UX Scorecard - Secure FY21-Q2 - managing licenses (accountability)
Managing licenses
For those accountable for compliance:
JTBD: When my organization has license compliance rules to follow I want to be able to whitelist or blacklist licenses so that I can ensure any new code merged in a project is in compliance.
Rating: F (Poor) Workflow leaves user confused and with no direction of where to go next. Can sometimes cause the user to go around in circles or reach a dead end. Very high risk of abandonment, and user will most likely seek other methods to complete the task.
Managing licenses in project settings, proactive license compliance:
| User Actions | Rating | UI |
|---|---|---|
| i. User navigates to settings (Project > Settings > CI/CD > License Management) | Neutral: Given the user type, the person responsible for compliance, the location of this feature may be confusing to find |  |
ii. User expands the license management section, info display notes that no licenses have been added. CTA add a license. |
Negative: There is a specific configuration needed for the feature to be functional. The UI is displaying the ability to add/remove license rules; but in the case that the configuration was not completed adding/removing ability could deceive the user into thinking the feature would be functional. |  |
iii. User selects theadd a license, display with dropdown list of licenses appear (or search for items in list). User selects license then select approve or blacklist, then submit. |
Negative: There is a preset list - it is not clear what to do if the license the user wanted to add is not on the list. |  |
| iv. User could not find license they wanted to add in list. User types in the name to try to add to the list. | Negative: It may not be clear that the user can add a license type to the list. Scanning may not identify correct license (from user input). |  |
v. User may now see added licenses and toggle the classification to either approved or blacklisted or delete. |
Negative: The table would get challenging to manage once 10+ items are listed. |  |
Managing new licenses detected in a MR, reactive license compliance:
| User Actions | Rating | UI |
|---|---|---|
| 1. User committed changes to a project and performed a merge request. Then, the user (with maintainer allowance) is reviewing the merge request. The widget includes a section noting: “detected 2 new licenses”. |
Neutral: Good that the “2 new licenses detected” is visible next to the merge button. But unsure how approve button (above) may affect the licenses detected. |
 |
2. User hits expand and there are multiple items listed |
Negative: Not sure what the icons are signifying. The X could be a blacklist item, but that is not clear. The • icon is unclear. |
 |
3. User clicks “X LGPL” link and modal displays: license type, a link for more info, and packages license detected “used by”. The modal’s header states “approve license?”. User options are to approve license or cancel. |
Negative: It’s unclear if “approve license” is for the MR only or to create a rule for the project. |  |
| 4. User clicks “New BSD” link and modal displays. Similar to the other modal in 3, the modal’s header asks “approve license?” | Negative: Similar confusion as seen in 3, but seeing “blacklist” suggests it may not allow the license. Unclear what will happen, if anything, if neither “blacklist” or “approve” is or is not selected. |  |
5. User selects “approve license” in 4. Now the visual is showing a list item with √ and another with a X. It’s unclear what this is indicating, though the merge button is active so the licenses seem to not affect that action. |
Negative: It’s confusing to know what the meaning or implications of blacklist license or approve license outcomes result in. In fact, they do not do anything other than be visualized that way. It doesn't affect the MR, or prohibit a blacklisted license from being merged. |
 |
6. The user selects the manage licenses action seen in 5. This open settings page with the license management section expanded. |
Neutral: This is helpful to go to the settings and be able to manage the licenses. It’s still not clear what blacklist and approved are defined as and/or what outcomes they produce. |  |
Checklist
-
1. Document the current experience of the JTBD, as if you are the user. Capture the screens and jot down observations. Also, apply the following Emotional Grading Scale to document how a user likely feels at each step of the workflow. Add this documentation to the epic's description. -
2. Use the Grading Rubric below to provide an overall measurement that becomes the Benchmark Score for the experience, and add it to the epic's description. -
3. Once you’re clear about the user’s path, create a clickthrough video that walks through the experience and includes narration of the Emotional Grading Scale and Benchmark Score. -
4. Post your video to the GitLab Unfiltered YouTube channel, and link to it from the epic's description. -
5. If your JTBD spans more than one stage group, that’s great! Review your JTBD with a designer from that stage group for accuracy. -
6. Create an issue to revisit the same JTBD the following quarter to see if we have made improvements. We will use the grades to monitor progress toward improving the overall quality of our user experience.
Edited by Valerie Karnes