Docs: Add change notice for AST MR pipeline support

0fe3fb31 · Connor Gilbert · GitLab · 1aaa1a7c · 0fe3fb31 · 0fe3fb31
--- a/data/deprecations/17-9-ast-mr-pipelines.yml
+++ b/data/deprecations/17-9-ast-mr-pipelines.yml
+- title: "API Discovery will use branch pipelines by default"
+  removal_milestone: "18.0"
+  announcement_milestone: "17.9"
+  breaking_change: true
+  window: 1
+  reporter: connorgilbert
+  stage: application_security_testing
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/515487
+  # Impact calculation: https://gitlab-com.gitlab.io/gl-infra/breaking-change-impact-calculator/?usage=edge_case&migration_complexity=minor_manual&scope=group_project_inheriting&identification_complexity=automatable&additional_complexity=no&base_impact=minor&pipeline_impact=none&compliance_impact=minor&availability_impact=none&authorization_impact=none&API_impact=none
+  # Scope is assigned because this can be set in a project, but also can be configured at higher levels via CI/CD variable inheritance.
+  impact: low
+  scope: project
+  resolution_role: Developer
+  manual_task: true
+  body: |  # (required) Don't change this line.
+    In GitLab 18.0, we'll update the default behavior of the CI/CD template for API Discovery (`API-Discovery.gitlab-ci.yml`).
+
+    Before GitLab 18.0, this template configures jobs to run in [merge request (MR) pipelines](https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html) by default when an MR is open.
+    Starting in GitLab 18.0, we'll align this template's behavior with the behavior of the [Stable template editions](https://docs.gitlab.com/ee/user/application_security/detect/roll_out_security_scanning.html#template-editions) for other AST scanners:
+
+    - By default, the template will run scan jobs in branch pipelines.
+    - You'll be able to set the CI/CD variable `AST_ENABLE_MR_PIPELINES: true` to use MR pipelines instead when an MR is open. The implementation of this new variable is tracked in [issue 410880](https://gitlab.com/gitlab-org/gitlab/-/issues/410880).
+  documentation_url: https://docs.gitlab.com/ee/user/application_security/detect/roll_out_security_scanning.html#use-security-scanning-tools-with-merge-request-pipelines
--- a/doc/update/breaking_windows.md
+++ b/doc/update/breaking_windows.md
@@ -45,6 +45,7 @@ This window takes place on April 21 - 23, 2025 from 09:00 UTC to 22:00 UTC.
 | [Workspaces `editor` GraphQL field is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/508155) | Low | Create | Project |
 | [Enforce keyset pagination on audit event API](https://gitlab.com/gitlab-org/gitlab/-/issues/382338) | Low | Software supply chain security | Instance, group, project |
 | [Fix typo in user profile visibility updated audit event type](https://gitlab.com/gitlab-org/gitlab/-/issues/474386) | Low | Software supply chain security | Instance |
+| [API Discovery will use branch pipelines by default](https://gitlab.com/gitlab-org/gitlab/-/issues/515487) | Low | Application_security_testing | Project |
 | [Container Scanning default severity threshold set to `medium`](https://gitlab.com/gitlab-org/gitlab/-/issues/515358) | Low | Application security testing | Project |
 | [Subscription related API endpoints in the public API are deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/515371#note_2319368251) | Low | Fulfillment | Instance |
 | [`maxHoursBeforeTermination` GraphQL field is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/509787) | Low | Create | Project |

--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -345,6 +345,28 @@ This is one small step towards moving away from CI/CD templates in preference of

 <div class="deprecation breaking-change" data-milestone="18.0">

+### API Discovery will use branch pipelines by default
+
+<div class="deprecation-notes">
+
+- Announced in GitLab <span class="milestone">17.9</span>
+- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/515487).
+
+</div>
+
+In GitLab 18.0, we'll update the default behavior of the CI/CD template for API Discovery (`API-Discovery.gitlab-ci.yml`).
+
+Before GitLab 18.0, this template configures jobs to run in [merge request (MR) pipelines](https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html) by default when an MR is open.
+Starting in GitLab 18.0, we'll align this template's behavior with the behavior of the [Stable template editions](https://docs.gitlab.com/ee/user/application_security/detect/roll_out_security_scanning.html#template-editions) for other AST scanners:
+
+- By default, the template will run scan jobs in branch pipelines.
+- You'll be able to set the CI/CD variable `AST_ENABLE_MR_PIPELINES: true` to use MR pipelines instead when an MR is open. The implementation of this new variable is tracked in [issue 410880](https://gitlab.com/gitlab-org/gitlab/-/issues/410880).
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="18.0">
+
 ### Amazon S3 Signature Version 2

 <div class="deprecation-notes">