Docs: Add prereqs to application security testing tasks

Problem to solve

In many (most?) cases, users should use custom roles to grant permissions for security-related tasks. The current AppSec docs don't generally tell users which permissions are required for a given task, or point readers to the appropriate SSOT.

Proposal

Add prerequisites to all tasks under the Secure your application chunk of the docs.
Add custom role information to each prerequisites section.

Checklists

I've linked to each page in the Application Security docs section below, roughly following the navigation order. I've omitted pages without tasks.

Items marked with ❌ have no prerequisites listed on the page, but might need some.

groupcompliance

Audit events
Audit event streaming
Compliance frameworks
View compliance status report
Compliance standards adherence dashboard
Compliance violations report
❌ Chain of custody report
Compliance frameworks report
Compliance projects report

groupstatic analysis

❌ Roll out security scanning
❌ Security scan results (This page lacks tasks per se, but could be refactored to follow CTRT.)
Static Application Security Testing
Advanced SAST
❌ Customize SAST rules

groupdynamic analysis

groupcomposition analysis

Container scanning
Dependency scanning
Static reachability analysis
Analyze dependency for behaviors
Dependency scanning using SBOM
Migrating to Dependency Scanning using SBOM
❌ Dependency list
Continuous vulnerability scanning

groupsecret detection

Edited Apr 16, 2025 by Phillip Wells

Assignee Loading

Time tracking Loading