SAST Configuration UI: MVC Design
Overview
This issue defines the MVC design for the SAST Configuration UI, building off the conversations and designs in the previous UX Discovery issue.
Personas
Success Criteria
- User can get to the SAST Configuration UI page from the
Enable
button on the Configuration page - User can configure at least some variables of the SAST template from within the UI, and create an MR to commit changes
- User can click on
View History
link (if SAST is enabled) to see the git blame for the SAST .yml file
JTBD
-
When I'm enabling SAST, I want the ability to do so from within the UI so that I don't have to read a lot of documentation and go through several tedious steps to get it setup.
-
When I'm not getting the results I'd like to see from my SAST scanner, I want the ability configure the variables so that I get the most value from it and subsequently, from GitLab.
-
When something goes wrong with my SAST jobs, I want to be able to see who made changes to the SAST .yml file and when so that we can figure out how to get the jobs working properly.
Design proposal
Secure & Defend Configuration Page
SAST Configuration UI
Configuration UI with dynamic Restore to default
link
- Form is editable by default
- If user changes a variable (in the example below,
image prefix
was changed by the user), text underneath the text input responds dynamically by warning them that template updates will not apply to this variable, with a text link toRestore to default
. - Variables need to look like they are pre-populated with text but the backend would need to save these as null unless the user changed a variable, thereby creating an override.
-
Read more
text link in description goes to https://docs.gitlab.com/ee/user/application_security/sast/#configuration - "?" icon next to
SAST Analyzers
goes to https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks
Default (no variables changed) | User changed the image prefix field (note help text below field) |
---|---|
User clicked on View analyzers
button (Analyzer section expanded)