DAST Profile Library implementation - Iteration 2
Problem to solve
As a DAST user, I want a place where I can manage my DAST profiles, so that I can easily create, delete, edit, and view profiles used in my DAST scans.
Intended users
User experience goal
The user should be able to use the UI in the "Security & Compliance" => "Configuration" section to create Scanner profiles, delete Scanner profiles, edit Scanner profiles, see a list of Scanner profiles, and edit Site profiles.
Proposal
Iteration 2 scope:
- Create Scanner profile
- Delete Scanner profile
- View created Scanner profiles
- Edit Scanner profiles
- Edit Site profiles
- Flow 1(Figma file): user goes to On-demand scan when there is already scan created before
- a user clicks on "Manage profiles" and the
- In the manage profile area: user can create either scanner profile and site profiles
- In the manage profile area: user can delete either scanner profile and site profiles
- In the manage profile area: user can edit either scanner profile and site profiles
- Flow 2(Figma file): user goes to the setting area
- a user clicks on "On-demand Manage profiles"
- In the manage profile area: user can create either scanner profile and site profiles
- In the manage profile area: user can delete either scanner profile and site profiles
- In the manage profile area: user can edit either scanner profile and site profiles
There should be a way for users to see "Profile Library" link/button from the Configuration page on the DAST row. This link should take them to a page that has a list of profiles that they have created, separated by profile type (i.e. scan vs. site) and a "Create profile" button per profile type.
Further details
Permissions and Security
Developer, maintainer, and owner roles should have access to create and delete profiles. The other roles should have access to see the list of profiles created.
Documentation
The DAST docs about configuration should be rearranged so that there is an "On-demand" section and a "Pipeline" section. The "On-demand" section should contain info about configuring profiles and using them in an on-demand scan.