Project survey

A project survey is the set of single or multiple choice questions teams answer to describe a project’s risk profile or business context. The questions, how they are structured, and the way answers relate to each other can be managed by content administrators. The answers to a survey are the project settings.

Certain Countermeasures and how-tos become relevant to a project based on its settings. When a project is created, a list of Countermeasures are included based on the profile and its initial survey answers.

Project settings can be edited multiple times. If a team is unsure about certain answers, they can return to change the project settings at a later time. Once the settings are finalized, a project lead can lock the survey so that no further changes can be made.

Default project survey

SD Elements provides the following categories for project settings by default.

new project survey
Your administrators may have defined additional custom categories and subcategories unique to your environment.
  • Application General: High-level settings about the application, such as the type of application and its protocols.

  • Language and Platform: Technology-specific settings about the application, such as the programming language and third party libraries used.

  • Features and Functions: Security and other related features, such as whether or not the application allows users to upload files.

  • Compliance Requirements: Requirements from specific regulatory bodies, such as the Payment Card Industry (PCI).

  • Development/Test Tools: A list of tools that may be used during development or testing. These settings help SD Elements determine which technology-specific How-To’s it can provide. For example, some How-To’s require the use of Open Web Application Security Project (OWASP) tools: these How-To’s will only appear if you are allowed to use OWASP tools.

  • Changes Since Last Release: Settings that determine what the changes were since the last release. Only use this section if you wish to model the changes between releases rather than the entire application. This section does not appear by default. It will only appear if you create a new release of a project.

Update project survey

To update a project survey, follow the steps below.

Prerequisites:
  • The user has the permission Project role→Project Management→Edit project survey.

Steps:
  1. Open the project Countermeasures page.

  2. On the top-right of the project Countermeasures list, click the icon.

    Countermeasures page more menu
  3. Select edit survey from the dropdown menu.

    Countermeasures page more menu
  4. Update the survey answers.

  5. Click Save and Close

The answers to the project survey are updated. The Countermeasure list is updated according to the new answers. Any pending Countermeasure list changes prior to the survey update are applied to the project as well.

Project survey state

You will now see a banner on the project’s survey showing its state. The survey will be in a published state if all survey changes have been submitted. Whenever a user tries to make a change, they will see a confirmation prompt. After the user acknowledges that they want to make the change, the survey will change into a draft state.

survey state published
survey change confirmation
survey state draft
There are times when a change to one or more library rules will mean that a survey’s previously selected answer is no longer applicable. These answers become automatically unchecked within the survey, and the banner display indicates that the survey is in a draft state.

Project survey history

To view the most recent answer activity for a project survey question, follow the steps below.

Prerequisites:
  • The user has either of the following permissions:

    1. Project role→Project Management→Edit project survey.

    2. Project role→Project Management→View project survey.

Steps:
  1. Navigate to a project survey question that has previously been answered.

  2. Below the title of the question is a link labeled "View Latest History".

    View Latest History link
  3. Clicking this link opens a window containing information about the most recent answer activity for that question.

    View Latest History
    1. These details include:

      1. The title of the question whose history you are viewing.

      2. The name of the last user to provide an answer for this question.

      3. If that user has selected an answer, you will see which answers they have selected under the heading "Selected".

      4. If that user has deselected an answer, you will see which answers they have deselected under the heading "Deselected".

        View Latest History is a quick way for you to find out when this question was last answered and by whom. This information only contains history from the single user who has most recently answered the question.
  4. To close the View Latest History, either click the link again or click anywhere on the page outside of the popover.

    The history shown in the popover is reloaded either when you click save, reload the page, or navigate away and back to the survey.

View project Survey changes

You can view the list of changes to the project’s survey from all users including answer selection and deselection, survey publish and survey draft saves.

Prerequisites:
  • The user has either of the following permissions:

    1. Project role→Project Management→Edit project survey.

    2. Project role→Project Management→View project survey.

Steps:
  1. Navigate to the project Survey from the Project View.

  2. Click More (vertical ellipsis) in the upper rigt-hand corner.

  3. Click View all changes.

Export project Survey history

You can export project Survey history changes as a CSV file for each Survey question.

Prerequisites:
  • The user has either of the following permissions:

    1. Project role→Project Management→Edit project survey.

    2. Project role→Project Management→View project survey.

Steps:
  1. Navigate to the project whose Survey history you want to export.

  2. Select the project’s Survey tab.

  3. Click More (vertical ellipsis) in the upper-right corner of the Project Survey page.

  4. Click Export Survey history as CSV.

    project survey history export

    You will receive on your local machine a downloaded CSV file containing the project’s Survey change history.

Publish the project Survey

Prerequisites:
  • The user has the permission Project role→Project Management→Edit project survey.

After making any necessary changes in the Survey, click Confirm Changes to access the confirmation page.

project survey confirm changes

The Confirm Survey Answer Changes page highlights all of the changes that will be applied if you choose to publish the Survey.

Steps:
  1. Review the Survey Answer changes that you made.

    1. You can click the Modify link associated with any of the changes to return to the Survey and modify your answer.

  2. Click either Publish & Continue to Diagram or Publish & Continue to Summary depending on whether you want to perform threat modeling.

    1. At any time you can also click Back to Survey to cancel the current publishing activity.

project survey publish

Lock the project Survey

To lock a project survey so that no further changes can be made, follow the steps below.

Prerequisites:
  • The user has the permission Project role→Project Management→Lock project survey.

Steps:
  1. Navigate to the Project Survey.

  2. On the top-right of the Project Survey, click the lock icon.

    project settings lock survey

    The project survey is now locked. No further changes can be made to the project settings without unlocking the survey. Changes to the project Countermeasure list may still be made through Project content updates.

Unlock project Survey

To unlock a project Survey so that changes can be made, follow the steps below.

Prerequisites:
  • The user has the permission Project role→Project Management→Lock project survey.

Steps:
  1. Navigate to the project Survey.

  2. On the top-right of the project Survey, click the lock icon.

    project settings unlock survey

The project Survey is now unlocked. Changes can now be made to the project Survey.

Hidden phases

Completing the project survey determines the phases of the software development lifecycle (SDLC) that are visible or hidden in your project, and the number of Countermeasures associated with those phases. The number of Countermeasures appears next to the phase, and as long as there is one Countermeasure available for that phase (as determined by the project survey), that phase will be visible. Phases with zero Countermeasures (as determined by the project survey) are hidden.

In the project below, the phases ARCHITECTURE & DESIGN and TESTING have zero Countermeasures, but they remain visible. However, DEPLOYMENT is hidden. Completion of the project survey determines the Countermeasures that are allocated into specific phases. If the survey allocates at least one Countermeasure into a phase, then that phase will be visible. A phase may indicate that zero Countermeasures are available based on checking the risk policy box, searching, or filtering.

hidden phases 1

If you add a project specific Countermeasure or a manually added Library Countermeasure to your project, the default phases determined by the project survey will change accordingly by making a previously hidden phase visible.

hidden phases 2

At the same time, if you remove a Countermeasure from a phase to bring the Countermeasure count to zero, that phase will become hidden.

hidden phases 3

The Countermeasure Completion widget also becomes visible or hidden based on the number of Countermeasures in a phase. Generally, whenever Countermeasures are included in a project, the widget is displayed on the project overview page. However, when the project survey is incomplete, empty, or there are no Countermeasures for the project (as determined by a risk policy, for instance), the Countermeasure Completion widget is hidden from the project overview. Note that the widget will display a phase regardless of the status of Countermeasures within it, but the number of Countermeasures will only include Countermeasures with a status of 'Complete' and 'Incomplete', and not 'NA'.

Project Survey comments

Add comments to the project survey as you answer or review it. Use comments to communicate with other members of your team or simply justify why you selected a specific answer. You can add multiple comments for each question and pin one to the survey so that it appears below the question.

survey comments main1

Project survey comment details

  • Comment icon: Opens up a list of all comments.

  • Comment icon badge: Displays the number of comments associated with that question when at least one comment exists.

  • Pinned comment: Pin and unpin comments that appear below the question’s answers.

View comments

Prerequisites:
  1. User is a member of the project’s Business Unit.

  2. User has the permission Project role→Project Management→View project.

Steps:
  1. Navigate to the Survey tab of your project.

  2. Click on the comment icon for a question.

    500

All comments for that question are displayed in chronological order from oldest to newest.

Create a comment

Prerequisites:
  1. User is a member of the project’s Business Unit.

  2. User has the following permissions:

    1. Project role→Project Management→Edit project survey

    2. Project role→Project Management→View project OR Global role→Project Management→View project

Steps:
  1. Navigate to the Survey tab of your project.

  2. Click on the comment icon for a question.

  3. Enter your comment.

    survey comments main1b
  4. Click Save Comment to save the comment.

    1. Click Cancel to discard changes and close the popover.

Your comment is saved and can now be viewed by other members of the project.

INFO: Markdown is not currently supported for survey comments.

Edit a comment

Edit a comment that has not yet become locked. Comments are locked when the project survey is saved or locked.

Prerequisites:
  1. User is a member of the project’s Business Unit.

  2. The comment is not locked.

  3. User has the following permissions:

    1. Project role→Project Management→Edit project survey

    2. Project role→Project Management→View project OR Global role→Project Management→View project

Steps:
  1. Navigate to the Survey tab of your project.

  2. Click on the comment icon for a question.

  3. Click on the edit icon next to the comment and enter the desired changes.

    500
  4. Click Save Comment to save the changes.

    1. Click Cancel to discard changes and close the popover.

Changes to your comment are saved.

You cannot edit comments once you lock or save a project survey.

Pin a comment

Prerequisites:
  1. User is a member of the project’s Business Unit.

  2. User has the following permissions:

    1. Project role→Project Management→Edit project survey

    2. Project role→Project Management→View project OR Global role→Project Management→View project

Steps:
  1. Navigate to the Survey tab of your project.

  2. Click on the comment icon for a question.

  3. Click on the pin icon next to the comment.

    500

The pinned comment appears below the question’s answers.

300

Click on the yellow pin icon to unpin the comment.

INFO: Only one comment can be pinned for each question. Pinning another comment will unpin the existing pinned comment.

Retain comments for new releases

Carry over pinned survey comments when creating a new release.

Steps:
  1. Navigate to the Overview tab of your project.

  2. Select More options, and click on New Release.

  3. Click on Survey Comments Retention.

    500
  4. Check Carry over Pinned Survey Comments.

  5. Click on Create to create the new release.

Pinned survey comments can now be viewed on the project survey of your new release.

Required comments

Mark questions and subquestions as comments required. Project users who answer the survey will need to add at least one comment before saving the survey. Questions and subquestions that require a comment will have a visual indicator and a text box attached to it in the survey.

Prerequisites:
  1. User has the following permissions:

    1. Project role→Customization→Customize content

Steps:
  1. Navigate to Library → Project Survey.

  2. Navigate to the survey question or subsection that you would like to have required comments.

  3. Under Comments, check the box for Required to make a comment required for this question or subsection.

    500
  4. Click Save for the question or sebsection.

The question or subsection now requires a comment by a user of the project before the survey can be saved.

results matching ""

    No results matching ""