Managing Projects

If your organization has multiple groups that work on the development of several applications simultaneously, the best way to separate and manage the scanning flows is to create different Bright projects. You can manage which user groups get access to a project, and have full control over certain permissions and associated ticketing repositories.

In addition, you can limit the number of concurrent engines (scans) for each project so that each team has equal access to the organization engines. Let’s imagine that your organization has 10 engines and 2 projects, and there is no limitation on concurrent engines for these projects. It means that one project team can run all available engines at once and block the other team from scanning. To prevent such situations, you can, for example, set up the maximum number of concurrent engines to 5 per team, so that each team will be able to run 5 scans simultaneously without blocking each other. If a team decides to run more than 5 scans at once, the scans that exceed the limit will be queued.

If you have integrated Bright with the ticketing tool a project team uses, the relative repositories (projects, channels) can be associated with a specific project. The integration configuration allows teams of different projects to select the repository associated with their project when creating a new scan. As a result, all the discovered issues will be opened as tickets or messages automatically in the selected repository.

You can find more information about Bright integration with ticketing systems here.

πŸ“˜

Note

A project is required for the configuration of a new scan, so if you do not have any custom projects, you need to select the default one.

Creating a project

To create a project, follow these steps:

  1. In the left pane, select Projects and click + Create Project.

  1. In the Create project dialog box, enter a project name and select the groups that can access the project.
  1. Click Save.
    A successfully created project appears in the MY PROJECTS table.

Viewing the project scans

You can view the scans run within each particular project as well as retest, edit and delete them. To view and manage project scans, click the raw with the project you need in the MY PROJECTS table.

πŸ‘

Tip

You can open a project or a project scan in a new tab by a middle-mouse click or a Ctrl + left-mouse click.

Most features of the scans, such as retesting, stopping, editing, exporting, and deleting, are the same as on the Scans page. Find more information here.

Setting a maximum number of concurrent scans for a project

To set a limit for scans that can be run simultaneously by one project team, do the following:

  1. In the MY PROJECTS table, click next to the project where you want to set a limit to concurrent scans, and then select Settings.

  1. In the PROJECT SETTINGS section, select the check box next to Limit number of concurrent scans.
  2. In the Max. concurrent scans field, enter the number of engines that can be run concurrently for this project.
    Please make sure that the number you set does not exceed the total number of engines available for the entire organization.

  1. At the top right of the Project Settings page, click Save.

Reviewing the project issue details

You can view the information about all issues detected during the project scans, as well as check the parent scans. The information includes the issue type, HTTP method, number of times reported, and link to a vulnerable source.

To view the details and parent scans of a specific issue, you simply need to select this issue from the PROJECT ISSUES table on the Project page.

Configuring an issue and assign it to a project user

You can set a status and severity for all project issues to treat them as tasks and assign them to different members of your project team.

To configure an issue and assign it to a project user, follow these steps:

  1. On the Project page, scroll down to the PROJECT ISSUES table and select the issue you want to configure.

  1. In the ISSUE CONFIGURATION section, select the status, severity, and assignee for the issue.

Adding a group to project

To add a group to the project, follow these steps:

  1. In the MY PROJECTS table, click next to the project where you want to delete a group, and then select Settings.

  1. In the upper-right corner of the GROUP MANAGEMENT section, select the group to be added to the project from the Add group dropdown list.

Managing project files

Bright enables you to upload API schemas and .HAR files to the storage and select them as a target when setting a new scan. Uploaded files can be shared between the organization members with appropriate permissions.

πŸ“˜

Note:

This chapter describes managing project files basics. To learn how to fully operate with it, see Managing Bright Storage.

To simplify searching for a particular file, Bright allows you to filter files by these parameters:

Name - the custom name of a scan
Size - file size
Type - file type
Revision - file version
Ready for scanning - indicates if a scan is ready to start
Last modified - time and date of last modification
File ID - unique file ID

Deleting a group from project

To delete a group from a project, follow these steps:

  1. In the MY PROJECTS table, click next to the project where you want to delete a group, and then select Settings.

  1. In the GROUP MANAGEMENT table, click next to the group you want to delete, and then select Delete.

Deleting a project

To delete a custom project, do the following:

  1. In the MY PROJECTS table, click next to the project you want to delete, and then select Delete.

  1. On the popup, click Yes, delete.
    By deleting a project, all the associated scans will be deleted along with their history and detected issues. This data cannot be restored after deletion.