Improved usability of Security & Compliance configuration page
Release notes
GitLab has greatly expanded Security and Compliance functionality over the last year. As features have grown, so have the number of related configuration options. The current Security & Compliance Configuration page has expanded beyond what it was originally designed to accommodate, making finding the right option cumbersome.
To address this, we have redesigned the Security & Compliance Configuration. Not only does the new design improve usability, it provides a flexible pattern that will scale as we continue to add to our security and compliance offerings.
Documentation: https://docs.gitlab.com/ee/user/application_security/configuration/
Problem to solve
GitLab has greatly expanded Security and Compliance functionality over the last year. As features have grown, so has the number of related configuration options. The current Security & Compliance
Configuration page was not designed with scalability in-mind, making it busy and confusing as more options are added. As simple restructuring will help make it easier to both find the right existing setting as well as provide a scalable pattern for adding new settings in the future.
User experience goal
- Provide an experience consistent with the new, validated settings direction
- Align with the new settings section and sub-section layouts.
- Align with the new button styles and [organization] (https://design.gitlab.com/components/button#order) to provide a consistent action-oriented experience for all tools.
- Align text and action labels with our content guidelines consistently across all tools/capabilities.
- Improve the scannability and consistency of tool states to allow for immediate recognition of enabled/not enabled tools without compromising accessibility.
- Create a scalable pattern/component architecture for tools to expand their capability set while maintaining consistency in the overall settings experience.
Proposal
Transform the existing Project-level configuration page into those shown in the designs. This includes renaming the page; creating the sections, sub-section, and moving the existing scanner settings into the appropriate new sections.
Further details
FYI: In the future, this pattern will likely be replicated at the Group level. This is likely to coincide with the ability to make configuration and policy settings at the Group level that can cascade down to the Project level.
Permissions and Security
No change in permissions. Only users that can currently access and modify settings on the Security & Compliance Configuration page can do so in the redesigned layout.
Documentation
Update https://docs.gitlab.com/ee/user/application_security/configuration/
Availability & Testing
Available Tier
- Ultimate/Gold
What does success look like, and how can we measure that?
Is this a cross-stage feature?
This will potentially affect devopsmanage as groupcompliance lives there. However, there are not currently any settings on the affected page specific to the Compliance group.