Skip to content

UX Scorecard - Secure FY21-Q2 - Interacting with vulnerabilities in the security dashboard(s)

Interacting with vulnerabilities in the security dashboard

JTBD: When reviewing vulnerabilities for multiple projects, I want to see them all in one location, so that I can prioritize my efforts to resolve or triage them while seeing the larger picture.

Checklist
  • 1. Document the current experience of the JTBD, as if you are the user. Capture the screens and jot down observations. Also, apply the following Emotional Grading Scale to document how a user likely feels at each step of the workflow. Add this documentation to the epic's description.
  • 2. Use the Grading Rubric below to provide an overall measurement that becomes the Benchmark Score for the experience, and add it to the epic's description.
  • 3. Once you’re clear about the user’s path, create a clickthrough video that walks through the experience and includes narration of the Emotional Grading Scale and Benchmark Score.
  • 4. Post your video to the GitLab Unfiltered YouTube channel, and link to it from the epic's description.
  • 5. If your JTBD spans more than one stage group, that’s great! Review your JTBD with a designer from that stage group for accuracy.
  • 6. Create an issue to revisit the same JTBD the following quarter to see if we have made improvements. We will use the grades to monitor progress toward improving the overall quality of our user experience.

Current Experience Overview

The dashboard feature is considered an MVP. The primary user we are designing for works in an organization's web security department. Roles such as: security analysts, security engineers, or head of security. Although, mid-to-smaller organizations may not have a dedicated security department, therefore in this case the users would be: developers, tech leads, and devops engineers.

Video Walkthrough: view video

Overall Grade: D (Presentable)

  1. User would: a) create a group or b) group may already be created, then the user would select the group. emotional rating: positive 0

  2. To view security display: user goes to group name > overview > security dashboard. emotional rating: neutral 1 Group level security dashboard 2.b Project level security dashboard

  3. User adjusts the view to “Critical” severity to focus on prioritized vulnerabilities. This adjusts the summary, chart, and table to display Critical only vulnerabilities. emotional rating: neutral 2

  4. Table, below the chart, displays the specific selected vulnerabilities. emotional rating: negative 3

  5. User hovers on table rows and there are clickable actions: view more info, create issue, and dismiss vulnerability. emotional rating: neutral 4

    • If the user selects “dismiss vulnerability” , text shows “Dismissed” next to title, with the table row more opaque. User is able to revert dismissal. emotional rating: neutral 5

    • If the user selects “create issue”: a new open issue is created with the vulnerability information applied to the description. emotional rating: positive 6

    • If the user selects “more info” or selects the vulnerability text name in the table row: an information modal appears. The modal displays vulnerability data, including links with external data, in some cases with a solution suggestion. The user actional available are: cancel (or X to exit), dismiss vulnerability, and create issue. emotional rating: negative 7

Edited by Valerie Karnes