Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation for vulnerability policies #997

Open
Tracked by #860
nscuro opened this issue Jan 3, 2024 · 0 comments
Open
Tracked by #860

Add documentation for vulnerability policies #997

nscuro opened this issue Jan 3, 2024 · 0 comments
Assignees
@nscuro
Labels
documentation Improvements or additions to documentation domain/vuln-policy help wanted Extra attention is needed p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort

Comments

@nscuro
Copy link
Member

nscuro commented Jan 3, 2024

We don't currently have any documentation on the new vulnerability policy feature.

Extend the public docs to cover at least the following:

  • Introduction
    • What are vulnerability policies
    • Why are they needed
    • Make it clear that it's a preview feature that must be enabled explicitly
  • Policy management
    • Frontend (not implemented yet, can use place holder)
    • Automatic reconciliation
      • Process (consider re-using diagrams from Support global vulnerability analysis policies #930)
        • Include validations performed, e.g. condition compilation, enforcement of name uniqueness, etc.)
        • Ensure "all-or-nothing" behavior is clearly stated
      • Configuration (enabling, task interval, bundle source, ...)
      • Supported sources
        • File Server
        • Blob Storage
      • File formats
        • Policy file format (YAML, JSON schema)
        • Policy bundle format (point out constraints like uniqueness of policy names)
  • Example policies (using YAML format)
@nscuro nscuro added documentation Improvements or additions to documentation p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort domain/vuln-policy labels Jan 3, 2024
@nscuro nscuro self-assigned this Jan 3, 2024
@nscuro nscuro mentioned this issue Jan 31, 2024
Open
34 tasks
@VinodAnandan VinodAnandan mentioned this issue May 15, 2024
Open
2 tasks
@VinodAnandan VinodAnandan added the help wanted Extra attention is needed label Jun 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nscuro nscuro

Labels
documentation Improvements or additions to documentation domain/vuln-policy help wanted Extra attention is needed p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nscuro @VinodAnandan