🎨 Design: API fuzzing: group level manage group profile

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Background

Based on the discovery on the previous issue, we have two personas and many tasks. And the design becomes too big to cover within one issue. So I divided the original issue into 4:

1. 🎨 Design: API fuzzing: project-level configure with local(project) profile #330481 (closed)
2. 🎨 Design: API fuzzing: project level configure: edit beaver token #331500
3. 🎨 Design: API fuzzing: project level configure edit route #331498
4. 🎨 Design: API fuzzing: project-level manage profiles #330496 (closed)
5. 🎨 Design: API fuzzing: project-level configure with group profile #330480
6. (This issue) 🎨 Design: API fuzzing: group-level manage group profile #330482

Issue number 2 and 3 will need some help of research with issue-Problem validation: How people use group-level settings and project-level settings for API fuzzing

JTBD

When I am configuring a security scan, I want to specify which types of vulnerabilities the scan should detect, So that we don't waste time sorting through irrelevant findings.

Target Persona

This user is focusing on the personas:

those who use group-level profiles

• Sam-Seucrity analyst
• Sasha-Dev

Scenario

This issue is focused on the following scenario:

As a person who oversees the security aspect of all projects, sometimes I create profiles that can be used in different projects. I want to set some standard settings so that in the project they can easily reuse. In certain profile, I will fix some configuration settings because those should be run as it is, the project shouldn't change them, in this way, I make sure the quality of scan in understand certain level.

As a person who oversees the security aspect of all projects, sometimes I need to set up an additional policy, to overwrite project level scans, no matter which profile they use. Those are needed when I want to make sure all scans in all project have covered certain checks

As a person who oversees the security aspect of all projects, sometimes I create profiles

Tasks

• task 1: I want to create global settings in which all projects could use
• task 2: I want to create global settings in which all projects have to use
• task 3: I want to enforce some global settings to particular scans

Design proposal

• Video walkthrough： https://www.loom.com/share/0e847f55b7694ef4aab8ea78c0fd3a69
• Figma file: https://www.figma.com/file/T3GLY9ygaPgywEuoIfOvvD/API-Fuzzing-Configuration?node-id=1050%3A3