Feature Request: Target Maturity Level Highlight per team in Circular Heatmap

[0xj4f]

My organization is highly interested in this tool for mapping our security controls. However, we require one specific feature to make it more effective for our use case.

We propose adding the ability to visually highlight separate target maturity levels per category and per team/team group on the circular heatmap. This enhancement will help teams focus on specific maturity goals efficiently and allow for more tailored insights.

Example Use Case
A team sets distinct target maturity levels for different categories:
Team A Targets:
Level 3 for "Build"
Level 4 for "Deployment"
Level 2 for "Patch Management"

Activities at the specified target levels for each category will be highlighted (e.g., using a different color ).
The target levels can be defined in the meta.yaml with configurations for each category and team.

target_maturity:
  build:
    team_a: 3
    team_b: 2
  deployment:
    team_a: 4
    team_b: 3
  patch_management:
    team_a: 2
    team_b: 3

[vbakke]

Hmm... visualization lots of teams have a wide variety of target levels will be quite messy.

I do see the need to differentiate what target level each team should be at. But then I feel it would be better to define a smaller number of target levels within the organization. And then match each team to that specific level of "excellence". This will be more maintainable for the administrators of the chart as well.

As for the visualization part, I think it would be better to shade the sectors above the target level to a lighter grey, to indicate that they are "not relevant" (in the given circumstance). But visualizing more than one target level at the same time will be tricky. In your sample you have shown the targets for team_a. What about team_b? Or the five other teams you have defined?

[wurstbrot]

Hi,

currently, I am using a lightweight approach for my appsec programs. I remove all activities not to be implemented. But I am not having the mentioned view per team (I like to use team==application).

To visualize different target maturities per team might need a new page with the radar with heatmap in which only one team is selectable. Not applicable levels can be shown e.g. as dark gray.

[0xj4f]

@vbakke I agree having lots of teams to visualize will make a noise and a mess instead of giving clarity.
This was the team members that I only had in mind

  teams: ['Front End Web', 'Back End Web', 'Mobile', 'Infrastructure']
  teamGroups:
    GroupA: ['Front End Web', 'Back End Web']
    GroupB: ['Front End Web', 'Mobile']
    GroupC: ['Back End Web', 'Infrastructure']

But thanks to @wurstbrot idea to keeping it lightweight, maybe we'll just use one DSOMM application per project.
then have a process to collate them in a centralized DSOMM with group filters to check all projects.

So maybe instead of having Target Maturity Level Highlight per team, we just need target maturity per category only.
like this

target_maturity:
  build: 3
  deployment: 4
  patch_management: 2

Maybe having a thick borders will suffice or even graying out levels that is not our target.
what do you think ?

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. 📆 It will be closed automatically in one week if no further activity occurs.

[github-actions]

This issue was closed because it has been stalled for 7 days with no activity.