Ability to remove/expunge security metrics data for a Project
Problem to solve
As a user while attempting to set up the Secure Features in a self-managed instance, I may have to run a project through to see if the vulnerabilities in a project that I may put in are caught (validation of functionality). Subsequently, I may remove those vulnerabilities and they will disappear off the Security Dashboard. However, the metrics of these vulnerabilities may continue to be in the system. It would be nice to have a way to reset these.
Intended users
- Cameron (Compliance Manager)
- Parker (Product Manager)
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
- Rachel (Release Manager)
- Dana (Data Analyst)
User experience goal
The user should be able to use UI or API with GitLab to clear the metrics for the security findings, or have a way to include/exclude certain time periods that are known to be problematic.
Proposal
Further details
Permissions and Security
Only individuals with Owner or Maintainer roles should be able to modify the data. And appropriate Audit logging should be enabled to capture that this action was performed.
Documentation
Appropriate documentation in the UI or API context should be updated.
Availability & Testing
Testing should include the scenario described above. Also, scenarios where not all data is removed, but certain events are filtered should be tested.
What does success look like, and how can we measure that?
What is the type of buyer?
Ultimate/Gold features as all Secure dashboards and metrics are in that tier.