Secure & Protect Team Planning Issue for 14.2
Secure & Protect Planning Boards
| Group | Planning Board |
|---|---|
| Composition Analysis | gitlab-org/secure/general#158 (closed) |
| Container Security | |
| Dynamic Analysis:DAST | |
| Dynamic Analysis:Fuzz | |
| SAST | |
| Vulnerability Management |
Product Designer's Available Capacity
| Designer | Group Capacity | Flex Capacity | TOTAL Capacity |
|---|---|---|---|
| Andy | 0 | 0 | 0 |
| Annabel | 18 | 3 | 21 |
| Becka | 23 | 0 | 23 (1 week PTO during %14.2) |
| Camellia | 16 | 4-6 | 20-22 |
| Michael | 12 | 3-5 | 15-17 (Planning 1 week PTO during %14.2) |
Composition Analysis UX Needs
| Priority | Issue/Epic | State |
  |
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| WIP | Enable via UI | designed - may need to handle edge cases as they come up? | |
%14.1? ~stretch may slip | 1 | |
| WIP | Dependency Path | we have a design but might be outdated now? also i want to change | |
@cam.x | %14.3 ? | 2 |
| 1 | CMS re-do | re-use existing work | |
when dependency path is done | 1 | |
| 2 | Alert on change on dependency location | need a rough design |
|
%14.4 may get pushed | 5 | |
| 3 | SPDX export |
|
%14.4 may get pushed | 3 | ||
| 4 | incorporate package hunter | would like a review and a future design post MVC |
|
%14.4 may get pushed | 5 | |
| 5 | Move LC policies so they can be project, group, sub group, namespace/workspace wide policies - MVC + Long term | let's look at what access did for cascading settings? MVC no overrides, post MVC would love to also chat with compliance and security orchestration to allow setting via tag, and hwo to handle overrides and disallowing overrides as well as working with access on how we could RBAC this permission | |
%14.4 may get pushed | ? |
Container Security UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| 1 |  |
Design in progress; needs solution validation | |
@annabeldunstone | 5 | |
| 2 | |
Ready for design | |
@annabeldunstone | 5 | |
| 3 | |
Ready for design | |
@annabeldunstone | 3 |
Dynamic Analysis:DAST UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| 1 | CMS | Ready for testing after environments are set up | |
@annabeldunstone and @mfangman | 5 | |
| 2 |
|
Ready for design (some design explorations exist) | |
@mfangman + Camellia (?) | 3 | |
| 3 | Verify scan configuration before running full scan | Awaiting issue (@derekferguson please add the issue when found/created) | |
@mfangman | 2 |
Dynamic Analysis:Fuzz UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| 1 |
|
Depends on research, should be ready for design | |
Camellia | 3 | |
| 2 |
|
Depends on research, should be ready for design | |
Camellia | 3 | |
| 3 |
|
ready for design | |
Camellia | 3 |
SAST UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| 1 | Solution Validation: MR diff notifications (V2) | Solution Validation | |
@beckalippert | %14.2 | 8 |
| - | Change Code Quality severity names to match Secure scanners | Discussion/ Problem validation | |
@beckalippert | %14.2 | 1 |
Vulnerability Management UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| 1 | Notify the user when the security chart is not yet ready | Ready for design | |
%14.2 | ||
| - | Change banner copy on Configuration page | Discussion/ Design/ TW | |
@beckalippert | %14.2 | 1 if no illustration, 3 if illustration |
| - | Show Security Discover page to all permission levels | Discussion/ Design - probably handing off to Growth team | |
@beckalippert | %14.2 | 1 |
OKR/Extra UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| - | Prepare Protect handoff for @cam.x | |
@annabeldunstone | %14.3 | 3 | |
| - | Learning more about protect | |
@cam.x | %14.2 | 2 | |
| - | Pajama related works | |
@cam.x | %14.2 | 2-3 | |
| - | Main Issue: MR Update KR Security MR Widget Issue: [MR Widget UX] Security |
Waiting on framework to be completed. Will need to update MR Widgets accordingly by end of Q2 | |
@gitlab-com/gitlab-ux/secure-protect-ux | %14.3 | 3(?) |
| - | [MR Widget UX] Code Quality | Waiting on framework to be completed. Will need to update MR Widgets accordingly by end of Q2 | |
@beckalippert @mfangman | %14.3 | 3(?) |
| - | Continue learning about Static Analysis & Fuzzing | |
@mfangman | %14.2 | 2 | |
| - | |
@annabeldunstone | %14.3 | 3 | ||
| - | Richer tooltips | Auditing current use cases | |
@beckalippert | %14.2 | 5 |
| - | Continue adding resources to the Static Analysis Handoff Issue for @mfangman | Need to fill in links | |
@beckalippert | %14.2 | 1 |
Activity
added Planning Issue sectionsec labels
assigned to @jmandell, @beckalippert, @annabeldunstone, @cam.x, @andyvolpe, @mfangman, @sam.white, @derekferguson, @matt_wilson, @NicoleSchwartz, and @tmccaslin
Hi all! Here is our new team planning issue for %14.2 This is what we should be focusing on for this first week (4 weeks before %14.2 begins):
M-1, 17th(1 month before start of milestone)- Product Design Manager (PDM): Create a Planning Issue for the milestone from the team's Planning Issue Template.
- PDM: Assign Issue to entire team
- Team: Discuss the needs for the NEXT milestone's design work with your Product Managers (PM)
- Product Designers (PD) will fill in their expected Group, Flex and TOTAL Capacity in the Product Designer's Available Capacity table
When planning please keep in mind that your capacity will be diminished. I spoke with David and the team organization changes will take effect at the start of %14.3 This means that you should consider and expect as part of %14.2 to spend a decent chunk of your time transitioning out of your existing Groups and into your new ones. That's a lot of knowledge transfer and gain so please, plan accordingly. I trust you all to know what you'll need and how that plays into your milestone capacities.
Please let me know if I can assist with anything or answer any questions
- Product Design Manager (PDM): Create a Planning Issue for the milestone from the team's Planning Issue Template.
Hey team @gitlab-com/gitlab-ux/secure-protect-ux Don't forget to:
Product Designers (PD) will fill in their expected Group, Flex and TOTAL Capacity in the Product Designer's Available Capacity table
Before this week is up (i.e. tomorrow is the last day of the week given that Friday is a Friends and Family day).
Thank you!
Thank you for adding your table content so quickly @NicoleSchwartz!! Couple of questions:
-
we have some ongoing discussions and might do a rapid test so it may slip so wanted to pad for it for now
-
yes i 100% need it, but not until 14.4 or possibly later, so not sure how else to reflect that - If someone could take a look and say, oh we can start this 14.3 and be fine! or this is complicated we should start looking 14.2 (with the goal devs start 14.4) [ i.e. is there a known pattern we can use and it's easy, or are we inventing the pattern and it's going to be a big lift)
Edited by Nicole Schwartz-
@NicoleSchwartz Perfect! Thank you for the clarification that all makes sense
added to epic &6247
@jmandell Updated with Container Scanning & DAST. I also created an epic so we can collect all these issues in one place.
@gitlab-com/gitlab-ux/secure-protect-ux This week in UX Team Planning %14.2 is when we're expected to have all of the tables and Capacities filled in:
M-1, 24th(~3 weeks before start of milestone)- Each PM and Product Designer (PD) counterpart will work together for a week to add content to their Group's UX Needs table
- Each PD will add any OKR or Extra issues they expect to work on during the upcoming milestone to the OKR/Extra UX Needs table
We're still missing data in the SAST, Vulnr Management, and OKR/Extras tables.
@beckalippert @tmccaslin Do you have anything needed/nice to have for SAST in %14.2?
Becka, can you please add in your expected Capacity?
@matt_wilson Do you have anything needed/nice to have for Vulnr Management in %14.2?
Just a reminder as well that %14.2 is going to be a transition Milestone for us as we work to move team members around. Expect to spend some of your Capacity points on onboarding/offboarding. The transitions are expected to be 100% completed for %14.3.
@beckalippert Please updated your capacity and add your name to any issues you can support or add issues you'll be working on that aren't part of any Group table to the OKR/Extras table.
Please let me know if you have any questions/concerns.
Thank you!
@jmandell I added on nice-to-have item where a blank/empty state is needed, should be a small item.
@matt_wilson Awesome, thank you! Since it's a nice to have but desired to be ready for build in the same milestone (i.e. %14.2) what will happen if it doesn't get picked up in that timeframe?
hey all @gitlab-com/gitlab-ux/secure-protect-ux @NicoleSchwartz @matt_wilson @sam.white @tmccaslin @derekferguson Just a heads-up that we're about 2 weeks out from the %14.2's start which means we should review the current issues and priorities listed in the above tables and discuss if anything is missing and needs to be or should be picked up by someone:
M-1, 1st(~2 weeks before start of milestone)- Now that all of the Group's UX Needs tables have been filled in, it's time to discuss if anyone needs additional Product Designer assistance (i.e. An Issue(s) has a priority that is deemed to be higher than another Group's prioritized list or a PM that doesn't have a PD counterpart has work that needs to get done).
Thank you all for participating in our team planning issue. The new Milestone has begun!!
We've not done this process for two milestones. While we'll continue the same process for %14.3 I think there's room to improve. Last week I created this retro issue to capture any thoughts on what's going well and what can be improved. I'd like to capture this information during %14.2 so we can try and update the process for %14.4 or %14.5 planning.
Thank you again and here's the link to the %14.3 planning issue.
