馃帹 Design: DAST Project-level Scan Execution Policies
This is the design issue. Requirements are available on the parent epic.
initial ideation:
Related MVC changes:
-
2a info-architecture change: new policies section under security section -
3a policies UI, including new policy: schedule scan (dast) -
3b edit policy (scan schedule) -
4 create policy workflow UI and conditional text/selection logic (see prototype) -
create saved scan (when a DAST scan profile/scan doesn't exist or needs to be newly created)(later MVC - outside of scope) -
display scan results, scan records seen in 3b edit drawer, with anchor to related pipeline > security tab (results) -
remove policy history - pending question: will we be able to link to the scan results/findings? If not, where will the user retrieve this info.
Design
Edited by Annabel Dunstone Gray