Problem to solve
Security features exist in different places within the application and while this makes sense to keep some features where they are with respect to the users' needs, we still need a central location for core security features especially as we plan on adding new features and enhancing others.
Information Architecture Today
Users
CISO, Security Director, Security Team Lead,
Security Analyst: Persona: Security Analyst
DevOps Engineer: Persona: DevOps Engineer
Dev Team Lead Persona: Development Team Lead
User Approach
User stories
User |
Story |
Target navigation area |
As a CISO or Security Director |
I want a place where I can monitor my organization's security status and other important metrics, so I can respond to issues if they arise. |
Instance / Security Dashboard / Overview Metrics |
- |
I want a place where I can monitor my team's progress, so I can make sure they are focused on the highest priority or most important issues. |
Instance / Security Dashboard / Overview Metrics |
- |
I want a place where I can create and download a report, so I can present my teams progress and the security status of the organization |
Instance / Reports / Download Report |
User |
Story |
Target navigation area |
As a Security Analyst |
I want a place where I can find all of the vulnerabilities for my organization, so I can take the necessary action on them from one place and not have to go to different locations to manage them. |
Instance / Security Dashboard / Vulnerability List |
- |
I want to monitor the remediation status of vulnerabilities that are at various stages of the remediation process, so that I can respond quickly if errors occur. |
Instance / Auto-remediation, or Project / Auto-remediation |
More stories TBD
Information Architecture Proposal
Project level |
Group level |
Instance level |
|
|
|
Proposed feature locations
Project Level
Group Level
Instance Level
Feature |
Status |
Location |
Instance Level Dashboard |
In Consideration |
Instance / Security / Dashboard |
Overview Mertics |
Concepting |
Instance / Security / Dashboard |
Dashboard settings and configuration idea part of a broader effort for a custom dashboard
|
Concepting |
Instance / Security / Dashboard / Dashboard Settings |
Dashboard Report related idea
|
concepting |
Instance / Security / Dashboard / Dashboard Report |
Vulnerability Database |
TBD |
Instance / Security / Vulnerability Database |
Global Whitelisting |
Concepting |
Instance / Security / Global Whitelisting |
SLA Settings Epic link
|
Concepting |
Instance / Security / SLA Settings |
Permissions similar issue also consider role settings as well
|
Concepting |
Instance / Security / Permissions |
Wireframes
Project level |
Group level |
Instance level |
|
|
|
MVC
Scope:
We are going to take what we have today, and planned to release in June and use this as a foundation to begin building the navigation section for secure.
Project Level |
Group Level |
Security Dashboard |
Security Dashboard |
Dependency List (June Release) |
- |
License Compliance (moved from settings) |
- |
Project Details:
At the project level, we will name the nav section Security & Compliance since we have features for both available.
- If a user selects the top-level item instead of using the flyout with the Secure nav area, they will be taken to the project level security dashboard by default.
Group Details:
We only have one feature today -the Group level security dashboard- to nest into the navigation so this area will be named Security for the time being. Once we add Group level license compliance, we will change the name to Security and Compliance
Information architecture
Designs
Project level
Project level nav details |
|
Project level default page |
|
Group level
Group level nav details |
|
Group level default page |
|
https://gitlab.com/gitlab-org/gitlab-ee/issues/12250
What does success look like, and how can we measure that?
- Clicks on security features in the nav
- Click path (journey) into security products changes and becomes shorter