馃帹 Design: Configuration with code snippets as a mid term solution
Background
We have bugs mentioned in this issue comment, if the bugs cannot be fixed, we need a different design solution
Let's test with user how to do when feeling copy/paste code when they need to use profile and more settings, how do they think the manual copy/paste feature
JTBD
When I am configuring a CI/CD security scan, I want to specify which assets need to be scanned and under which circumstances, So that I can ensure my assets are secure prior to or at their release.
When I am either enabling or configuring a security scan, I want to run a demo scan, So that I can validate my configuration before it is implemented
Scenario
- Scenario 1: As a person who is responsible for API fuzzing scanning (probably works on project level), when I create a new scan or modify current ones, I often face several configuration tasks, I need to choose between using a customized scan or using global settings to make sure the API fuzzing scan function the best. This might need communication with other roles who oversees the configuration and back-forth checking scan performance and settings.
- Scenario 2: As a person who is responsible for overseeing all security scans(probably works on a group level), when I make global settings, I want to take control of some changes (profiles include checks or assertions) and create policies to enforce certain settings can NOT be changed on project/scan levels so that I can control the standard of security scans
Subtasks
- Scenario 1:
- task 1: I want to enable API fuzzing testing for CI/CD pipeline
- task 2: I want to fine-tune API fuzzing testing for a particular scan
- task 3: I want to choose between global settings
- Scenario 2:
- task 1: I want to create global settings
- task 2: I want to maintain the global settings
- task 3: I want to enforce some global settings to particular scans
Design proposal
Design proposal for JTBD:
Edited by Camellia X Yang