Revise behavior of "Add Security Testing" button on repo homepage
Related to gitlab-design#1730 (closed).
Problem to solve
The security configuration button on the project homepage doesn't reflect the current configuration state of a project and directs users to documentation instead of an area where they can actually add security testing. The button currently links users to the SAST documentation, even after SAST is enabled. This poses a few problems:
- Linking to the SAST documentation doesn't educate users about the other security tools available to them
- The documentation doesn't immediately illustrate that some security tools can be configured just by clicking a few buttons (UI configuration)
- Linking to SAST documentation, even after it's configured doesn't promote the adoption of other security features
- Most similar actions on the project homepage change state after the relevant item has been configured/linked. Security configuration not adhering to this pattern could suggest that the configuration process is broken or didn't work.
Proposal
- Link to the security configuration page instead of the SAST documentation
- The configuration page provides a simple overview of the various security tools available
- The configuration page can provide additional information and contextual doc links for users who are new to application security
- The configuration page provides an easy entry point into scanner configuration
- Change the button variation from
dashed
todefault
after any 1 security scanner is enabled. Button text should also be updated from "Add Security Testing" to "Security configuration"
Questions/unknowns
- How does this area differ for
core
vsultimate
users? - Who is the DRI for this area? Who needs to be included in this proposal?
Edited by Michael Fangman