Metric - Understand how security policy links are used
Description
We want to introduce a metric that helps us understand the structure of an instance or namespace in the context of security policies, using security policy project links.
Below is a table that demonstrates the type of data we'd like to capture.
| Account | Instance/Namespace | SPP Name | Linked Top Level Groups | Linked Subgroups | Linked Projects | Enabled Policy Count | Enabled Scan execution policy count | Enabled Pipeline execution policy count | Enabled MR approval policy count | Policy Scopes | Projects in scope |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Customer A | somedomain.com | ex. Central Project | 500 | 0 | 0 | 10 | 2 | 4 | 4 | all linked groups, compliance frameworks | 10000 |
| Customer A | somedomain.com | ex. Business unit A | 0 | 1000 | 0 | 5 | 2 | 4 | 4 | compliance frameworks | 5000 |
| Customer A | somedomain.com | ex. Business unit B | 0 | 20 | 0 | 1 | 1 | 1 | 1 | specific projects | 40 |
| Customer A | somedomain.com | ex. Project A | 0 | 0 | 1 | 0 | 1 | 1 | 1 | all linked projects | 1 |
Questions to answer
Some questions we'd want to answer with this data:
- I am trying to find out the correlation between policy number, number of linked groups/subgroups and scope methods, it can help us understand the question like, for the top level groups how many policies user are managing in general; how do they scope policies.
- Which policy types are being used by customers to the greatest impact?
- Which policy types are being used by customers with the least impact?