MozillaWiki

Minion User Stories

Revision as of 15:24, 16 April 2013 by Mcoates (talk | contribs) (→‎Minion Operational Stories)

Security Assurance Team Stories

I want to be able to invite Web Developers to use Minion

I would like to invite people to use Minion by entering their email address. Minion should then send a signup email to the developer.

I want to be able to add sites to Minion and create specific test plans for those sites

I want to be able to maintain a list of sites and create specific test plans for those sites. A test plan includes a description of what tools will be run as part of the plan together with an optional configuration for those tools.

I want to be able to give Web Developers access to test plans for specific sites

I want to easily give developers access to plans so that they can see the results and run the plan.

I want to see statistics about the kind of issues that Minion finds accross all sites

I would like to see statistics on for example the most common issues found. Or the longest outstanding issues.

I want to easily add Zest scripts to Minion so that we can easily and check found websec bugs

I would like to create or record a Zest script as part of the websec bug validation process and then upload that script to Minion and make it part of a test plan. So that reviewers and developers can easily see the status of those websec bugs.

Web Developer Stories

I want to be able to request a test plan for a site that I am working on

When a specific site is not yet covered by Minion, I would like to be able to request that a test plan be made for it. Ideally simply by filling in an online form.

I want to login to Minion and see all the current open issues for the sites that I work on or that I am responsible for

This would show all the results from the most recent scans for all sites that I work on.

I want to be able to start a scan when I have made changes to a deployed site

I want to push a button to start a scan.

I want to easily share a specific result with my colleagues

I want to copy and paste a direct link to a found issue into an chat, email or a bugzilla bug.

I want to easily file bugs for issues that Minion finds

I want to be able easily file bugs on found issues.

I would like to be able to mute a found issue if it is a false positive

When a found issue is a false positive, I want to be able to mark it as such so that it does not show up in future scan results.

I would like to be able to take meaningful action based on the results because they are rarely false positives

Issues that are found should either have a very low false positive rate so developers don't need an external security specialist to vet the results before developers take action.

Minion Operational Stories

I want to be able to easily spin up extra servers to scale Minion horizontally

Adding extra capacity to Minion should be as easy as spinning up an extra instance. This extra instance should be able to run test workers without any special configuration.

I want to be able to control the external IP address that Minion uses for scans

I want to be able to easily scan a large number of websites

I want to be able to scan in a "passive observation" mode so people can initiate against sites they don't own and get some results

I want to be able to schedule scans to run on a regular basis and reporting diffs

Retrieved from "https://wiki.mozilla.org/index.php?title=Minion_User_Stories&oldid=646918"