Globally enable and set defaults for vulnerability training
Release notes
Problem to solve
Today, enabling security training for vulnerabilities is done at the Project level. This does not scale well for organizations who wish to turn on training for large numbers of projects. Additionally, as new projects get added, training is off by default as there is more than one training partner option. Without a way to set default training options, it is still a manual effort to turn on the right training provider(s) as new projects are created.
Proposal
Add the following at the Group level:
- Manage vulnerability training settings for all child projects
- Set default training settings for newly created child projects
Considerations:
- There is not a place to manage security settings or configurations at the Group Level. We could extend the
Security & Compliance > Configuration
pattern here but there might be better options. - We must evaluate if this new configuration ability should be implemented on the
Namespace
model. This may require re-implementing/migrating the existing Project-level security training configuration and that's OK (can be done incrementally, if that makes the most sense).
Other Requirements
- Any setting applied for a given group will be applied to all projects that are a direct child or exist as children of any sub-group at any level underneath the parent group.
- The same inheritance applies model applies when setting default training settings for new projects.
- When making changes to group-level training settings, we should offer the user options for propagating the changes to projects:
- Apply the new group-level settings and override any existing project-level settings.
- Apply the new group-level settings but leave any existing project-level settings as is.
Edited by Matt Wilson