Validate or improve UX of the security reports
In previous iterations we've added a lot of information about vulnerabilities in the security reports.
This issue's goal is to have a look at what's been done and validate or iterate on it to improve the UX of our Security Reports.
These components should be evaluated:
- vulnerabilities list in the MR widget and CI view
- vulnerability modal with details and actions (dismiss, create an issue)
- created issue from vulnerability (content of the description)
Proposed Designs
Security reports in merge request page
Desktop | Mobile |
---|---|
Security reports in pipeline page
Desktop | Mobile |
---|---|
Dismiss vulnerability modal dialog
Notes
- The entire vulnerability row in the report is clickable instead of separate links. This improves interacting with the vulnerability items.
- Added quick action buttons on row hover; visible only on desktops.
- The expanded report area in the MR widget is of fixed height. This improves scrolling since there is only a single scrollable area instead of individual scan reports.
- The reports are to be sorted by Severity first and then by Confidence. Fixed vulnerabilities appear at the top and dismissed ones appear at the bottom of each section.
Follow-up
Implementation of these designs will be carried out in https://gitlab.com/gitlab-org/gitlab-ee/issues/7561 and https://gitlab.com/gitlab-org/gitlab-ee/issues/7562.
Edited by Jeethu Karthik