Remediation instructions should be permalinks

Question

Remediation instructions should be permalinks

Closed this issue 2 years ago · 3 comments

On the aquasec website listing the issues and their remediation, it is currently not possible to give a link pointing to the exact subsection.

For example, it is only possible to link the "Code Changes" (https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1) page, but not to point directly to the "1.1.3 Ensure any change to code receives approval of two strongly authenticated users" item.

Then this permalink should be used in the "Url" value of the report file generated by chain-bench.

Answer 1 · 2022-06-28T14:16:20.000Z

Could you please elaborate on the scenario you are trying to achieve?
AVD standard is ta page per sub-control(X.x), in addition, you have the same information within the generated report.

Answer 2 · 2022-06-28T14:27:15.000Z

Absolutely! My point is that the URL which is provided with a result should point to the exact remediation sub-section instead of the section page itself.

A solution would be to add an anchor at the end of the link. As a result, https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1 would become https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1#ensure-linear-history-is-required and the user would land exactly where it should instead of arriving at the top of the page.

Answer 3 · 2022-06-29T08:10:10.000Z

@morwn Please take it with @owenrumney and see how we can extend AVD to include specific link target.