Experience Recommendation –Secure FY22-Q4 – Identifying vulnerabilities in new code (Dynamic analysis)
UX Scorecard Part 1: #1702 (closed)
| # | Insight/finding | Recommendations | Comments |
|---|---|---|---|
| 1 | The entry point to enable a security scanner is not evident from a project's landing page | Existing issues already address this: 1) gitlab#345460 |
|
| 2 | It’s not clear what happens after committing configuration changes. Users should be guided through the end of the workflow | Existing issues already address this: 1) gitlab#347481 2) gitlab#345464 3) gitlab#345463 |
Possible workflow conclusions could be confirming that the scanner has been enabled or navigating to the scan results |
| 3 | Documentation was needed to understand what the tools do | Existing issues already address this: 1) gitlab#347476 (closed) 2) gitlab#347478 |
|
| 4 | When enabling DAST or API fuzzing through the UI, it's isn't obvious how and where to insert the code snippet into the gitlab-ci.yml file |
Refine the guidance users are given in the pipeline editor when trying to enable DAST or API Fuzzing | It was noted that the term "insert" may not be as direct as "paste" and it wasn't very clear that the portions of the code snippet needed to be moved around |
| 5 | The way that security tool configuration steps are explained in the docs is not consistent | Improve documentation consistency for security tool configuration |
Experience Recommendations Checklist
Learn more about UX Scorecards
-
Collaborate with your Heuristic Buddy to create recommendation issues as needed. -
Add a UX scorecard-recandOKRlabel on every issue for traceability, then apply yoursectionandgrouplabels as well. -
Add Severity labels to every issue for prioritization -
Link your recommendation issues to your main UX Scorecard issue - Tip 1: Brainstorm opportunities to fix or improve areas of the experience.
- Use the findings from the Emotional Grading scale to determine areas of immediate focus. For example, if parts of the experience received a “Negative” Emotional Grade, consider addressing those first.
- Tip 2: Think iteratively, and create dependencies where appropriate, remembering that sometimes the order of what we release is just as important as what we release.
- If you need to break recommendations into phases or over multiple milestones, create multiple epics and use the Category Maturity Definitions in the title of each epic: Minimal, Viable, Complete, or Lovable.
Edited by Michael Fangman