馃帹 Design: improve manage/edit compliance frameworks
Problem
- Discoverability of settings of the framework: Users need to go to the
Group / Projects settings
to manage their framework labels and the compliance report is underSecure and compliance
(Related to issue) - Navigation problem: because of compliance label settings and compliance reports are under two different areas, navigation is potentially tricky. (Related to issue)
- limited functionality: now, the framework label helps group projects if they don't use pipeline yaml. It doesn't help users much to keep tracking compliance status nor keep the project compliant.
- Visibility between group-level framework labels and project-level framework labels
Target user
JBTD
- I need to be able to provide our internal compliance teams with evidence artifacts that help my company maintain a positive compliance posture.
- I need to find tools that enable my organisation to manage our compliance program and mitigate risk within the application and its use.
- I need to create effortless processes for compliance so that my team will remain productive and efficient while meeting obligations for our primary job responsibilities.
Task
- Create/Edit/Delete a new compliance framework
- Change the name/colour/description of a framework
- Apply and disconnect a framework from projects or subgroups or groups
- Link/De-link a framework to a policy
- Link/De-link a framework to an additional pipeline yaml file
- Link/De-link a framework to an adherence standards
- Have an overview of what projects applied to what framework
- Have an overview of what frameworks has what feature
- Set a framework as the default
Design
Note: If the solution needs to change navigation, we need to get a process involving the people responsible for navigation, details see hand book
Edited by Camellia X Yang