Design: Restructure Group Security Dashboard

Problem to solve

The current Group Security Dashboard is effectively a single page housing a vulnerability list and some basic metrics information (in the form of widgets). This setup limits the potential to expand functionality both for the vulnerability list as well as future dashboard widgets.

Intended users

• Cameron (Compliance Manager)
• Alex (Security Operations Engineer)

User experience goal

Users can see the vulnerability list of the current single-page Group-level dashboard broken out into a separate menu item while the existing metrics widgets remain on the existing Security Dashboard page.

Proposal

Transform the current single-page experience into a new layout and menu structure that sets the framework for future expansion and specialization of security components at the Group level. This will primarily entail breaking apart the existing page:

• move the vulnerability list into a separate, dedicated page
• leave the metrics widgets as part of the existing Security Dashboard page

Designs

• Initial mocks posted in design tab

📣 Vulnerability Report designs located in the project dashboard restructure

🖍 Link to Figma mocks View all levels (project, group, instance) in one location

Further details

We should be cognizant that the vulnerability list is currently a shared component across all 3 Security Dashboards. We need to be thoughtful about keeping this pattern for efficiency of future feature development while balancing against the possible complexity this might be add as Project, Group, and Instance-level lists potentially diverge in information displayed. The Pipeline security report is also very similar in its current incarnation so the same cautions and caveats apply.

For the navigation, preserve the current behavior that clicking directly on the Security & Compliance top-level menu item will take the user to the Group Security Dashboard page.

Permissions and Security

Users that previously had access to view the Group Security Dashboard will be able to see both the new Vulnerability Report page and the existing Security Dashboard page (which will now contain only the 2 metrics widgets).

Conversely, users who previously could not see a given Group Security Dashboard will not be able to view or access either the redone Security Dashboard page or the new Vulnerability Report page.

Also, where the group-level Security & Compliance menu are not be displayed—for example, to non-Ultimate users—there is no change in this behavior.

Documentation

The description and screenshot(s) for the Group Security Dashboard will need to be updated: https://docs.gitlab.com/ee/user/application_security/security_dashboard/#group-security-dashboard

It would be helpful to include screenshots with the left menu unfolded to show that there are now 2 sub-menu items where before there was only one.

Availability & Testing

What does success look like, and how can we measure that?

Success will be daily unique views for the combination of the new Vulnerability Report page and the metrics-only Security Dashboard page are equal to or greater than current traffic to the all-in-one page. The current metrics dashboard will need to be updated such that the current Group-level Security Dashboard chart captures traffic to both of these page locations.

What is the type of buyer?

GitLab Ultimate

Links / references