Design: Restructure Group Security Dashboard
Problem to solve
The current Group Security Dashboard is effectively a single page housing a vulnerability list and some basic metrics information (in the form of widgets). This setup limits the potential to expand functionality both for the vulnerability list as well as future dashboard widgets.
Intended users
User experience goal
Users can see the vulnerability list of the current single-page Group-level dashboard broken out into a separate menu item while the existing metrics widgets remain on the existing Security Dashboard page.
Proposal
Transform the current single-page experience into a new layout and menu structure that sets the framework for future expansion and specialization of security components at the Group level. This will primarily entail breaking apart the existing page:
- move the vulnerability list into a separate, dedicated page
- leave the metrics widgets as part of the existing Security Dashboard page
Designs
-
Initial mocks posted in design tab
Further details
We should be cognizant that the vulnerability list is currently a shared component across all 3 Security Dashboards. We need to be thoughtful about keeping this pattern for efficiency of future feature development while balancing against the possible complexity this might be add as Project, Group, and Instance-level lists potentially diverge in information displayed. The Pipeline security report is also very similar in its current incarnation so the same cautions and caveats apply.
For the navigation, preserve the current behavior that clicking directly on the Security & Compliance top-level menu item will take the user to the Group Security Dashboard page.
Permissions and Security
Users that previously had access to view the Group Security Dashboard will be able to see both the new Vulnerability Report page and the existing Security Dashboard page (which will now contain only the 2 metrics widgets).
Conversely, users who previously could not see a given Group Security Dashboard will not be able to view or access either the redone Security Dashboard page or the new Vulnerability Report page.
Also, where the group-level Security & Compliance menu are not be displayed—for example, to non-Ultimate users—there is no change in this behavior.
Documentation
The description and screenshot(s) for the Group Security Dashboard will need to be updated: https://docs.gitlab.com/ee/user/application_security/security_dashboard/#group-security-dashboard
It would be helpful to include screenshots with the left menu unfolded to show that there are now 2 sub-menu items where before there was only one.
Availability & Testing
What does success look like, and how can we measure that?
Success will be daily unique views for the combination of the new Vulnerability Report page and the metrics-only Security Dashboard page are equal to or greater than current traffic to the all-in-one page. The current metrics dashboard will need to be updated such that the current Group-level Security Dashboard chart captures traffic to both of these page locations.