Explore how we might empower users to better understand unfamiliar configuration options when enabling a security tool

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Recommendation from Secure - Audit of scanner configuration UI

Problem to solve

When enabling a scanner, many of the UI configuration options provide little explanation or guidance. How we might empower users to better understand unfamiliar configuration options when enabling a security tool?

Most users first want to understand what each option does. Some users also want to know how each option works

1. SAST does a decent job explaining config options but could use a little refinement. Some items seem overly technical and others are a little vague
2. DAST has a few issues:
   1. No explanation of what "profiles" are when none exist
   2. When profiles exist, the guidance given to users is a little confusing
   3. When creating a site or scanner profile, many explanations are relatively vague or missing altogether.
3. API Fuzzing has a couple of fields that have little-to-no explanation
4. On-demand DAST has the same issues as CI/CD DAST and is lacking descriptions for most on-demand specific configuration options.

Proposal

To be determined...