[Design] MVC - Config UI for dependency scanning
Problem to solve
Depending on the size of the company, the person who needs to do the following JTBD will vary "When I use the GitLab security feature for the first time, I want to configure all necessary features, so that the security team can start using them for GitLab projects."
We want to be easy to use with or without deep git or GitLab knowledge / having to read documentation.
MVC for dependency scanning only
create MR only! no configuration screen! no variables!
Workflow
- view settings page
- see enable or disable button based on if we can tell it is enabled or disabled
- user clicks "Enable" call to action
- (use existing mr page) auto populate MR title, description, and content.
In cases that the scan is reporting Enabled
status, the call-to-action button does not display.
Intended users
User experience goal
easy to turn on the default template for Dependency Scanning
Proposal
We would like to add a button to the setup page that automatically generates the MR with the correct content for basic setups. After the MVC we can then iterate to allow for configuration of the most popular variables.
ideation flow (see design section for updated)
Configuration PageEnable Button (also open to "enable via MR")
Disable Button for when they already have it
When button is clicked, in either case it goes to the Create MR Page
Title: Set .gitlab-ci.yml to enable or configure Dependency Scanning
Description: Set .gitlab-ci.yml to enable or configure Dependency Scanning security scanning using the GitLab managed template. You can add variable overrides to customize the settings.
File content:
include:
- template: Dependency-Scanning.gitlab-ci.yml
OR
Title: Set .gitlab-ci.yml to disable Dependency Scanning
Description: Remove dependency scanning from .gitlab-ci.yml.
File content: remove Dependency-Scanning.gitlab-ci.yml line
Permissions and Security
Must be able to see the config page and create MRs
Documentation
update the configure section of the user docs
Availability & Testing
yes please! I want tests (automated) and i want us to try it against a BUNCH of projects to find what we fail on - the goal of MVC is only simple enable/disable no variable configs (users can read docs and add if desired
What does success look like, and how can we measure that?
we can't catch every edge case but search for includes and add the template for enable, remove line for disable