon
+            v-gl-tooltip
+            name="information-o"
+            :title="__('Profiles define scanner configurations')"
+            class="gl-ml-2"
+          />
+        </div>
+      </template>
+
+      <template #cell(scanner)="{ item }">
+        <div class="gl-display-flex gl-align-items-center">
+          <div
+            class="gl-display-flex gl-align-items-center gl-justify-content-center gl-border gl-mr-3 gl-rounded-base gl-p-2"
+            style="width: 32px; height: 32px"
+          >
+            <span class="gl-font-weight-bold gl-font-sm">{{ item.scannerCode }}</span>
+          </div>
+          <span class="gl-font-weight-bold">{{ item.scannerName }}</span>
+          <gl-icon v-gl-tooltip name="information-o" :title="item.scannerTooltip" class="gl-ml-2" />
+        </div>
+      </template>
+
+      <template #cell(profile)="{ item }">
+        <span>{{ item.profile }}</span>
+      </template>
+
+      <template #cell(status)="{ item }">
+        <div>
+          <div class="gl-display-flex gl-align-items-center gl-mb-2">
+            <gl-icon :name="item.statusIcon" class="gl-mr-2 gl-text-red-500" />
+            <span>{{ item.statusText }}</span>
+          </div>
+          <div class="gl-font-sm gl-text-secondary">
+            {{ item.statusDescription }}
+          </div>
+        </div>
+      </template>
+
+      <template #cell(lastScan)="{ item }">
+        <span>{{ item.lastScan }}</span>
+      </template>
+
+      <template #cell(actions)="{ item }">
+        <gl-button
+          v-if="item.showApplyButton"
+          variant="confirm"
+          category="secondary"
+          size="small"
+          icon="eye"
+          @click="handleApplyProfile(item)"
+        >
+          {{ __('Apply default profile') }}
+        </gl-button>
+      </template>
+    </gl-table>
+  </div>
+</template>
diff --git a/app/assets/javascripts/security_configuration/constants.js b/app/assets/javascripts/security_configuration/constants.js
index 23666abad34bb74c930ab8dff8e91a689ae8ba24..861839f96bfee0480a0f115d840f1f674b4d0fa5 100644
--- a/app/assets/javascripts/security_configuration/constants.js
+++ b/app/assets/javascripts/security_configuration/constants.js
@@ -165,4 +165,8 @@ export const i18n = {
     'SecurityConfiguration|Enable security training to help your developers learn how to fix vulnerabilities. Developers can view security training from selected educational providers, relevant to the detected vulnerability. Please note that security training is not accessible in an environment that is offline.',
   ),
   securityTrainingDoc: s__('SecurityConfiguration|Learn more about vulnerability training'),
+  securityProfiles: s__('SecurityConfiguration|Profile-based scanner configuration'),
+  securityProfilesDesc: s__(
+    'SecurityConfiguration|Define security settings once, reuse them everywhere. Update a profile and changes automatically apply to every project using it, ensuring consistent, predictable security coverage with minimal effort.',
+  ),
 };
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/group_available_security_scan_profiles.query.graphql b/app/assets/javascripts/security_configuration/graphql/scan_profiles/group_available_security_scan_profiles.query.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..f29dae27de9c832e0f57e18929b71f09b6daf61d
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/group_available_security_scan_profiles.query.graphql
@@ -0,0 +1,11 @@
+query GroupAvailableSecurityScanProfiles($fullPath: ID!, $type: SecurityScanProfileType) {
+  group(fullPath: $fullPath) {
+    id
+    name
+    availableSecurityScanProfiles(type: $type) {
+      ...ScanProfileFields
+    }
+  }
+}
+
+#import "./scan_profile.fragment.graphql"
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/project_security_scan_profiles.query.graphql b/app/assets/javascripts/security_configuration/graphql/scan_profiles/project_security_scan_profiles.query.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..446b422ef27177a3df81468ba0ebd3ef48b24796
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/project_security_scan_profiles.query.graphql
@@ -0,0 +1,11 @@
+query ProjectSecurityScanProfiles($fullPath: ID!) {
+  project(fullPath: $fullPath) {
+    id
+    name
+    securityScanProfiles {
+      ...ScanProfileFields
+    }
+  }
+}
+
+#import "./scan_profile.fragment.graphql"
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/resolvers.js b/app/assets/javascripts/security_configuration/graphql/scan_profiles/resolvers.js
new file mode 100644
index 0000000000000000000000000000000000000000..09ef3a4ef1f633da18ea14ba08b7bcc01d6003c4
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/resolvers.js
@@ -0,0 +1,150 @@
+const mockDB = {
+  groups: {}, // groupPath → available profiles
+  projects: {}, // projectPath → attached profiles
+  profileStore: {}, // profileId → profile data
+};
+
+/**
+ * Utility: build default template profile
+ */
+function buildTemplateProfile(scanType) {
+  if (scanType === 'SECRET_DETECTION') {
+    return {
+      id: 'gid://gitlab/Security::ScanProfile/secret_detection',
+      name: 'Secret Push Protection (default)',
+      description:
+        'GitLab recommended baseline protection using industry standard detection rules.',
+      scanType: 'SECRET_DETECTION',
+      gitlabRecommended: true,
+      triggers: [
+        {
+          type: 'default',
+          description: 'Runs on push events',
+        },
+      ],
+      projects: [],
+      __typename: 'ScanProfileType',
+    };
+  }
+
+  return null;
+}
+
+/**
+ * Utility: ensure a group has an available profiles list
+ */
+function ensureGroup(groupPath) {
+  if (!mockDB.groups[groupPath]) {
+    mockDB.groups[groupPath] = {
+      available: [buildTemplateProfile('SECRET_DETECTION')],
+    };
+  }
+  return mockDB.groups[groupPath];
+}
+
+/**
+ * Utility: ensure a project entry exists
+ */
+function ensureProject(projectPath) {
+  if (!mockDB.projects[projectPath]) {
+    mockDB.projects[projectPath] = {
+      attached: [], // list of profile IDs
+    };
+  }
+  return mockDB.projects[projectPath];
+}
+
+export default {
+  Query: {
+    /**
+     * Returns the list of available scan profiles for a group.
+     */
+    group(_, { fullPath }) {
+      const group = ensureGroup(fullPath);
+      return {
+        id: `gid://gitlab/Group/${fullPath}`,
+        name: fullPath,
+        availableSecurityScanProfiles: group.available,
+        __typename: 'Group',
+      };
+    },
+
+    /**
+     * Returns the list of attached profiles for a project.
+     */
+    project(_, { fullPath }) {
+      const project = ensureProject(fullPath);
+
+      const profiles = project.attached.map((id) => mockDB.profileStore[id]).filter(Boolean);
+
+      return {
+        id: `gid://gitlab/Project/${fullPath}`,
+        fullPath,
+        name: fullPath,
+        securityScanProfiles: profiles,
+        __typename: 'Project',
+      };
+    },
+
+    /**
+     * Resolve a profile by ID
+     */
+    securityScanProfile(_, { id }) {
+      return mockDB.profileStore[id] || buildTemplateProfile('SECRET_DETECTION');
+    },
+  },
+
+  Mutation: {
+    /**
+     * Attach profile to a list of projects
+     */
+    securityScanProfileAttach(_, { input }) {
+      const { projectIds = [], securityScanProfileId } = input;
+
+      // Ensure profile exists in store, otherwise clone the default template
+      if (!mockDB.profileStore[securityScanProfileId]) {
+        const crafted = {
+          ...buildTemplateProfile('SECRET_DETECTION'),
+          id: `gid://gitlab/Security::ScanProfile/${Math.floor(Math.random() * 99999)}`,
+          gitlabRecommended: true,
+        };
+        mockDB.profileStore[crafted.id] = crafted;
+      }
+
+      const profile =
+        mockDB.profileStore[securityScanProfileId] ||
+        mockDB.profileStore[Object.keys(mockDB.profileStore)[0]];
+
+      projectIds.forEach((pid) => {
+        const project = ensureProject(pid);
+        if (!project.attached.includes(profile.id)) {
+          project.attached.push(profile.id);
+        }
+      });
+
+      return {
+        errors: [],
+        clientMutationId: input.clientMutationId || null,
+        __typename: 'SecurityScanProfileAttachPayload',
+      };
+    },
+
+    /**
+     * Detach profile from projects
+     */
+    securityScanProfileDetach(_, { input }) {
+      const { projectIds = [], securityScanProfileId } = input;
+
+      projectIds.forEach((pid) => {
+        const project = ensureProject(pid);
+        project.attached = project.attached.filter((id) => id !== securityScanProfileId);
+      });
+
+      return {
+        errors: [],
+        clientMutationId: input.clientMutationId || null,
+        __typename: 'SecurityScanProfileDetachPayload',
+      };
+    },
+  },
+};
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/scan_profile.fragment.graphql b/app/assets/javascripts/security_configuration/graphql/scan_profiles/scan_profile.fragment.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..734d35283ebe7e19381292f6eac93fab2fb8a584
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/scan_profile.fragment.graphql
@@ -0,0 +1,7 @@
+fragment ScanProfileFields on ScanProfileType {
+  id
+  name
+  description
+  scanType
+  gitlabRecommended
+}
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile.client.query.graphql b/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile.client.query.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..184b441965fc1ead5458735f9391a5cbd28a4887
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile.client.query.graphql
@@ -0,0 +1,7 @@
+query SecurityScanProfile($id: SecurityScanProfileID!) {
+  securityScanProfile(id: $id) @client {
+    ...ScanProfileFields
+  }
+}
+
+#import "./scan_profile.fragment.graphql"
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile_attach.mutation.graphql b/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile_attach.mutation.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..b7efaf608f853b6da6dc54775a194e18a8ec5dc3
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile_attach.mutation.graphql
@@ -0,0 +1,17 @@
+mutation SecurityScanProfileAttach($input: SecurityScanProfileAttachInput!) {
+  securityScanProfileAttach(input: $input) @client {
+    clientMutationId
+    errors
+  }
+}
+
+#import "./scan_profile.fragment.graphql"
+
+#Example
+#{
+#  "input": {
+#    "securityScanProfileId": "gid://gitlab/Security::ScanProfile/secret_detection",
+#    "projectIds": ["gid://gitlab/Project/19"],
+#    "groupIds": []
+#  }
+#}
diff --git a/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile_detach.mutation.graphql b/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile_detach.mutation.graphql
new file mode 100644
index 0000000000000000000000000000000000000000..170ad34bb53fcc35a455d0cb98f7b4342fbd905a
--- /dev/null
+++ b/app/assets/javascripts/security_configuration/graphql/scan_profiles/security_scan_profile_detach.mutation.graphql
@@ -0,0 +1,16 @@
+mutation SecurityScanProfileDetach($input: SecurityScanProfileDetachInput!) {
+  securityScanProfileDetach(input: $input) @client {
+    clientMutationId
+    errors
+  }
+}
+
+#import "./scan_profile.fragment.graphql"
+
+#Example
+#{
+#  "input": {
+#    "securityScanProfileId": "gid://gitlab/Security::ScanProfile/1",
+#    "projectIds": ["gid://gitlab/Project/19"]
+#  }
+#}
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index ea52711dad2bdeda48190684073558a6643bb545..65a4cd0ddec0b7375fb582f4dcc8660b06df4d42 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -9102,6 +9102,12 @@ msgstr ""
 msgid "Apply a template"
 msgstr ""
 
+msgid "Apply default profile"
+msgstr ""
+
+msgid "Apply profile to enable"
+msgstr ""
+
 msgid "Apply selected attributes to projects (keeps existing attributes)"
 msgstr ""
 
@@ -44374,6 +44380,9 @@ msgstr ""
 msgid "No prioritized labels yet!"
 msgstr ""
 
+msgid "No profile applied"
+msgstr ""
+
 msgid "No project found"
 msgstr ""
 
@@ -44557,6 +44566,9 @@ msgstr ""
 msgid "Not confidential"
 msgstr ""
 
+msgid "Not configured"
+msgstr ""
+
 msgid "Not enabled"
 msgstr ""
 
@@ -50697,6 +50709,9 @@ msgstr ""
 msgid "Prevent users from performing write operations while GitLab maintenance is in progress."
 msgstr ""
 
+msgid "Prevents secrets from being pushed to your repository"
+msgstr ""
+
 msgid "Preview"
 msgstr ""
 
@@ -51090,6 +51105,9 @@ msgstr ""
 msgid "ProfileSession|on"
 msgstr ""
 
+msgid "Profiles define scanner configurations"
+msgstr ""
+
 msgid "ProfilesAuthentication|Add a passkey to sign in securely with your trusted device. %{link_start}Learn more about passkeys%{link_end}."
 msgstr ""
 
@@ -54883,6 +54901,9 @@ msgstr ""
 msgid "Recently viewed"
 msgstr ""
 
+msgid "Recommended"
+msgstr ""
+
 msgid "Recommended. Permanently delete an item:"
 msgstr ""
 
@@ -59216,6 +59237,9 @@ msgstr ""
 msgid "Secret Detection"
 msgstr ""
 
+msgid "Secret Push Protection"
+msgstr ""
+
 msgid "Secret detection"
 msgstr ""
 
@@ -59915,6 +59939,9 @@ msgstr ""
 msgid "SecurityConfiguration|Customize common SAST settings to suit your requirements. Configuration changes made here override those provided by GitLab and are excluded from updates. For details of more advanced configuration options, see the %{linkStart}GitLab SAST documentation%{linkEnd}."
 msgstr ""
 
+msgid "SecurityConfiguration|Define security settings once, reuse them everywhere. Update a profile and changes automatically apply to every project using it, ensuring consistent, predictable security coverage with minimal effort."
+msgstr ""
+
 msgid "SecurityConfiguration|Enable %{feature}"
 msgstr ""
 
@@ -59960,6 +59987,9 @@ msgstr ""
 msgid "SecurityConfiguration|Once you've enabled a scan for the default branch, any subsequent feature branch you create will include the scan. An enabled scanner will not be reflected as such until the pipeline has been successfully executed and it has generated valid artifacts."
 msgstr ""
 
+msgid "SecurityConfiguration|Profile-based scanner configuration"
+msgstr ""
+
 msgid "SecurityConfiguration|Quickly enable all continuous testing and compliance tools by enabling %{linkStart}Auto DevOps%{linkEnd}"
 msgstr ""