Managing Projects
If your organization has multiple groups that work on the development of several applications simultaneously, the best way to separate and manage the scanning flows is to create different Bright projects. You can manage which user groups get access to a project, and have full control over certain permissions and associated ticketing repositories.
In addition, you can limit the number of concurrent scans for each project so that each team has equal access to the organization's resources.
If you have integrated Bright with the ticketing tool a project team uses, the relative repositories (projects, channels) can be associated with a specific project. The integration configuration allows teams of different projects to select the repository associated with their project when creating a new scan. As a result, all the discovered issues will be opened as tickets or messages automatically in the selected repository.
You can find more information about Bright integration with ticketing systems here.
Note
A project is required for the configuration of a new scan, so if you do not have any custom projects, you need to select the default one.
Creating a project
To create a project, follow these steps:
- In the left pane, select Projects and click + Create Project.
- In the Create project dialog box, enter a project name and select the groups that can access the project.
- Click Save.
A successfully created project appears in the MY PROJECTS table.
Setting a maximum number of concurrent scans for a project
To set a limit for scans that can be run simultaneously by one project team, do the following:
- In the MY PROJECTS table, click next to the project where you want to set a limit to concurrent scans, and then select Settings.
- In the PROJECT SETTINGS section, select the check box next to Limit number of concurrent scans.
- In the Max. concurrent scans field, enter the number of engines that can be run concurrently for this project.
Please make sure that the number you set does not exceed the total number of engines available for the entire organization.
- At the top right of the Project Settings page, click Save.
View all project scans
To open a table with all scans, related to this particular project, click the button. This will open a new tab with a preconfigured filter.
Reviewing the project issue details
The page consists of several blocks:
Project Details - general information about the project, including project name and used hosts.
Open Issues - statuses of all scans in the project for better visibility. Includes Critical, High, Medium and Low severity. To see detailed information about new and closed statuses, point the mouse cursor on the underlined items.
Entrypoints Summary - information about entrypoints' statuses, including connectivity: OK, Problem, Skipped, Unauthorized, Unreachable.
- These widgets are designed to ease the understanding of the overall situation during a scan. Using this information, you can easily adjust the project issues filter to get the appropriate search result. To open a separate tab with all the scans in this project, click View all scans.
Project Overview - the table, contains detailed information about the project. The tab is divided into the following parts: Issues, Entrypoints, Files, and Discovery history. Each part describes items, related to this particular project.
Issues tab
In this table you can easily manage the statuses of issues, using a bulk selection, or change it by one.
Click to open the issue from the table in a new tab, orclick to copy the issue URL.
This tab contains all founded issues in this project. The issues tab includes the following columns:
- URL
- Host
- Issue type
- Severity
- Status
- Last Reported
- Times Reported
- Method
- Labels
Click on the issue to open detailed information about it. To learn more about the issue summary page, follow the link.
Entrypoints tab
In the Entrypoints table, you can manage all entrypoints, related to this issue. Also, here you can select entrypoints for the next scan. To do this, click to open the selection menu, where you can select all items or undo the previous action. Once entrypoints are selected, the new Create new scan button will appear above the table.
This tab contains all the information about the entrypoints in this project. Click on the entrypoint to open detailed information about it. To learn more about entrypoint summary page, follow the link .
The Entrypoints table includes the following columns:
- Method - Entrypoint method type
- URL - the entrypoint URL
- Connectivity - status of the entrypoint
- OK - Entrypoint reached successfully and returned a valid response
- Unreachable - Entrypoint could not be reached
- Problem - an entrypoint is reachable but returned with problematic response status
- Skipped - an entrypoint was skipped in the current scan scope
- Tests progress - test completion rate
- Response time - response time, ms
- Tested scenarios - the number of attack scenarios that were done in the particular entrypoint for all related tests
Note:
Make sure a number of selected entrypoints match your account features. To learn more about accounting and billing, see the article.
In the Files table you can manage all files attached to this project. To learn more about organizing files in the project, see the article.
In the Discovery history table, you can observe all previous scans in this particular project. Also, you can change the statuses of scans by clicking the button and selecting the relevant action: Stop, Rerun, Delete. To learn more about Discovery history page, see the article.
Adding new entrypoints to the project
There are two ways of adding new entrypoints to the project:
- Create a new discovery - This will begin a process of searching for all the entrypoints in the target. To learn how to create a new discovery, see the article.
- Create a single entrypoint - This option is for adding a single persistent entrypoint manually, using a built-in Entrypoint editor. To learn more about creating a single entrypoints, see the article.
Configuring an issue and assigning it to a project user
You can set a status and severity for all project issues to treat them as tasks and assign them to different members of your project team.
To configure an issue and assign it to a project user, follow these steps:
- On the Project page, scroll down to the PROJECT ISSUES table and select the issue you want to configure.
- In the ISSUE CONFIGURATION section, select the status, severity, assignees, and labels for the issue.
To add a new label, start typing it in the following field. Once you finished, click the Create new button, or choose the label from the list of existing ones.
Note:
Issue labels are used to filter the issues in the Projects Issues table. To make that happen, add the Labels filter from adjustment table's menu.
Downloading all the issues
Bright allows users to download all the found issues from the scan in CSV table. To download the issues list, click on Export, and downloading will start immediately.
Adding a group to project
To add a group to the project, follow these steps:
- In the MY PROJECTS table, click next to the project where you want to delete a group, and then select Settings.
- In the upper-right corner of the GROUP MANAGEMENT section, select the group to be added to the project from the Add group dropdown list.
Managing project files
Bright enables you to upload API schemas and .HAR files to the storage and select them as a target when setting a new scan. Uploaded files can be shared between the organization members with appropriate permissions.
To switch to the Storage tab, click the Files button.
Note:
This chapter describes managing project files basics. To learn how to fully operate with it, see Managing Bright Storage.
To simplify searching for a particular file, Bright allows you to filter files by these parameters:
Name - the custom name of a scan
Size - file size
Type - file type
Revision - file version
Ready for scanning - indicates if a scan is ready to start
Last modified - time and date of last modification
File ID - unique file ID
Managing your project API keys (authentication tokens)
To enable some Bright operations and integrations, you will need an authentication token (API key).
To create a project API key, follow these steps:
- Enter your Projects page and then open a project, which API keys you want to manage.
- Click on the upper-left corner.
- In the MANAGE YOUR PROJECT API KEYS section, click + Create API key.
- Assign the API key a name, select which scope(s) of access to allow it and which type of actions (such as read or write) it is permitted to perform.
- Click Create. On the popup, copy the generated key and save it to a safe place.
Warning:
As soon as you navigate away from this popup, you will not be able to restore this key.
The created keys without the entire values are listed in the MANAGE YOUR PROJECT API KEYS section.
Downloading all Projects data
Bright allows users to export all the Projects data. To do that, click on Export in the upper-right corner of the table, and downloading will start immediately.
Deleting a group from project
To delete a group from a project, follow these steps:
- In the MY PROJECTS table, click next to the project where you want to delete a group, and then select Settings.
- In the GROUP MANAGEMENT table, click next to the group you want to delete, and then select Delete.
Deleting a project
To delete a custom project, do the following:
- In the MY PROJECTS table, click next to the project you want to delete, and then select Delete.
- On the popup, click Yes, delete.
By deleting a project, all the associated scans will be deleted along with their history and detected issues. This data cannot be restored after deletion.
Updated 9 months ago