Display License Compliance enable/configuration status at group level
Problem to solve
Setting up license scanning, viewing 3rd party license scan results, and creating policies for enforcement can only be done at the project level. There is no group or instance level awareness of license compliance across multiple projects or the ability to enforce an organization’s policies.
If an organization wanted to apply license compliance rules across all their projects (or multiple), the user would need to 1) individually configure each project with license scanning, and 2) add company policies to each project one-by-one (if a policy changes, this would need to be repeated to update). This is a significant set-up burden on an organization and there are policy loopholes at the project level (overrides can be made by project maintainers).
Intended users
- Individuals at organizes that are accountable for compliance
- Delaney (Development Team Lead)
- Sam (Security Analyst)
Further details
In future iterations, the group level could be a unified section to
- Provide an overview of license compliance settings across projects
- Create policies and conditional rules to apply to projects
- Ensure policies enforcement on projects, per group created rules
- Show what/where/when projects are out of compliance
- Display license scanning results per project (for auditing)
- Ability to export audit results for multiple projects
This is a foundational MVC issue to build on: it addresses the main dependency which is whether a project is or is not being scanned for licenses (proper configuration). The above goals may change as we learn more from customer feedback.
Proposal
- Identify information architecture of the new section
- Display projects in the group and whether they are configured with license scanning
- If a project is configured: link to the respected project’s LC >
detected
andpolicies
section - If a project is not configured: link to the projects configuration page or directly to the documentation for setup instructions
- Provide link the project’s policies section, so the user may create/add/edit policies
Copy question: tab is Configured
and Not configured
or other?
Permissions and Security
- UI can be viewed by all users
Documentation
...
Availability & Testing
...
What does success look like, and how can we measure that?
- Can the user find the group license compliance section (info-architecture)?
- Does the user understand what projects have license compliance?
- Does the user understand how to set up license scanning for projects?
- If the user wanted to create a policy toward a project, do they know how? (from the group UI, linking to the project LC)
What is the type of buyer?
Implementation Plan
Backend
-
Provide side panel data for list page: #225805 (closed)