## Problem to solve AppSec teams need better visibility into their organization's security posture. Currently, security workflows are primarily project-focused, making it difficult to: - Understand security tool coverage across projects - Identify projects that need security scanning enabled - Track when security scans were last performed - View vulnerabilities across multiple projects ## Proposal Create a group-level asset inventory view that helps security teams monitor and manage their security posture across all projects and subgroups. #### Design Resources - [🕹️ Prototype](https://www.figma.com/proto/W9EZZszbkxsMlUiGONaVXm/Security-Configuration-Vision?page-id=&node-id=641-503383&viewport=306%2C-5410%2C0.5&t=Xa1fPyRWA2TcurXO-1&scaling=min-zoom&content-scaling=fixed&starting-point-node-id=641%3A503383) - [🎨 Design file](https://www.figma.com/design/W9EZZszbkxsMlUiGONaVXm/Security-Configuration-Vision?node-id=646-521624&t=2QQ3wc8Fs2eBFIyr-1) #### Core Functionality - Hierarchical list view of projects and subgroups - Search and filter capabilities - Vulnerability counts across projects and subgroups - Tool coverage across projects and subgroups - Quick access to project security configuration #### Data Display Requirements Projects: - Project name - Vulnerability count with severity breakdown - Security tool status (enabled/disabled per tool) - Link to security configuration Subgroups: - Subgroup name - Project count - Subgroup count - Aggregated vulnerability count with severity breakdown - Aggregated security tool coverage #### Technical considerations - Stacked bar charts don't exist in the product today. - Used for the `Vulnerabilities` and `Tool coverage` columns - Hovering on these charts should display a popover with a detailed breakdown of the content displayed in the chart and potentially a link to a related page. - Optimization horizontal real estate for small viewports