From 3fddf1a9542225386cbaef8c2e06cef23dce98f9 Mon Sep 17 00:00:00 2001
From: Ankur Kothiwal <ankur.kothiwal@cern.com>
Date: Thu, 22 May 2025 16:48:15 +0200
Subject: [PATCH] add proposal for adding project-scoped securityhub support

Signed-off-by: Ankur Kothiwal <ankur.kothiwal@cern.com>
---
 .../images/securityhub/securityhub-4.png      | Bin 0 -> 17164 bytes
 proposals/project_scoped_security_hub .md     | 174 ++++++++++++++++++
 2 files changed, 174 insertions(+)
 create mode 100644 proposals/images/securityhub/securityhub-4.png
 create mode 100644 proposals/project_scoped_security_hub .md

diff --git a/proposals/images/securityhub/securityhub-4.png b/proposals/images/securityhub/securityhub-4.png
new file mode 100644
index 0000000000000000000000000000000000000000..097709e5f29c5372d34b879ac83597cd850f9ec2
GIT binary patch
literal 17164
zcmeIabx>Ao^gsI20s_)VDj-OMQX-uSBGM>bf^;L2B8`*?s3@T#UD6>hA%cPu(%s$N
z{MPn-@4t8E-nldPcV{l+91q9sd-mSXde-{XL->RHN<;*-1Sk}W=<XeP4HOD%2>$)o
z1zh;&BMwm+_zl}t_O8|i`0}}65eDC1c2m%E({z07=4t9;iL!EVw72AOHFvSJba1tH
zbX&(lOTtCG$VGB4mZok`938G`J+Ze$X<56wxLTNcUAb}NiYoFO{|%ul{DNYFH^px7
zUwNP^fA`WJ3Uvi_S6)Wz>HC#YPb~^vI@}E_4noX8WpZ`9FunRKm=Tmh5r*N)m)erT
z^voj-KPiR_(2{$z$k=5SfB!x}r&x^Ac|dXL0X8-vCg#`Ir)Lu@Aw()n*uS@Lhq{`0
zJYM@i>7M%5dz|al9afD?r2oF+u4v^{W6A&b#YB#4&-~vPhJZEse^=m#$s~vU`?@22
zap-@p#5C(<`|m=sOD}}~=c58>O2hxV68n3a>VH?VUishSBOknd;bCFHDkvy;g(|YE
z$W+e4%1T!eeTjjANLBT>vSTJ|s_)+A?`8t<%f-bd=QD}co2sf?@SWu0OuVwA?POyx
zKR<tc{d26ixVUt;)ZOL&Hh;B0sZxb*si7oHA61iu`Gtg<*U{%j9KOF>TahbGO-uq5
zBB`{M>HfV8t=b!S_O7n3JFCOgsMy%pfERcq1Y;bifg)3^t*tE-ik$s^P<8dQj8ZwR
z_eDkgc}Cx8v$L~B-IpjlR)@6LTz!vMD=rWcHbqkN@mv0SO}1}bY=)D_XB;izz4y90
z%CN>`vL{>fj;d;Nj&|-PDk`0|Gcsgt)DK_VE*!ug&5jr9SKKf9)B5@IXOsCqA5a0b
zLN+ENmCk_`GFr6N)zuF)HRI3o3JZ<bTq(uN?|%@xwswBHKb~~Un%YiIRh0-Xv0P^T
zx8B-s9{sGLn46iwwzah#sqrMKa2)?J+m_T-<!aR+Hak82qO?>HRo@!N!bRZ_#@X1@
zL*eJ=H&EruPESwI@3zqCl4^UnHH!*J;xpD6Dq2gI3!U1WZmD#h#{Kc~GM1+1U*#vE
z|H>&sryz}JMyhvjV*?c{C8eE}_8~br5?(k4N}idt?r4ci=8uY&5xmVG6Adr8d{TzW
zY|W>CL}Bh^Su@97*q-~H+avt%ld_)97Kp7aEfJWTo1^NB&0ApodG3TpGfG5cs-<G0
zp6xE-sHmvG$Ng8mJCd(&TiaS&o17eMq5^7b#T!z3DBo`zI`NABSMyz=X(Mti7|5UN
zmDx~^ee=dMHa6yd`1P}Fb5dYnpwsD*J4(7Ok!N!;Ggaracdx9G5o6$s7tZ@@hP6J2
zWVE!j);(FIVr~m4a&mH+p*w17N={DvjFLWKGcy*}*4Fg{12m~VTlkO4?Ktkx;Yj$O
z(Tg~a$!lp*JSw$*o+9C$`1GElBJSEq)r*Y{r`l(`1YTZVo&EhvC69kkOiZAP^|-B>
z;Ax$we-MfL9#N2mV;>zI6@C3GTjQ}x5s|EJ3gukswaqp)Jsp>jfFmIxA!yroadoIn
zF8@&(r_Y)9{@PVmR_u;csn9#Df$8a2xp{a@&CQ#n=#c$?bX{vfGavrz$jC^Mc?<F9
zj11G3Xofe!_K&JMbo(*~LqbCC+`aq!(<hdb)6=$|zTpbT*@V<kBD#=o-usD*2Z265
zKK!PQ*r<9~e}1P4Y1o&@+UeDJ@Q{&_5iqcjg>S&SGn@UDU_DyxUNuAn8-PUWB;b=$
z3{_Q~D_kq!ck=Y!J3;(+@7`sI6~eAfk@Ss7<k6q{^WpZ^DlF`e7^$<cwj{o`B%|Y{
z+`@>9LyL=xqD~ViVn*>Wl_XxuDq^oFS|NU$p6l(YQs~C!8rat{P|MRxy}8Q9A~$XX
zhKAxj{`3CfQnKuyKYuEnCNZ_Nwd3BteYjSKgN<GP^Cv#4$Zb)BTdzoZa#z6ohsk)I
zZ*X*t(_~;b9VwlNLr`X>Rr;!sO^>vL18=qGdbDQd{e&DxSdF^6x`A4+n~dU5)7+Sf
z^<GN)9+^O|u{1)9i-=Ie>uOPxIt^l1OSwL(q@;ugZ|z5tv0pf>yeunOLN*by3Llp~
zLKRvP;7&!+i7<<ZR2a;MM@BZqu_&QXxVX490%r0GH9D44Q&XMA=1T1!ZtGsP$jv(0
z_E5>tcz??kH#$0cV{ec5@8LBvd@61|6dfJi!QmlC&`O{^O4`j$aPD_<Xu16`Gb`(7
zgZ}u$L|hROk&86^s3cy)SD|*6t3UG$Yp7s9HV5I8JDr_)d9~`Ot3R)+lib<anUUeV
zd6OKTLut6&-Wi_EWmf<m3^t`)s-!Q4Y<W&jPNU!5yLa`Vm*wT>J3~)!Dcdc^CngTb
z&*%Aa@2$pl3+j{YggdMU(=k#|(*cfkhhKX9`!zK*I`j2K?j;MWUbTpnXAb5+-CNbC
zm-L}IJ=%To;RC~;6bbzXE*9hs<<L?xW)9|PbM34Ql0)Nbif32bm{0XLYmL2XDcSKw
zHF?Ig{qNtB9yR0K<kzn$c9wbxVTbeIxY77Vz<gqADv(X}T^e-Zr@Kp(1qM}t?#q3X
zzY@5f?yoVhsinMxj+11wm<1irXK&DIi~V3}Y01ge^+jYP;mXQNT47<#`}g$Uo0}(L
zK7>?Mh+tx2kzT%x&(6;NUfhe!!^0z^F6HIRi=wx0vs}M^0cB!tj-{)syR*=RwY${&
z;`#IE-P16YHjZ{}QPRhIs{(cd{BDcgIQjY&iJ{}|?f0;;u}%JdQ5E$&5q%XOFJRqy
z#h}^^-+s89$DIi#&LlhlJTX*^DLgQZkPQX&U=x^5D=T*5J_nclPd4#{9mifmD`u9I
zWb{4SX?Tu>*I8(c)~L{a8$!$w0VUApzqhp|d;dQ1JHaP`U7wVwhtS;q(F%t!9|WH5
zSX)?HVxZm$*@obgv!yA;Fj|jP3J3}bZO;9sL#9JZ3{xmPc=zAGo3MQ+e#WzJ?C$bx
zJtmAjx4QXs0~tbcetv`3!*GdcrM0ywp&~925Ht>!SZxkFqJIt#mp=KcB;Xr_^zk!q
zd9rZ%M_uvn#oP(7@QATdZYu+%)O<$Ve>Y)gTX%oPhqrK*DiWD}IfrfQ<_iZ_slFlR
zEzuaQBp-gw#Zu9Wja53E%PT3F!}Nt;FKUS_YinzZ>;`Y30tyOvk%oG-yG&i>4-X8t
z#OmK|WosJ=gEsBS-!IKZ%LRrtFoP*-z4wWs7Mg!2i<nwl>&=|ughqQV_25InheBHv
zwi`fEQzw}XzxoM~U}dmG0D7I?!-ol#=OILN8@v6+Sg3cx_7Q*v%;uM=R;B|mur}cR
zq`~MNK>JHoyD#g^ICF4tIC*-uyuE1!xb)GZN|#yX;--C-n{GZ(>2HK=sZbL$KjRl*
zP11dpX~oVQg>3ueb#!#zh6G?`Fp2qXPATlHk24Jp4nEM;4NXd-hI-erbGm=;-uEz4
zmYGi&iQEqZg9)jrs?K48Z8lRIqgsvG>^o8<n*X%;Ly6aZ`&Mi}Ec{-=Tc=12_up(>
z*9;Dg#*$ti`!=gKg^7vj1Uvc$1KPHqmzA9z3l&1bbSC3p37sVb_JGIwn4w)OE&_%o
z{m+k?P*;S6C~f--cs$Ovb9H{odF-!^POh&To53~k6w`p69;mA~Y|nQHc<-%f7^=w1
zV)~u#>h=^GGc`0cWDpNZ`vr`aKGDpU6^@naAMWj?L~R^wn$wFqrD?S^fB$aMo1+a=
zumyT}B+(!$Ei*F|=Ebi}HVX?2q|^wSCeI0tzC8<u|67~f-eglKH0_sWa>6JYI=X2<
zN(&=ZH&GKc>veKZpFWK{W|DYDA$@k~44Pbm-p+kZO>$%3T}oLwIjIGIJftKS(5kU%
zJY?Y%b2il6HacY4S`kEa!ma*iok=@T^G(n`l`nGNFfuaQGTjO#X5e%|9~?aO0dR#v
z-Mo2|Ui|4LzycX-y3iE)eUIEw^=GHYkwi*2zLMg?X7c4rx7wU)-nvzTN5aV6D{%Sp
z<yhs6gTwjMuDpjO8VsMld<lVj`{}4LQtMSRuzzM=3YE;t#)jF7em=djVz6Z1+uJ)i
zKaa=2z%Vm2Q{UE>+v=Mt;f;&R0@zsm={oWdVUlct*!C!zTP~kZ@Ymp_kTNkD=S<&!
zFZ#T-^$tq9zre7~;CE&9<y$VS(At&1p#eOcESmWE)QX>+3`4QbY+FMwQR;!4YWGbR
zabzqlEsae|!ee4e)nK^kwPm5Fub)(vzh&K*cNqW-1`4U=?3m@wbS%m9lkFR28TtA7
zMSI6cyKy@SU4ix6lJW<DdGEbwar->Ku<(!99Ga+^j_t(XE$1S>zP_kKwN6+atv`(a
z_=>L{HsKJ=*?Pc{C=^uuz*kF^>}Y+o-?x)vlG7)`0U9I;ysh2c8fT{fqY1w8CMeI!
zWiR&^@}-g(>y+8_%0fwFNK3BQvVKipU5~UYaI>-D)X>yaaetYdtY0;>)b%O!<Qv*!
z^--M2ElFWmoP_bxx1!Ew*-FMI$#z-(u<_z38!emLKWlKnHi(Az>QbhFY?_^`q}<k6
z^`Gy?rxg?sqmY^FVsG^}HujR&WGM_7t>mQ+N_8#DwW*#QZI!cc+$c(l%a=Kru6EXV
zuDjr|TtQ=sqTq90({RJ)0U#9VQh_tW=U(o2`fO)ylrAwbF-tp_%FW$f9qs2UDkf&u
z{zhP+(wW6!yp9Me5~fsJOv3MBzPnzI;wWjrC>S$%G7l|xV@5Mnl4i!+3ee(@%51JN
zJyh?xfUTyccKG`x@DQJ^pX?huJKtA_E80eR5#X!tt~)vVjo^lWKtpG`T(RT0WUb#R
zEo{~2fOF!Gso%Gq_UamIUzhf42Pk{}T#}cUm`f+``hL~gIGXQVQe2$=$B!QhYx;4w
z%Al0>>U?hX<?FK>m*=N>u8&>i;J}AnK2YJvgi3Q5ttQz1lfba=XjV)E!;s5UijX*x
z?|1EP%=4A~yK-_^w>?&}I;&vR#3d%`%oJ?^rJ2}S{EKwV1TNj!4<CpCk{=u$HU9cV
z&=f+{1b1xe;9!*Q_m2W=vj^hZqX4kJ6Bo4~D8c|d8Bblwd0jw2U6THhni>i81=4CR
zrl`PeW3>-r+FvqKBFL$!byt>~c?z}P14>6A#nr1<x9s=!_7=J`2x*1wF7WX1K&P4L
z&DDK+w8H@p9RrIj?tfO>Zr=+-+ralV$J3jWFf=H|`a@;+j$bDv1j7;#xZHo(b<^_R
zy?ah;Be#&IkgHqx127+ICdL{cAHQL$Invb9GMJP_aUznh?t1YfssEOP{b{EI40|#6
zr64Zdf(htqqP|C^-4Q<kbj6dzGv4;#c5`zJTKlCWHyA~5wbu7oXTue^o5{vR!&dBQ
zov*hYJiGl+DaU4ITG|z#?cX8?$Lna7(G;ym#g-F<jK&YwUEMV=_rFa^F<M#X<m7a6
zcMs0Z<#HIS4F}>iHBfB6b!!-2!y74oNx<GAh3GR{*ZDs@n%chqLDbJ0KWx+htDX5a
zm|5L;`0(LCo$u{{lU;Yfwg#6+53E}`MX(N41n#nu$<&F9i({|n#>9}on8igcjH9Ih
z%j?2;*h)?DT<F9=xQV8Bcz8G^!7xr_2jzRNbAk9?($2qs<#cosub@@bQp7pjkIT!;
z^{QO1A@BdT=bA~^M+NK7Gz`=gK%~%#7Y0k%ySuwNXOI5L7M%JS*sB;=xM{$ZPyul7
zlMOHM2nyGSD@Xv0paS5#HYtmEm#@krs7o|7dchJLgK$?EGkhQh6ryFhsdR0;$-+N>
zzq-*}<-K2UavVYBcl@B$;W4mnt;1LPJo@F|VF5`Q8KW6)d$ji3qMfG|s}dRhL#V`@
z*Q|51vReBGa0sM&c@JD0GRG~i5hBCiQgRO(;jF{HukAq5Re)cZD4-y+;Z1J2%0@;h
zweL#f<Kty<Hh;MRVsv5hp8AfDIz*QMtdw=nezc4<tYfM3lM({&EfQ^Q?aG=OsB*e2
zV-Tw*fH8+fMC44RAcaJlV3?6`cs721hG%GKhzdweO%)$Vk@9CuPftf}5nB9AOy(qc
zcr|xn!TJvCs~ZgZMGyKz>qkc!r2VdPIXbR$u0^>(`;6Bm;B%D84b<*ZY3t}HG_e10
z%T>|nNv&KcF(7KrelJPE)8l>MV`b2|EFM4BagI4tuW&GgZiOX%c5)cVLj2!2qDY`B
zwe8Cb=R=>6N&BJVfB&RfdLoP(7#IM6qMVbLP$}XtqL*GiUIBQr&Cvjvr@dQuQxg-Z
zVDO-%jb?JV5f%=d;sz5nJv}$mSEEOO5D$O_&Pb`f6U=U3)hYkQ`R5CiGJ5axXI5^5
z$|8*+jzU0ZztDWEkCy&{o!+|{yao~g_p)+wFj3_WqY<5*54^4jgWwZ;RgTl`EU<;o
zsJ604Z4Tyq2+S3otkwN|z;H<Q1)OXMShQXWwnQtl0Jt9aKlcsha;H`jmYoEIxn(+&
zv3YXn`ttJ4FYUg6ySoGLur>lvB<#h!t_;`{#zGLhZq#AImelb|$&IpO$ySF)tgNgT
z{MK%{&LL<NwdE-G(;+A!81OaVR?V5^Teoh#f#GXrX7<Z%EFb`NxNl(mPsEdyPoORR
z-QLa*3;}g0^Q*a8f$=jC7=tzUca}%{>wJaQrxOiWFKGlm4ji^sRaNPgJSO_0mdeZ5
zw|8}OW1~Jx{SyjhYHC_kQWCFwz<b}rL)c?&1RoC%4-q{YS@0uR=$fx2C{HdeMF8Ya
zdfE;MesW<U3;@KNckdFjzbQu1n*Moz>*@9!QMJcv1ne`)8h>SFf{=@snT?kXRa6Ma
z#>O6~XZN59X3d^F!AD&nA!%s}CBc!XfMq477rnwHD+x<+51Mh^jFB^=#IqpihbCJy
zKNp58_!=7<U$0dF7eCqgt7iT83sK$ap1v2x_o)*A+gn|1j~_o?fM#{MAOb0|tY=v}
zZtDC!KU3_U*xH(}3=~sJRzyS)?5z&7Gimsq95_R*)ejHT6&Dw`wzbJUe$2+q!cq+T
zR#a5f1WFYEbqlOH=ZK&7K(#xU;!7F~R9IA0aC|&DNFp2k#{NHFyv!rphx*)v8)#~5
z#Du*kXJ*D6a5C{BDM^>(lupt|^k`=h>&kh@a9<x4AvN#!(HhUV<YcaKJ~lR75D1)H
zTx8LHryDDSH(xSIF#_Y^c1;G|BDkdFrUtO!LSw1Q>guV3&1r<52AnJt5fL?ej{AmE
z@jOCCA!;jfadqq)9Uv1-gQ^VxCB#?Gal1Aqn@H*DUjhe&A~yliO%!-o@E=Ee`zT;a
zKj;5Cj#g75O$$^IQZh2;Lhso3?_WaY+YOcC!%fI13)?#_bY4Xr`r}2?-epcuPS44S
z05<BgKk8`>vjmnp7={-!C#SNX0W2|eOFU0cPlO`3{`nK~?j0?VPHrYrIb@UVT+JR}
znblYTC<v7K5(Ne8xG>Pl22PFS<mBlNsq>(kn%f{@Tp}lDF;3D~P{??Y*3;h~nwrW4
zxQ6}C@p^J~wV02uuc?()C=iXS5)up`%>Dovi*X(O_$`n)6A+PTgzfY)_M8FxfGmQI
zKwIG5h|&s^HY6v9(+1kj&W;<%P;L9vk<EIwPX!)#q(m+L%}lD2faXbm%LN;FNeh78
z4VaMA`{VveXdV8Ewl{CyAd>0=0GX=7lCNG*pPB%xL8LW+Ko>x}36p0&%!-Bg(b&~h
z-2Mqg;Ns@?z09_MVsi31h*K=W!pPdc?il7>IwcR62l=20WZVdDW_X+9rk!arZzQ~h
zVIGF$<#7YiLE#b8$F6@`IYH1a43tiI02gEGe|SLq8Q-)ep=2*rxIBSER?r0OzljNx
zmkhV5-o1ObwTgq430p~ALIRN?MQ`20AM(?FBkpwrM5qAhCk^%W(siffS8E>sen-P^
zf&%syRa8`@Ofo2a=Iy()p#Id``;*u9+}0{I2-wF_;ugRR=s>;x4p4yK>d$)u%5y->
zO;9(^D+2<sRj!vljD7wbWA4v~NPx0B%dtc=;{gXSH78b9xX0ND2N6W!;zDN8>J8h&
z`G3F<Oi8T+*Mt4zegN_9?}P~V*T+K(3mwA~hE`Wsofo^W8Pxe)URzrW-s5}fXK!y0
zlZ{1Ckb;+&m$HucAMD6s2D2kU_i`@5=giD$P;8)^C_Q>a3uvgb*2~omsQS>*koM>|
z<+%9x7y1<rlfZzHT?9^niJ4g-%z;MOlpyD5522x)m_<ct0Cphd3(u36muF&Yt3T;=
zq~HZOufP}`Juskmhm~w$dASMTCdjC{Tl=5H0e?rq@=O7O29rPm-d0zd%nRiwTvxAR
zfVdMD9sL7d3kWiZ3Je`54X7!lScMj+g0=N^q`}R1q_RLggPLj$2tW)FuhXZONCR7t
z+wH>nAJgVzj@GF%&;QsqzV-hbyD|UY@QnWdyNvta+0y%eVR_1O)=>X&a@;*V4bC4-
z#EK7A2xsQB-5s-XvT{%!L>G%!OFXPiKkN67a@>rQXO7cxXGgYaSXkpLjV{0G%NEKm
zxz$`+sy&x-r;c75F&PZZbvh%RiaCc0KJO37AhWu*XK)Ty+=aKV3|>mn8}v$W-25L8
zHHRwD%y`D1Wj0Me@MIsF@g|1pe?II-o9C`y@4hA3+z<SJ%B{`TcK@erh2_XL4r8wn
zj)oEnP&@H0GQR4LN1+sl6pMtvD()+ePWBBEv5B#1kNlkib@U<$ljQfmnQEILRYM;P
zYc>Nh4G%z9QE90>sFk_Z$@1qM%;ECP`Ahfz5%6z(uMF_14*42~=xo(>GkK5nca-R+
zg{`%6Nm;AN<gY1BDvl7nj~0&-yi5D#_PtPD5xy|(X6;dT9AIS|`};~@>q0j-F*U^i
zp9_Q&LYPW-?%!85FrWvlX8QPX2xtfmt*u!(HHO@qwOHDtI5}TfxeRlw2`wA{^Qq4-
zSEP(LCi(k?C%xs{^o?2H%=n#jC;s!K&5HJjS~UreJCC4<b@ZRdAL7`5H*KMl%-!p4
z1oKBJB(Z!u%N>Su>abDLckWz(F^mgi2+{3@g@t49umTiR(9j_3>FotC7!msJWN4g#
zU=D!-M1BD-uiZP!NA^OPa#oITh+gbIf`kPB$oc;tS%7nVxHH*tU*E28&YpHmMGVf_
z&Q7-`0@01<vK~g|jdj(u)lL;IEmH-NlMb`dq@hY_>veUalO7*`HI;K)RM-uYVc}ks
z1_=w0a{yR`GqbZCE4k_E7+hRjZmUC-fC)u?4){@8%SDC{LmnlkI}&P^^7qN9m`hkZ
zo@eIfz}cUQpCmt^@tls&t&ZFwog`niVFURV_Q4%xWm)*-o!wniJG+;l*~xJi7&Rpz
z<t|A9tGeP}*22z~Y7*1N`1Eu&_!@PRbi|Ytfo-m>`FZE*!dT^PyNY319L@{$bb6Le
zt?{p3ZM5;B>tS%h1V{7-XV5&!Vl)9`gJ{zQg1y~%9RpyDg2bj)uIX@(d|ESl`q9f0
zJolV<#WDI*Yvnge`XA_$ric5fUbHvIt-(Fg^WDUlV?^U{{8ca8NtfvIE0nnn{u8)@
zA>b5pb90aBmh>6{(TZl0iUyB_Sy)(SQ4-*Yb#D$OK=@A3%9YnOm;3U8w-*$t>gyvg
z8bM12hQa3w0B4ne1Nj}ViZpcaZ2wi0N(V**?1;;G9D!0TEqJ<xMm$>u>)<2BzIhV{
z#vlHuHtct@&iC7{PDh(hM&3H%Me=etF6HJDu5Lr&UGS%j=29!XZbvN>WX=-ZAUlqk
zFH-U2vqyYUPD{>yuR9L<bdPSV*6RgWEfbBwgq6>BZQe#R0iK1Wa6a03a*;u-^wqP6
zezJJ>JjJw_nYWrM9}~UYBCO92-BjLR9<62cJO9Xa;-JtpU9lXv_dIAb9cPt*gaPe;
zE;-l!R&zxXjDAFa1Jkzn$zQg^4isW`Aa+S#-a`Otn1~E{1*|Gi<m4(GMmdL?H3q+V
zi|nnB#{kMVhnri^P(_7-3kiw`!f#Ol@Vf2n?M-cLB0yujDj+~AARqvD&M7M^dx?xJ
z5czBH;SV%(N8--EJ=<*r6JS<~osDg(J3|GrtPl_df*!$8N_I8}xMA25^XSu)?T*f#
z9&YVU+yH>ZFX?ZQ^%oi|ftkx$<_Nc_b&G6_&15yIOmylQ_WY*~E-(Z52VD5qu8na~
zlxD<EZOf&y*gT^6G4!$-`j0@9=@0Kh#WNsU@`{R$U@LTWby*S*q7a$`MkA7cc)GVT
zsAL@Fv;4rjr>{HU_q*w*iLcaW{4$xE&C_C}?t6Q*G`GsHe4{*N^uEjVX<tmK2GAS?
zD_($ITzm{dun9;cMHLnPjxsfz@(K#34S_g!R8-_L?|<M2!UHUsbJVl@^W6&<F9sDB
z^6?tiy#z-R=ruNg_k=#Qu>DZ|-@lrs!y@B8FTm+RXegq_MMXuKtmZ$`7V-><G`Fw_
z%F4P9RxdS3+l5PO53YF~Ze2sw*Vm^FoEoA1qDDpxXlQBcVjM_G<D~b3*W^mXe)E5K
zxsX@>+R<T4|EIo>|DkvLq9~qzV1<eCf@Hg$l;%VV)jH6rEX_<}NC6aEwk5iJkYkRU
z*qUtvPR#<`WKSJ$^^fXH{$J(zVvgdPcCCrGs8a&mlbELFWy(d#wkX~XRzU$e7*R(`
zmIWGO`QEwOd^*puf&cP*bbU+fPfdDmA4_FNH#>u!`4GqZqrv@yvCPJ)z4_O4NUS4m
z1^6Z^C*9(Xv$MluzYQ6hCTkI}*8TooeC&KM*Tca2<r~-5!PxI*(?`@Q1AT>948^pJ
ztY1uYohZtUBBednq_)qzAHA7aIbb|6I~O{@mEd(tQAmAcTIEWomw!f>-Z4%wIOhL6
z;sHCtUVzrW_B#a?0Tlo|+63G%u&9F{{Prt?V8YB*@5Uf}5IgH+TkG7HsZLH#ViObD
z#veO6#-#e6T?Q$&0jOS)%j_>%9KNwo@a|+mOlH6T9))@@=}QY@_LC=1kmL_|-rzl5
zJUnw8t8F+r+y-qr8a7D7*chm`E7#qOzzD9a;X1>LOG$|aUYq`~<Z;%+5;nLdn92V{
zebHU&+0F$PrRdi&xC_0x)UahSW=KlNBAf4kzX$9ed{7mklW%^fM~KCah*#4sF-c3O
z_@JwRK0yS7U}0(LqxvUBy&@BguO;UkU$+*zSYUL&7j?#z3%Mu*YAeuBEYQX-fwENT
zz0V6lnPB85M@Hzu<<S}H1MwQD+(j^CpsE_1n{h}O#jk5iEixgS960c+SFa*Q=9?p_
zFAx*|m~II^*Srd`g;m*hoXT>K=BP@#3#tS>`(7TSqrte(h)itFA^~k+ub3_(p%qZf
zVVWBhpIar&tc}(nD(~aRUjn}6`u!*qX<<q)t|T)&+PC?c?cGV1n;w&~6>99O|7L0>
zh|$_KFVeTde8Q6pch}9<<hW>0bgj#9QDE^Ey<H7e`p)v>m0Yqy43wDQji9o-t7OMa
zXUy7uYYZ|mn}WBnriYSQte+XvEK>MMXXY?BCU&ei|0=mHCMZ}xu73Amb&Y(%*4E_o
z(rts}rHc}(yJW)|jo98F!3I>WW$}RM54Uk0JsTU_!EBQ8>$MV)Y)7hG@euJi3|1o@
zq0mLVw>u!Gafy-=2Sgii$IJmd@CzJT9sB_ia1*q+dnw|VzkK;J0NwQ>5s`rB+6Y<U
zH8C+-NlD448xt5dJz38|tuhDg6sZc7$>3K@BtwNuOdkeuDlYmOukFY5QhxOJ@81Wj
zII(+ses<P$u{#4=&Wp@UcHE0J53Ez6kVrvjMs3Y^w?gV@0xb9DKpa9)VS+%Z<*GfC
z1odKJVS(bP#S7X^rQ0Iej~FICrf?+221~-i$47GWal175E6%%1+DNPPKR>PLuIGu5
zi+he-aO>7(2q?&XQjBssKl4Qd7ig^mrBC90jQ#!nD=RDOfBe8jG??;oVMK5MA$|fZ
z(1oEguKOwC;h^x<|Ncz`SSFyj*g3nv^Ve$*QP;VPh={R0r`iK0GH?pm^ChUApbSz{
zQBfgvO2ub{=v#S4`J!6(AhPLwwZKP$4$u@4u@830>vO|F$fO~GADE`n;3t9hmB3Wv
zf9{9qB@PY_8ygz|^2`m6=+hABaLiY(1h`-NRo~rBCL<$L={iq5RBo@o@N*9&9OvUb
z`>gEjbnvvbdsLX2ISak-?(=s!F#l2dP}u2ZWLej^8Z>NejFun{WuVIP%-9E%47$-3
zPR<<J`Je6W^5Am=mc?FrxZ9HvE>L${cjvE}W%t*w&O&oI@7trCS!bT4_b2U@|5(0=
zKXm4XiJyI#8r-WTe^9Nj!fJKrb;`Et7i@Ck(d(|~HOc+K!Rfq#=EmvJXP<iTx4dSN
zX=ZfgnX^nUXA^s5vTe2ZX8e=T;}g=njd!}KYWxjdn8%JS_1hCfpDkylXf#N}`9I}e
zqwVXHu}L&j@Z<boQ&F1~9ZigQx^ZzB?(XhT5z^3}&W<20QUuojVaMCIZ~p-|5SG9L
zR=jG5btq?t^c<KsfX#Ei?@dol@q6#tf$R@)lu1xJMZLCI!AUO$N7dTKrg3oaGKl&C
zXtdOiXa=rSE+p&6rMor113p_xt1z^;O&HIhS|O5{@_unqk@SNHmmoy(Xh8^W37M0O
zjEtf#GZ$bB92lLa*LtkdBGIP;!`s2DAYDTT0v#p9CmE_=OH0cM>b0lfgFkhF|M}U%
zXpPAG4<EWRRH%I*2cbOt5Uj}?H*Q=4@8FyP@u80PRwIcS#Oj-x5QvXtEkP3R%v57q
z0fCj1^AJl2ghoiITsYLi0X_m<R8LP2$-`vS8O7ZRGWI*f0aprY3W*<HAq$Tf@dwm{
z43d+1C@**sSU0Wyd<RrV=|_@z?=7=`gcP_3K|w*_*%N{oOmo8m0zxybaexoLgMlzB
za~u59cs5my0o<AK*Un&j)_QF_!37$|)BYb|y;fFNNulL{xWy5)3K5?vkSLKL$cGQ3
zO6Tc8VGHK3U#DRE^7yi%kF5^Bbm;p><FB$^U+Evp5*nhZkYO*mzh$qHO;OVEN72d0
zPdeO-9P6gUP1cO0^Kch0@awFfJeeH5-F&tF*|TRfg4VGoH#^ammX?#?EfJJC0T#rv
zw_jCWb=1Du*(dFzJeWE(9_<~a<DM`d^26P2gY}jn<5!F;>}nBAyd!*`Qjs_6<Zhw@
zS{(a}{k5!Kezgz0<v*$z^4U%(s@#C6<&{z2LZ8;=RZVhVhIVJ0@PGwsnnmh>5zMBs
z?avx{n<Tjh3MZlX!fpnf2~*%cD5JlA{i^Jna=1O;_97`NiU<JQ3z%1!C`Kv2mr#IM
ztxS(0$KwDE0Sh9Aa-dX0*rZ=}{<i;_xSgF{5p+;U_N9H_`}Fan$&)AHpi53b+6J*$
zkoF6b-(mF&aNGC=1?7Pc1->}1;&Ovt0KQ*+XJ^sCuL-4S`sbid*PU#&G4DUDcH;oH
zK@6rzM&a_p0@B!E-#|ON7v8VU2)F=nbG$#evUFhc2Sa`a(pm%(;l|~5Z)IDFVQhmM
zU2N7&;MJPA2>lU~6RvrX>wPi|*-uDSHA5IE{o}_#2;}}k(~3B}1S4t^bZWd<|Ls}G
zEhDiJ!c)Azc@J-19V39iOA{CzpxSac7nD~&o17E^o-PNEldin>Pl2uSJ>FBU0NYi@
z)V>{bf7tTW1qB5J>%Sr8Gzsc8a2ns8riP#|`T0cN-riZcxzkW$prR(oww6~^Shcb-
z9|g?L%t{;1rk;Nqul2?{r|}Oi)V*A|!8#k>SgxYRd-e8yD*LmlZiB2`ozVwF5XF*B
z^@MaU66JjJh9<*!b8|EJ%jn$<4Y1(qIttL9>t9{dukjwcDir5%YDGNFauJcdT)w+J
zF)y>)S>!Q0n#JGU_1z>FxAJV}+S(8HrsHSWZbH4AhwMaczJEsi^Yw)Rq-x1C`*_c#
z$hNYXUf7er&CZ_L$!~L+kB?6#;_(N7X;AeaZhQWK#hx98Hx!PfVfpzlL1v+|yZaTo
zFH4;T@yas_I`cC!f~#ETe}#s_guaYO6Pue22r61zBZhqsAx<RzEb6_NCr<x!4r?Di
zvXwmrTtg&a2|H9h^FBkyF|ZEMEYK!$pn}i(9#%j{FoV2bCA2UAK+5jEmc@_=vm33}
zHcbYz0!ijU`i%0Z<#1fi#!?ey(K~aV56xy{dmA9q<MfCz5UUY6`^)_g5!srVoDxQR
z76(AJfZb|m6ygj*<3ggdkyJc^U|9hcO;}^6<Mf;TMF~oUpxwYFNN}OfII6F0ubX*%
zz1@c6sMlIPKQ|}K948GaC_s7Akl>9&%SoS6gn{p$cqn$>R$5jz2{}#3y-q+KKu`(k
zHZNYhXhd^?&todkEi5bh2y>}7kA2*ObBp4>0w-_BVBcpRU}a4j=NSqqxz8Q2u$yrj
z?i`;M%JAfdZ?AWR06dQKC+6V+WBM>hgeiBS-_g_|?Znm1`Q6g;#AcgdMxm-CSy=pZ
zwfQq@m3!-E;dtR3qO`P;49{aoAAT1ovk5D9x1J2O>iB!3cxOi<qs7N`oWe|-5`Z8E
zYTz<`Fr}|l!vQhX20pj`w>RO@RQv_m_~_w?gdTmGWeilokJ{^h4^bvB4arL#^(w>c
zhL05dg-;8!J>*&<LAJ+2Rr(y>0JfIrmI{V#aQ*zkg5DR)qW0gv2~Vdjt*jsf#RR^s
zG-m<~z6Ka`$NTF@*c%+YwCwEg<^Jvd5iW;;$`$-d2tjrC153=^nDGVg+IqM=zuVU`
z_$y-2faf4PnfDRO0m&;Lc8H0ISwpZP?s<9E{zFb}ztDT-hJ&j3gTj1#g|cd%mINW~
zABQdtf%P$~^8V*pE#b410|AI26T?nj87d=GR8-u`{3yGpsi1%}H#he$l$81^=Q!R4
zqK4MvbrKFEt*PTP6BG3rqoC_J^(ppUh#=t<)T+(1iLh-<ufv*4NhY*qnH3q~()=Li
zehD&T)<;GU!$JBhG&VjvoH2K26UUItqn$Y3&fp8sl{2LL#<OhN8m*#i?Em_8M4}XZ
zlU3hinx1OOXOG^P$i(!$8O^^|cec$YY~ZD}Kx1G0&WGjz-I2j<9VvgP&^czIyfHk=
zjtbCSd?-prMktc3SR|1DV%WJbVXsh*1<NZ-S65pmxB8hA|4r%k<qAD7qsqzE(RZ}e
zv=R3sARY#0j_9+UtOuEz%2ahrP@zk+?q?DfRpJ(M_5`@Hz+p;l`-#DqL13;;e?b&j
znx!_qIi2F0fv@7X=W!`_Ss^z<20&3kS{eoRo}Sq_cwM33aYM$3o`^2d|9bch$m1!1
zYx~Q$){deH(v>sYQG{YJQ6S2n?G}CmzyY*gz{ORqX@*4~keLD#>KYYi?sZjFRRm4I
z)>H0}83%OwGAar&(t_zo0L35d4Ljm2hnAHIf!Wywm`bCUG3{%%`X^i%6M!f<-SH)u
znV(5ji!4R|77>}AACqco=)n+~`epQn0999Xh}khNsZ{?L<uiWj{oMQE4Ui>+04hTA
z3Nfdku&VyR&Aou}L2wrPrFye!lV-c7LeX=(y7JP)>dbx3+xk;pHf(>yBluiWJ#SSF
zcyrNuJ1WR&D`3yh?G{;PVf7I^gqo8~UD`g%Z#;A6xSWN~+bMH>CVW#y^Yq=o)7iL2
zpB4Ll=84CDFQlyg7T9!3>o(`P=x%D7m0PshPZtMl-jMa1_WR-UE1N_CAx?G{VI`CJ
z8EZ@dWJ&wX81vR>64iHt7_sP?Zm8=7KkZUxCwcjx+M$Yj4<7irqrsfz3|fUKJ*t)D
zCFFv!Q9ehDnawH2Izb<^ZV5or(#hGGV>j0LVO$YBW@6F&aX(B$h+mt781r;j*?BP#
zyjYX-vr`3PLh5jNB>o27jo`QKpPxVDs6Su@fDR&OY|Mmk8i#_ZXQ9uZN1R`P(>fd!
zm>e-sQ|8SPlmq4V$+A)bC+vNY!VgYaqZY#aRExOp5W>vR-T`|(xTi-;X84#d2Ubr`
zn6yi&F~5v1<%@XpS?8%<*QW)`$F5s0vB{Y}s}>B!#C3~XL^?QmffO2*WgfYCYg9j>
z3W2s=AR^+?H0=+B(@NEDi-ACa1Rci=CKz@2VvI9Pm&=^!&y1-D-Xw~DuF^DT@#&u@
zZ$DhtNr$EC(V|c?o144qEY3}AWF?ozOqT9$_>Ev+e{aWIIdd+y;4;VgR_g22n<Msg
za!PWC+ua{z)Gzsd!~0mcZ!*Uuf`N)L`pik;7(d8BA0?hm5$XL<Mmu9c7Of@Od&9bI
zPFB+Iga)w9R%~C5CzvETh<^(C4p5F8AtvK=uwjbiM(!!}N4$FbHXP(VX0Svd90tOE
z3(!A|nT~K?Fk6Y?1%|zRDGx{=jM>g?O?J!7gm?+lB#FU->x14b-{X&e6+uE7SSk|C
z0009!{5oPc%e=rfg_N^`4n1A~5bg%}EZA2YTU(95d7lFs`ULq`$O<M=A9wfmHp96J
zr@fVjh=LCXWEx?Wk?cILVfFPquG63FsrCK+)JUoT34{3>YJR!*95NVY=H`^;B$sbs
z!_gchEU~#YtHOHi8gddQgY&yC6`1@XkY(Fj8;yi#G6(xt)NSDs+r2jdFp0Ue=GfsN
zP2tThfd;qGMLi#9ffd!&;-YQYjN^O)J)G2G$>8$bFs+T@qVbIz)7Q$e?UC#FyEvX<
zn_Ff>hzlkR2;~YO9DW4t*;331V*a2kwYIiOgG?H(vh8=V?nvT-RTH_By^W*Kb~dG8
zFM-qw!tYwLDS7X$g#T2+be{M_o-yCu^+0Z7NAk_k;MWKIWjFugp~O}HWIgbYvb8ZY
z$vwKDa<75*yhzsAKj_EDFCk(hcC-mk3(At3oCI!=wtW~*D|^Mc)Kxfc*4vD?&@*ts
zThUEkHOfEYBs)z0O;-j^A4##CK;-HJft*?TRh|4tGKPi>g+|{Ri%gpy6dFk&>OM%f
z$YGmu$MI<7gb!_w-`33Ci;Uuxvi2hOLlodTAbcFsXC2u>H*X?gPRc#XaQT1A7ie%v
zNuglEB#I_!mV3BD1T*-EV;d2(<Uh(TpXpG87=uX8It2#du=LZQM?tWm9#|Bl#HG*N
zf<PHF|NTyApu~#A?_d%S$#m2QU?93lqxWc;t*$|h2N4i`gkd2R7)B_Fd5=up>fzu6
zGLB!;i4cQEQ4bIF%hw(XJ$P=Y!hV<veSUTuNkvj}=}5yV9?(=;(&a+2a|3w)LU;!`
zs{wgLB*_m8h7eU~|1}yB)9|#ut+mx&lkL+t7v}p(*hkf5HC4$Y`FKMp&c&;0&+?p3
zDJ6&`R_Llpe(xrK`lO~LnEUsl(P-_MRX?TMavu@;WQ!2ANd$!o2?-sx{+a@L#{@z)
zkd6<9nnY69`<=r%Ny+TZ8-_{6l}VITzBa+xA9#xQbp*#O<_f*?GdUF3=h(8e<z6=2
z=AE2r5`E7wj>W|{(sFpAd2;USm1+m4+wChum{yF}uIw5Lue9%UWrUNS)t+D6CnJ!$
z$CX1vi#j2tjf^Kbzx+kAZ;XB^hf~i_82i|v<+_CK$*X5H;|-W&{gEBy8XOzVXStOk
zxl$fcPC-r8nyr7d^CZy=GYkv1PfQHFT}Ac#ng%zpYk&WenP*ev7s(3O?=X_nm1E#o
zuT1oKsNI%kZ*3h0xwv{TUVum;CJwyPG>FH8MDY=t0kZSJeL)HZ;w|ZFsgjm;xtaIC
zaNr02b#k;^2&&q1pMtsbvwf+IZ9R*GlIK&AX+J@lLk>WK=A)csbv+WYZPQReMP+5d
zdfdGGUa#?qcznCUAUpzsIK|;JkW6Rfjw2zLskxvCm;3-_m$EN|R~e2;6kBzqnC(A-
zQz~$7LRp+TfH{dVUI3!)B~~2-_UoYGg1oA2?cK1S1szLyyaXzmb5s%z$7KwIyExnS
z9_m89>wAvb!NnaJ#2frwK^I-aq~srYrZ<JgW@o++WZK#0ZAu8EV#Vbs1w*RIyT8aq
zPo@IIpD_C19!ckMuFMyFMNT)tc@rl<7DzlAVw|9wLE}yG7v{YKIs|CgGH}Ez_SLIE
zM7EFs%(T<{C@0y{N_N6^THuG+n@_fy=B<o(&<Qgpu;T~(Z{x1JY-JK1;3`ZG=&|pd
z&wgwiSqtj9Cz^LVxR`j(spLrzP{_1vI!*C2Zrr!YH7vTyK1QTt)R(-z=+#LTj*8iv
z+iJA>Rr~YxMEwVvla2z8A)!tsrxmV@<DcSp@3)kGY8cq`!sA}Fj8b4<zh0Y?%pN@7
zuzbKGNM-Eq5bdBEmHsI`y68Ja`^hw$FphZOjPc}qWhK_QJC)XtZb7I^4myti=`MA-
z-5{o>rsg64;;THpVoVGS4Dja^<0el)5pM=THX>haZFV*o`1d5FloTP!#pNcUy$H!c
zaCP5^Ix{0@;y~2baZdubbAiQu`H;uwa6aj2!Xbgw-VrHFz7n$#7bQk9#szOuT>E0-
zN3`WZ=2%KIGqWby=Ncz&tL$(3g+n`}nM(6>Ph1C&slWmQKq&+MBGh6apgT}4F457!
zlr)m&rfTZ!yhKDRC=JI)K>>4K9TGxL5rY${J$lL<KF^S~#EU}Jl{!X5@$M~@t%?`O
zvunG1UI?(ru+{cVzeiKrCc~M490vfmOy0*w9L^@dNxuhX?sji0D@Bo1Aq=S>(4x{l
zeZsopzq){sMIO7pj|zk*aPDp^^+jMHa>7yYNjElfSVFtLumGeH<ovXil@%x_FH|^?
zs?2ybqg>SLPue%87x_$R+0<nFc~<Ur$FFO^q&>;krwn>-)h5(7!vNb@n$ylu`<if9
zSve5IKA^qoC684R;Br<)){2h){#_o-v4-~ci=fHm?x}svRq4dtYT7%x>ftoz_uRCG
z)}-@{1QFoATDBqjIUHTBtg7N*;52xTgzP#xNFaWN*pL5{N<{R?C!OWR#m{qX&-jwK
zW6^MS3)02UAun*HA3310WBh7E7~@!We-eC&5tZuD&pRjlmY?mhZCPyH9D5iX@<($%
zZ#;Y`{(qixI58ne)y{+?%Y|0o9Euo*PJJ**$TXED12~CZ2q!>dn~{pwAPl4g#L5BB
zMJ9WVA1pZrsnZ>DI4dOJJS7juwaz7W62rpC4MtB;D9n4v&jo<E>Xvpz8WE~#NKjtd
zjch7`J5FJp1U~Z-90ArTG>U@Y9@5?cy?~He(VhMmR1@UHHJn()gzVzeXU}d}Ao;K^
zr3^7#`y57^((Ly8sgnOrj>BODICJ$pBjXxEWgt??0!U0<T|F$OqfpTrGNBNQPrn-v
zK@VFbuEK08V6CYRA7B7=>NMGi^ZvFcF$nNlPgS9HfM}u!hFPwA!X4z=j}a!FUq13%
zYX&2-AWU7ve1QBM*wtL6WB-1BKv!shOmf6lI*vUOvZ4Hvp1#?j6~g*4N5pq=A0ivf
zM|biJ#n3r5((*g%$jVQJx_tb#FDaF`^+EutyxqpMQ>O1Ev#^fvl@Lnq|9|m^5#-?X
zo>$nm2ww<Pr%+^i727!=W0kik;EYLSLPTZ8V)d~>*4)y3i>&^=rux{F&^S{MzA^nK
zFR|!l6zV{!LS_5tdW3yw5y|@PgOTRv7wl0e6Y9C*m}*XzKKEsgm4<3X!vukt(>@hH
zwo(jKfZ@WBtN53zYyESvXu|kRafOjWRrtPouXgu+DrMW(r@WXbQ~>K(IQ&3~D{-Ch
vGbsY(W$EA>GJN=G)E!p%kpDY>&_y2Pu6TVB=PvTIE>L$B?#ma*ngsqY7u9#T

literal 0
HcmV?d00001

diff --git a/proposals/project_scoped_security_hub .md b/proposals/project_scoped_security_hub .md
new file mode 100644
index 00000000..0ef8004e
--- /dev/null
+++ b/proposals/project_scoped_security_hub .md	
@@ -0,0 +1,174 @@
+# Proposal: `Project-level access to Security Hub`
+
+Author: [Ankur Kothiwal](https://github.com/ankurk99/)
+
+## Abstract
+
+This proposal aims to extend Security Hub access from administrators only to project administrators. This will enable project-specific teams to monitor and respond to security vulnerabilities within their own projects without requiring harbor administrator intervention.
+
+## Background
+
+Currently, Harbor's Security Hub dashboard provides valuable insights into detected vulnerabilities across the system but is only accessible to global administrators. This limitation prevents project owners from independently monitoring the security status of their own projects. Project teams need direct access to security information to take timely actions to remediate vulnerabilities.
+
+## Motivation
+
+Allowing project owners to access Security Hub for their own projects will:
+
+1. Improve project-level security visibility without requiring administrator involvement  
+2. Enable decentralized security management and faster response to vulnerabilities  
+3. Allow teams to implement security-focused DevSecOps practices  
+4. Reduce the workload on global administrators  
+5. Bring Security Hub access in line with other project-specific resources like robot accounts and labels
+
+## Goals
+
+* Enable project owners/admins to view Security Hub data limited to their own projects  
+* Security manager role: this role will only be able to access the Security Hub  
+  * Use case: To provide security team access to the Security Hub without the admin access to the whole registry instance  
+* Maintain data isolation between projects  
+* Preserve the global view for system administrators  
+* Modifying filtering  
+* In the current filters, we can only search for single fields \- For eg. We can only search for a specific vulnerability in a specific project. Checking a CVE in multiple projects, or multiple CVEs in a single project is not possible.
+
+![image](images/securityhub/securityhub-1.png)
+
+* Implement consistent permissions that aligns with existing Harbor RBAC  
+* Provide an intuitive user experience for users with access to multiple projects
+
+## Non-Goals
+
+1. Providing Security Hub access to roles other than projectAdmin: Configurable to allow users of the project to have access to Security Hub  
+2. Accordingly modifying “Scanners” and “Vulnerability” under the Interrogation Service  
+   1. Configure the scanner project admins want to use  
+   2. This will include allowing the users to schedule and run “Scan now” on all their projects  
+3. Changing the data collection or presentation of vulnerability information  
+4. Adding new scanning capabilities or integrations
+
+## Proposal / Design Details
+
+### 1\. Permission Model and RBAC
+
+* **Implicit Permission:** The projectAdmin role will implicitly be granted permission to view the Security Hub for the projects they administer.  
+* **RBAC Enforcement:**  
+  * Harbor's backend RBAC (Role-Based Access Control) mechanisms will be updated.  
+  * When a user attempts to access the Security Hub data for a specific project, the system will verify if the user holds the projectAdmin role for that project.
+
+### 2\. Backend Changes
+
+#### API Endpoints
+
+The current global Security Hub is assumed to be served by endpoints like /api/v2.0/securityhub/.... We will introduce new project-scoped API endpoints:
+
+* GET /api/v2.0/projects/{project\_name\_or\_id}/security/summary  
+  * Returns vulnerability summary statistics for the specified project.
+
+```json
+{
+  "critical_cnt": 0,
+  "high_cnt": 0,
+  "medium_cnt": 0,
+  "low_cnt": 0,
+  "none_cnt": 0,
+  "unknown_cnt": 0,
+  "total_vuls": 0,
+  "scanned_cnt": 0,
+  "total_artifact": 0,
+  "fixable_cnt": 0,
+  "dangerous_cves": [
+    {
+      "cve_id": "string",
+      "severity": "string",
+      "cvss_score_v3": 0,
+      "desc": "string",
+      "package": "string",
+      "version": "string"
+    }
+  ],
+  "dangerous_artifacts": [
+    {
+      "project_id": 0,
+      "repository_name": "string",
+      "digest": "string",
+      "critical_cnt": 0,
+      "high_cnt": 0,
+      "medium_cnt": 0
+    }
+  ]
+}
+```
+
+* GET /api/v2.0/projects/{project\_name\_or\_id}/security/vul  
+  * Returns a list of vulnerabilities for the specified project, supporting pagination and filtering within that project's scope.
+
+```json
+[
+  {
+    "project_id": 0,
+    "repository_name": "string",
+    "digest": "string",
+    "tags": [
+      "string"
+    ],
+    "cve_id": "string",
+    "severity": "string",
+    "cvss_v3_score": 0,
+    "package": "string",
+    "version": "string",
+    "fixed_version": "string",
+    "desc": "string",
+    "links": [
+      "string"
+    ]
+  }
+]
+```
+
+* GET /api/v2.0/projects/{project\_name\_or\_id}/security/summary/dangerous\_artifacts  
+  * Returns the top N most dangerous artifacts within the specified project.  
+* GET /api/v2.0/projects/{project\_name\_or\_id}/security/summary/dangerous\_cves  
+  * Returns the top N most dangerous CVEs affecting the specified project.
+
+Here, *{project\_name\_or\_id}* can be the project's name or its numerical ID.
+
+* The core change will be to ensure all database queries for vulnerability data are filtered by the project\_id derived from {project\_name\_or\_id}.  
+* Aggregation logic (e.g., for summaries, top N lists) will operate on this project-scoped dataset.  
+* **Response Structure:** The JSON response structure for these project-scoped endpoints will closely mirror that of the current SecurityHub APIs so that the current frontend component reuse can be maximised.
+
+### 3\. Frontend (UI/UX) Changes
+
+The aim is to maximize the usage of the present securityhub dashboard.
+
+* **Navigation:** Currently, the “Interrogation Service” is a part of the “Administration” menu. For non-admin users, we can have this as a separate menu together with “Projects” and “Logs”.  
+* **Dashboard View:**  
+  * The UI components (charts, tables, filters) from the existing global Security Hub will be reused.  
+  * These components will be initialized with data fetched from the new project-scoped API endpoints.  
+* **Search and Filtering:**  
+  * All the projects owned by the user can be filtered  
+    * Search and filter functionalities (by CVE, severity, etc.) within the project-scoped Security Hub will operate only on the data for that project.
+
+### 4\. System Administrator View
+
+The current global Security Hub remains unchanged.
+
+**Implementation:**
+Security Hub already has a project level filter. We need to map this to project admins, so that users can only view their own projects.
+
+![image](images/securityhub/securityhub-4.png)
+
+* For users who administer multiple projects:
+* A consolidated dashboard showing security metrics across all their projects
+* Allow viewing common vulnerabilities across multiple projects
+* Implement multi-select filtering to allow users to search for multiple CVEs simultaneously  
+  * By default, user will see vulnerabilities across all the projects  
+  * For filtering there will be a dropdown menu containing the list of projects to which they have access to
+
+## Rationale
+
+* **Access rights could be modified so that harbor administrators could grant access to this dashboard to their users:** This will put extra burden on harbor administrators to provide these permissions. It will be much simpler to provide already present role based permission (for eg. projectAdmin). 
+
+**Questions:**
+
+* **Do we only provide Security Hub or the whole Interrogation Service (which contains choosing their own scanners and scheduling vulnerability scans)?**  
+  We recommend initially providing only Security Hub access to project admins, without   
+  scanner configuration capabilities. Scanner configuration should remain centralized with   
+  Harbor administrators to ensure consistent security policies across projects. However, project admins should be able to trigger scans for their own projects.