DAST Scanner Profile Library implementation - Iteration 1 [parent issue]
Problem to solve
As a DAST user, I want a place where I can manage my DAST profiles, so that I can easily create and delete profiles used in my DAST scans.
Intended users
User experience goal
The user should be able to use the UI in the "Security & Compliance" => "Configuration" section to create profiles, delete profiles, and see a list of their profiles.
Proposal
MVC (13.4) scope:
- List Scanner profiles
- Create Scanner profiles
- Delete Scanner profiles
- Flow 1(Figma file): user goes to On-demand scan when there is already scan created before
- a user clicks on "Manage profiles" and the
- In the manage profile area: user can create either scanner profile and site profiles
- In the manage profile area: user can delete either scanner profile and site profiles
- We tell user clearly why they can't edit now and what they can do in a tooltip
- Flow 2(Figma file): user goes to the setting area
- a user clicks on "On-demand Manage profiles"
- In the manage profile area: user can create either scanner profile and site profiles
- In the manage profile area: user can delete either scanner profile and site profiles
- We tell user clearly why they can't edit now and what they can do in a tooltip
There should be a way for users to see "Profile Library" link/button from the Configuration page on the DAST row. This link should take them to a page that has a list of profiles that they have created, separated by profile type (i.e. scan vs. site) and a "Create profile" button per profile type.
Further details
Permissions and Security
Developer, maintainer, and owner roles should have access to create and delete profiles. The other roles should have access to see the list of profiles created.
Documentation
The DAST docs about configuration should be rearranged so that there is an "On-demand" section and a "Pipeline" section. The "On-demand" section should contain info about configuring profiles and using them in an on-demand scan.
Implementation Plan
-
frontend-weight2 Rollout feature flag
-
frontend-weight3 List scanner profiles -
frontend-weight3 Delete Scanner profiles -
frontend-weight2 Documentation
-
backend-weight1 Amend DastScannerProfile Query -
backend-weight2 Delete DastScannerProfile Mutation
GraphQL Proposals
Query Scanner Profiles
query dastScannerProfiles($fullPath: ID!, $after: String, $before: String, $first: Int, $last: Int) {
project(fullPath: $fullPath) {
dastScannerProfiles(after: $after, before: $before, first: $first, last: $last) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
edges {
cursor
node {
id # deprecated
globalId # use this instead
profileName
scannerType
}
}
}
}
}
Delete Scanner Profile Mutation
mutation dastScannerProfileDelete($projectFullPath: ID!, $profileId: DastSiteProfileID!) {
dastScannerProfileDelete(input: { fullPath: $projectFullPath, id: $profileId }) {
errors
}
}