Allow user to enable vulnerability-check to multiple projects
Problem to solve
Context: we currently have the Vulnerability-Check at the project level. This will disallow a merge request if a Critical, high, or unknown severity vulnerability is detected (regardless of dismissal). Issue part of: &3202 (closed), and follow up to #216588 (closed), which displays whether or not a check is set across projects.
Problem: User is unable to apply vulnerability-check to multiple projects from the group and/or instance level. User would need to go project-to-project to apply and manage the rule.
Intended users
- Cameron (Compliance Manager)
- Delaney (Development Team Lead)
- Devon (DevOps Engineer)
- Sam (Security Analyst)
- Rachel (Release Manager)
- Alex (Security Operations Engineer)
- Simone (Software Engineer in Test)
- Allison (Application Ops)
User experience goal
Provide user ability to apply the Vulnerability-check rule to multiple projects
Proposal
Based on #216588 (closed), allow the user to then apply Vulneability-check to multiple projects; with designated approvers.
Further details
Issue part of introducing group-level security check: &3202 (closed)
Permissions and Security
...
Documentation
Availability & Testing
...
What does success look like, and how can we measure that?
- Can the user enable
Vulnerability-checkto multiple projects - Can the user find where to identify which projects are enabled (info-architecture of awareness UI)
What is the type of buyer?
Is this a cross-stage feature?
This a cross-stage feature for devopssecure as it is related to the scanning results of all but license scan. Additionally, it will affect the merge request experience, configuration page, and vulnerability management ~"devops::defend"