Adding best practices for setting up, configuring, and rolling out security scanners to our documentation
Purpose
The purpose of this issue is three-fold:
- Have a discussion around how and where in our documentation to add guidance on setting up, configuring, and rolling out security scanners. Identify where in our documentation this information should live - separately in each scanner section? One section dedicated to the set up, configuration, and roll-out plans for security scanners?
- COMPLETE: This MR establishes a new structure for organizing "getting -started" content
- Plan and divide up the work
- Track progress and organize reviews by our technical writing counterpart and members of the field team
As we complete each item the description of this issue will evolve and we will cross the item off.
Draft of documentation structure
We have 5 main scanners that we need to create enablement material for:
- Secret Detection
- SAST
- Dependency Scanning
- Container Scanning\
- DAST
- API Security
For each scanners, we need to have a page or a section on the following topics. These pages might already exist. If so, we want to locate that content, make sure that it is up-to-date and then complete it, and put it in the right location based on the information design we decide on.
- Description of the type of scanning, what it does, and who is a good fit for it
- Getting started with the scanner
- Scanner configuration options
- Understanding your scanner results
- Rule tuning & Optimization
- Roll-out guidelines for different architectures and customer sizes
- FAQ
Edited by Sarah Waldner