Projects
A project tracks the Countermeasures and best practices needed to secure an application release. Project Countermeasures are identified based on the Survey Answers provided by a project user. Survey Answers influence the risk profile of a project, prompting SD Elements to add compensating controls to a project’s Countermeasure list. As a team completes Countermeasures, a project’s underlying threats and Weaknesses are mitigated in the release.
The first project of an application is called a Root Project or Base Project. Subsequent projects are "Release Projects" because they are made using the "New Release" action.
Project details
A project has the following properties:
-
Profile: The project type defined at the time the project is created.
-
Name: A concise description of the project. For example, the version of the application release.
Special characters in project names may be removed during slug creation. Use alphanumeric, underscore, and hyphen characters for creating unique project names. -
Description: A way to detail the release to other users.
-
Risk policy: The policy outlining the set of Countermeasures the project must complete to meet desired risk levels.
-
Custom attributes: (Optional) An additional set of attributes customized by an administrator. See Project attributes for more information.
-
Tags: Custom labels assigned to the project to help identify the release.
-
Members: The names of the users and groups in your system that have access to this project. Users and groups are assigned a different Project role to control their access rights.
-
Countermeasures Remaining: The number of Countermeasures across all phases and priority groupings that are in an incomplete state.
A project is composed of the following main areas:
-
Project activity: A list of activities performed by users.
-
Project Survey: Details about project scope that affect which Countermeasures and requirements are included in a project. This includes technology, features, and dependencies.
-
Project Countermeasures: The list of Countermeasures and security requirements identified for the release.
-
Project reports: Reports that communicate the status of a project from the point of view of risk, completion, compliance, and so on.
-
Issue Tracker integration: Sync project Countermeasures with bug tracking and ticketing systems.
-
verification integration: Import vulnerability and risk data from security tools to affect the verification and completion status of project Countermeasures.
View a project
To view a project, follow the steps below.
-
The user:
-
Is a member of the project and has the permission Project Roles→Project Management→View Project OR
-
Is a member of the project’s business unit and has the permission Global Roles→Administration→View all projects.
-
-
Select the Business Units menu option.
-
Select the business unit where the project’s application is assigned.
-
Use search if you need to find the application in the list.
-
Select the application where the project is assigned.
-
Use search if you need to find the project in the list.
-
Select the project.
The project’s Countermeasure list loads.
Tag a project
Assign a custom tag to a project by following the steps below.
-
The user:
-
Is a member of the project and has the permission Project Roles→Project Management→Edit project details OR
-
Is a member of the project’s business unit and has the permission Global Roles→Administration→View all projects.
-
-
Navigate to the project’s application.
-
Hover over the project to display the Add a tag… widget.
-
Enter one or more tags, and each tag will be added in sequence.
-
The widget auto-completes partially entered tags.
-
Ignore a suggestion by pressing the escape key.
-
The selected tags are assigned to the project. The tags can be used to filter projects in a list.
Create a new project
To create the first project of an application, follow the steps below:
-
The user is a member of the business unit.
-
The user has the permission Global Rules→Project Management→Add Project.
-
Select the Business Units menu option.
-
Select the business unit where the application is assigned. The business unit’s list of applications loads.
-
Use search if you need to find the application in the list.
-
Select the application where the project should be assigned. The application’s list of projects loads.
-
Click the plus button. The New Project dialog opens.
-
Enter the project details as described in Project details.
-
Click Create.
Once the project is created, you will immediately be prompted to Select a profile and then answer the Project survey.
Select a profile
Follow the steps below to select a profile.
-
Choose a profile appropriate to the new project:
-
The settings can be changed or fine-tuned later.
-
Select No Profile to begin with an empty set of project settings.
-
-
Click Select and continue to project survey.
The project settings are reset according to the selected profile.
Create a release project
Release projects have the following advantages compared to a new project.
-
No need to re-enter project settings: The new release keeps a record of the original project’s settings, removing the need to re-enter them again.
-
Fewer requirements to action: Release projects identify only those Countermeasures that need attention based on what has changed in the release.
-
Issue Tracker and Scanner connections can be copied: Carry forward Issue Tracker and scanner integration settings, reducing the amount of duplicated setup.
-
Carry forward Countermeasures and their details: Countermeasure status and notes from the original project can be copied to the new release.
To create a release, follow the steps below:
-
The user has the permission Global Roles→Administration→Edit all projects.
-
Select the Business Units menu option.
-
Select the business unit where its application is assigned.
-
Use search if you need to find the application in the list.
-
Select the application where the original project is assigned.
-
Use search if you need to find the project in the list.
-
Hover over its row on the far right, click and select New Release. A dialog opens.
-
Enter details for the new project:
-
Name: A concise description of the project. For example, the version of the current application.
-
Description: A way to detail the release to other users.
-
Tags: Custom labels assigned to the project to help identify the release.
-
Advanced (optional):
-
Retain Statuses and Notes in the following Phases - Select the phases from which Countermeasures, their statuses, and notes should be carried forward.
-
Project Specific Countermeasures Retention - Carry forward project-specific Countermeasures to the new release.
-
Countermeasures that you have added to your project from the Countermeasure Library, rather than from being assigned from the Project Survey, are carried forward to your new release projects with a status of 'Incomplete'. This is performed automatically for your convenience.
-
-
Issue Tracker Connection Retention - Carry forward Issue Tracker connection details to the new release.
-
Verification Connection Retention - Carry forward scanner analysis connection details to the new release.
-
-
-
Click Create.
-
The dialog Changes Since Last Release opens. Select the settings relevant to the release. Uncheck the settings that are irrelevant.
Only uncheck a "Changes since last release" answer if you are certain there have been no changes. For example, uncheck "Changes to user output" only if you are certain that there will be no new web content on a web application. Unchecking answers incorrectly here may result in security Countermeasures not appearing, potentially leading to decreased security in your application. -
Click Save and Close.
Move a project to another application
Move a project to a different application by following the steps below.
-
The user is a member of the project.
-
The user has the permissions:
-
Global role→Project Management→Delete project.
-
Global role→Project Management→Add project.
-
Project role→Project Management→View project.
-
-
Open the project’s overview page.
-
Click the vertical ellipsis icon for more options.
-
Select Move Project. A dialog opens.
-
Search for the application to where the project should move.
-
Click Confirm.
The project is moved from the source application to the selected application.
Notes
-
If your project has new releases, all of them will be moved to the new application. There is no way to move a subset of them at this time.
-
The Move button will only be available to the "root" project, or the project that is not a "new release" of any other projects. If you do not see the Move button, it likely means that the project you have selected is a new release of another project.
Archiving and unarchiving a project
It is possible to archive and unarchive projects in SD Elements. Be aware that archiving a project will cease all of its automatic integrations, but it will retain configuration and previous sync data.
Archived projects also behave in the following ways:
-
Cannot be changed by users
-
Provide limited UI access/visibility
-
Do not count toward SD Elements license count
-
Have limited API access
-
Do not run integrations
-
Impact archived project Countermeasures with any changes to system-level settings, such as custom Countermeasure statuses
Archive a project
To archive a project, follow the steps below:
-
The user has the permission Global Roles→Project Management→Add project.
-
Select the Business Units menu option.
-
Select the business unit where its application is assigned.
-
Use search if you need to find the application in the list.
-
Select the application where the project is assigned.
-
Use search if you need to find the project in the list.
-
Hover over the project’s row on the far right, click and select Archive Project. A dialog opens.
-
Click Archive.
The project and its Countermeasures are archived. The project can no longer be worked on. It can be unarchived later.
Unarchive a project
To unarchive a project, follow the steps below:
-
The user has the permission Global Roles→Project Management→Add project.
-
Select the Business Units menu option.
-
Select the business unit where its application is assigned.
-
Use search if you need to find the application in the list.
-
Select the application where the project is assigned.
-
Select Archived from the top menu under Business Units.
-
Use search if you need to find the archived project in the list.
-
Hover over the project’s row on the far right, click Unarchive. A dialog opens.
-
Click Unarchive.
The project and its Countermeasures are restored to their original state and location.
Delete a project
To delete a project, follow the steps below:
Deleting a project is permanent. |
-
The user has the permission Global Roles→Project Management→Delete project.
-
Select the Business Units menu option.
-
Select the business unit where its application is assigned.
-
Use search if you need to find the application in the list.
-
Select the application where the project is assigned.
-
Use search if you need to find the project in the list.
-
Hover over the project’s row on the far right, click and select Delete Project. A dialog opens.
-
Confirm that you understand the impact of the change.
-
Click Delete.
The project and its Countermeasures are permanently removed from the system.
Apply a risk policy to a project
Apply a risk policy for new or existing project using the steps below.
-
The user has one of the following permissions:
-
Global Roles → Administration → Add project.
-
Global Roles → Administration → Edit all projects.
-
Project Roles → Project Management → Edit project details.
-
-
Select the Business Units menu option.
-
Select the business unit where the project’s application is assigned.
-
Use search if you need to find the application in the list.
-
Select the application where the project is assigned.
-
Use search if you need to find the project in the list.
-
Hover over the project’s row on the far right, click [more vert] and select Edit Project. A dialog opens.
-
Select a risk policy from the Risk Policy dropdown menu.
-
Click Done.
The risk policy you select will be applied to that project alone. The project’s list of Countermeasures is updated to show Countermeasures relevant to this risk policy.