Product Discovery - Beyond the MVC - Instance Level Security Dashboard
This issue is intended to discuss the future of the instance level security dashboard. From here we can add issues to the Dashboard Epic for better tracking.
Problem to solve
We want to provide a first-class experience to users that are using GitLab mainly for security purposes.
When they log into the web interface, they should be already able to see which is the overall security status of the projects/groups they are interested in. They should be able to monitor what happened and which are the most important things they need to work on.
Further details
We want to add more value for the user when using the Instance Level Security Dashboard. To do this we need to explore features beyond the MVC and subsequent incremental improvements.
Proposal
Create an instance level Security Dashboard, that shows high-level vulnerability information including group and project details as well as provide an experience that allows users to manage vulnerabilities much like they can do in the Group level dashboard.
The Dashboard must provide all the relevant information to prioritize the work and to jump into more details in an easy way.
User stories and feature considerations
User Stories
# | User Story | Feature |
---|---|---|
1 | As a user, I want to see the security details of all my projects, so that I can quickly identify problem areas and work to find a solution | 1.0 MVC Dashboard |
2 | As a user, I want the ability to manage which projects are included in the dashboard, so that I might eliminate any noise from the dashboard. | Add/Remove Projects (in 1.0 MVC) |
3 | As a user, I want to know if my projects are properly set-up with security-checks, so that I can address any configuration issues | Project Status view |
- | - | Alert if a project is not configured correctly |
4 | As a user, I want to start my session with the instance level security dashboard, so that I don't always have to navigate to it. | Default settings |
5 | As a user, I want to see easily see more info on a vulnerability, so that I can make a decision on how to remediate it quickly. | Inline Vulnerability management |
6 | As a user, I want to see an overview of my groups, So that I can see, at a high level which groups are over or under performing from a security standpoint. | Project and Group details tab |
7 | As a user, I want the ability to manage which groups are included in the dashboard, so that I might eliminate any noise from the dashboard. | Add/Remove Groups and projects |
8 | As a user, I want to see which projects have critical vulnerabilities, so that I can work on those first. | Critical vulnerability sub-section |
9 | As a user, I want to see a complete high-level security overview for my instance, so I can understand what my company is doing well and where we need to improve. | Overview Tab |
Features
MVC | Dashboard 1.1 | Dashboard 1.2 | Dashboard 1.3 |
---|---|---|---|
Add/Remove Projects | Default settings | Project/Group Details Tab | Overview Tab |
Icon in header | Inline Vulnerability management | Add/Remove Project and Groups | Critical vulnerability sub-section in Group/Project details |
Project status view | |||
Alert if project is not properly configured |
Bredth and Depth
MVC | Dashboard 1.1 | Dashboard 1.2 | Dashboard 1.3 |
---|---|---|---|
Adds Bredth | Adds Depth | Adds Bredth | Adds Bredth and Depth |