Design: Ensure user awareness when container security scans are not configured
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Problem to solve
For GitLab Ultimate customers, in the following scenario: when a container(s) are set up but the project is not configured for container security scanning.
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sam (Security Analyst)
- Allison (Application Ops)
Further details
This supports ongoing efforts to ensure security user awareness (when scans are not being performed) and baking security across stages.
Proposal ideation
When the container is setup:
- Make explicit on the security configuration page, when: containers are set up and ready to configure for scanning.
- Make user aware of the container registry section that security scanning is available, but not yet configured.
- Highlight projects that are not performing security scans at the group level (related: #13298 (closed))
- Another medium to communicate this message
🤔
Permissions and Security
...
Documentation
...
Availability & Testing
...
What does success look like, and how can we measure that?
- Is user is aware when a project is not performing container scanning?
- Can user find out how to identify is container security scans are being performed on a security project?
- Does the system communication, as proposed above, prompt user to configure security scans?
What is the type of buyer?
~ultimate
Is this a cross-stage feature?
Yes, this is specifically aiming to bake in security to the package stage/features.
Links / references
...