-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
configurable severity #161
Conversation
…o create/edit/archive severities
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good stuff.
Ideally, it would be great to have the severity stuff broken out into its own application. Riding along side of the policy code things will start to get ugly (especially as Rules get more complicated). If it isn't too much trouble, breaking it out now would be a great step.
I apologize for not spelling that out in the original ticket 🙇♂️
Agreed that it feels a little clunky living in the Policy application. I'm happy to move it out 🚚 |
'account', | ||
'policy', | ||
'asset', | ||
'base_app', | ||
'embedding', | ||
'policy', | ||
'scan', | ||
'severity', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doing The Lord's Work right here. 🙇♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for taking the time to pull this out. Nice n' tidy now :)
Description
The purpose of this PR is to make rule severity configurable. With these changes, each severity will have a name, value, and color, instead of just a number. These severities are not user-specific, so all users can see severities that have been loaded/created, but only a superuser can create/edit/archive a severity.
There are two improvements that will be made in follow up PRs, in order to keep each a manageable size to review. The first improvement is to change the Rule severity field to a dropdown list populated by the existing severities. The second is tests.
Screenshots
Severity management dashboard
Create new severity
Severity created
Archive severity confirmation
Non-superuser dashboard view
Closes #155