[Design] MVC - Config UI for dependency scanning

Problem to solve

Depending on the size of the company, the person who needs to do the following JTBD will vary "When I use the GitLab security feature for the first time, I want to configure all necessary features, so that the security team can start using them for GitLab projects."

We want to be easy to use with or without deep git or GitLab knowledge / having to read documentation.

MVC for dependency scanning only

create MR only! no configuration screen! no variables!

Workflow

1. view settings page
2. see enable or disable button based on if we can tell it is enabled or disabled
3. user clicks "Enable" call to action
4. (use existing mr page) auto populate MR title, description, and content.

In cases that the scan is reporting Enabled status, the call-to-action button does not display.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Sam (Security Analyst)

User experience goal

easy to turn on the default template for Dependency Scanning

Proposal

We would like to add a button to the setup page that automatically generates the MR with the correct content for basic setups. After the MVC we can then iterate to allow for configuration of the most popular variables.

ideation flow (see design section for updated)

Configuration Page

Enable Button (also open to "enable via MR")

Disable Button for when they already have it

When button is clicked, in either case it goes to the Create MR Page

Title: Set .gitlab-ci.yml to enable or configure Dependency Scanning

Description: Set .gitlab-ci.yml to enable or configure Dependency Scanning security scanning using the GitLab managed template. You can add variable overrides to customize the settings.

File content:

include:
  - template: Dependency-Scanning.gitlab-ci.yml

OR

Title: Set .gitlab-ci.yml to disable Dependency Scanning

Description: Remove dependency scanning from .gitlab-ci.yml.

File content: remove Dependency-Scanning.gitlab-ci.yml line

Permissions and Security

Must be able to see the config page and create MRs

Documentation

update the configure section of the user docs

Availability & Testing

yes please! I want tests (automated) and i want us to try it against a BUNCH of projects to find what we fail on - the goal of MVC is only simple enable/disable no variable configs (users can read docs and add if desired

What does success look like, and how can we measure that?

we can't catch every edge case but search for includes and add the template for enable, remove line for disable

Links / references