Security Dashboard (design)
Description
We want to provide a Security Dashboard to support Security people that are using GitLab.
The first iteration should be a sort of new homepage, that will give the ability to
This is the general idea:
- the Security Dashbord should be a top-level entity, with a dedicated menu entry (under Overview?)
- it should be considered as the default homepage for Security people (set as default?)
- should give a comprehensive idea of security of multiple projects, with the ability to take actions
Proposal
Given this goal, we can consider a first MVP to be a list of projects. Each project will report a few details (with links to jump to the project itself), and a security summary showing how many vulnerabilities are there for the specific categories (sast
, dependency scanning
, etc). This report will allow you to get a first overview, reporting the latest known security status of the default branch (master
). From the summary, you can jump to the security report at pipeline level, where you can access details and take actions (create issue, dismiss).
Projects can be added and removed to the list, and they will be shown in pages. This is because we need to fetch the artifacts to create the report summaries, and we should limit the number of requests we are creating in a single page.
This approach allows to keep the list simple, and to avoid database support we currently cannot have. In the next iteration we can introduce some backend changes to support data and to improve the functionality.
Designs
- It has 7 projects on the list at most per page.
- You can add the projects to the list by clicking "Add project" button.
- If you click the projects in the dropdown menu, the projects will be added to the list immediately.
- You can sort the projects list by the project name alphabetically.
- You can remove the projects by clicking "Remove" button.
Copy for the vulnerability detection:
- If there are no security vulnerabilities, it shows "[Category name] detected no security vulnerabilities".
- e.g.
Dependency scanning detected no security vulnerabilities
- If it detects the security vulnerabilities, it shows "[Category name] detected 146 vulnerabilities".
- e.g.
Dependency scanning detected 146 vulnerabilities
Note: We don't show the DAST
and Container scanning
until https://gitlab.com/gitlab-org/gitlab-ee/issues/6168 and https://gitlab.com/gitlab-org/gitlab-ee/issues/6169 are implemented.
Security dashboard | Dropdown menu |
---|---|
Out of the scope
- If you click "Edit projects", the checkboxes will show up before the project cards. So you can remove the projects in bulk editing mode.
- In editing mode, "Add project" button is hidden. Instead, "Remove projects" button and "Cancel" button show up. So you are not able to add new projects to the list.
- The "Remove projects" button is disabled as default until you select one of the projects in the list.
- If you click "Cancel" button, you will leave the editing mode.
- The sorting and filter still work in the mode, so you can find your project easily.
- The options in sorting dropdown menu:
- Last updated
- Order alphabetically
Security dashboard | Editing mode | Dropdown menu |
---|---|---|