Problem validation: Comparing and cross-referencing vulnerabilities

Release notes

Problem to solve

Originally from @andyvolpe:

Users may require the need to view the vulnerability details in context with other vulnerabilities. Taking them to a new page and away from the vulnerability report is arduous on the user and results in a lot of back and forth between pages.

Intended users

• Sam (Security Analyst)

User experience goal

• User can view one vulnerability's detail while also looking at another vulnerability's detail

Proposal

Andy's original ideas:

Option 1: Drawer

We should consider utilizing a drawer component as a quick view or preview of the vulnerability details. Additionally, we can consider replacing all vulnerability detail modals with this drawer.

Option 2: Email layout

Alternatively, we can consider utilizing an email layout instead, as Camellia validated in ⚗️ Solution validation: email layout for alerts. See designs in 🎨 Design: Redesign show a similar "drawer" view on alert select. If we go with this pattern, we would need a separate issue exploring whether a drawer is still worth exploring when vulnerabilities are clicked on within the MR (i.e. the security widget and upcoming inline alert).

However, I don't know if we need to go this route. If we switched the Vulnerability Report from a table to a list, we could stack more information together from the list itself, and a vuln wouldn't have to be opened in any type of component to cross-reference the detail of each vuln. This, and/or grouping, may solve the user problem if the problem is that they want an easier to way find similar vulns.

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references