Secure & Protect Team Planning Issue for 15.0 🎉
Product Designer's Available Capacity
| Designer | Group Capacity | Flex Capacity | TOTAL Capacity |
|---|---|---|---|
| Andy | 0 | 15 | 15 |
| Becka | 20 | 0 | 20 |
| Camellia | -- | -- | -- |
| Michael | 11 | 6 | 17 |
Product Designer's Out Of Office (OOO)
| Designer | OOO Start - End |
|---|---|
| Andy |
04-20 - 04-26
|
| Becka | |
| Camellia | Out through 2022-06-30 |
| Michael |
Review Existing UX SUS Related Issues
NOTE: We need to strive to act upon these issues quickly as they will impact our usability
Team Planning Meeting
Composition Analysis UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight | Carryover Notes |
|---|---|---|---|---|---|---|---|
| 0 | Re-Do CMS Test | Not Started | 100% | - | 15.1 | - | did previously and failed, but hoping dependency path mvc bumps us over the line |
| 1 | - SBOM - Dependency List - Bill of Materials - UX enhancements |
Survey Done | @beckalippert | > 15.0+ | ~5 | Survey complete - what changes do we want/need based on said survey to the dependency list page as a result? (will change to need in a few releases if not done) | |
| 2 | Warn about Dependency Scanning jobs using a vulnerability DB that might be outdated | Design Done | @mfangman | 15.1+ | Design Done - but might need iteration on dev feedback if we hit bumps | ||
| 3 | Allow security reports to be read on job completion not pipeline completion & to handle mixed job success and failures | Need design | @beckalippert | 15.1+ | 3 | Carried over / rollover | |
| 4 | Warn about Dependency Scanning jobs using unauthorized Docker images | Need design -mimic Warn about Dependency Scanning jobs using a vulnerability DB that might be outdated ? | @beckalippert | 15.1+ | 1 | had paused to see if wanted to pivot to #267591 but no | |
| 99 | Improve empty state instructions for Dependency List and License Compliance page | ? | 1 | ? | |||
| 99 | Automatic remediation states | When unblocked will then need to progress by finding edge cases and working them | ? | ? | ? | ||
| 99 | Add filters / grouping to the Dependency List page | May be covered by 1 and 2 | ? | ? | Becka is already working this? | ||
| 99 | Make state of license database clear | ? | ? | ? | |||
| 99 | Make state of approval more clear | ? | 4 | ? | |||
| 99 | License Compliance - Better information for new installs | ? | 1 | ? |
Container Security UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight | Carryover Notes |
|---|---|---|---|---|---|---|---|
| 1 | Solution Validation for container registry scans | Ready for validation | Tim will be taking this on | needs to be completed by %15.1 | |||
| 2 | Ambiguity in regards to whether a MR has been approved automatically even when there are defined rules | workflowready for design | @andyvolpe | %15.1 | |||
| 3 | workflowready for design | This is important but not urgent. Timeline can be flexible. | |||||
| 4 | 🎨 Design: Support Additional Filtering for Scan... (#356808 - closed) | workflowready for design | %15.3 | ||||
| 5 | 🎨 Design: Scanner-specific criteria in scan res... (#356809 - closed) | workflowready for design | n/a - this is a research spike | ||||
| 6 | Assistance with MR reviews |
Dynamic Analysis:DAST/Fuzz UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight | Carryover Notes |
|---|---|---|---|---|---|---|---|
| 1 | Problem validation: How do DevOps teams want to configure their security tools | Analysis underway | @mfangman | 5 | ~14 hours of sessions to review. It'll take some time | ||
| 2 | Design: DAST pre-flight config validation | Design in progress | @mfangman | 3 | Design should be close by the end of %14.10. In this milestone I'll focus on refinements and solution validation | ||
| 3 |
|
@mfangman | 3 |
SAST UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight | Carryover Notes |
|---|---|---|---|---|---|---|---|
| 1 |
DUPLICATE FROM DAST Problem validation: How do DevOps teams want to configure their security tools
|
Analysis underway | @mfangman | – | ~14 hours of sessions to review. It'll take some time | ||
| 2 |
|
Timing is still TBD | @mfangman | 3 |
Vulnerability Management UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight | Carryover Notes |
|---|---|---|---|---|---|---|---|
| 1 | ux-research#1869 (closed) | User research complete, putting insights into Dovetail | @beckalippert | %15.0 | 5 | ||
| 2 | #342079 (closed) | Design explorations on filter and search on the Vulnerability Report | @beckalippert | %15.0 | 5 |
OKR/Extra UX Needs
| Priority | Issue/Epic | State |
|
Designer | Ready for Build By | ≅ Weight |
|---|---|---|---|---|---|---|
| - | UX Roadmap for SAST | - | @mfangman | 15.1 | 3 | |
| - | UX Roadmap for Threat Insights | - | @beckalippert | %15.0 | 3 | |
| - | UX Roadmap for Container Scanning | - | @beckalippert | %15.0 | 3 | |
| - | UX Showcase | @beckalippert | %15.0 | 3 | ||
| - | UX Showcase | Needs problem validation | @andyvolpe | %15.0 | 2 | |
| - | ~"devops::configure" collab | - | @andyvolpe | - | 4 | |
| - | devopsmonitor collab | - | @andyvolpe | - | 4 | |
| - | Q2 OKR | TBD | @andyvolpe | - | 2 | |
| - | SCSS | TBD | @andyvolpe | - | 3 |
-
Set the Milestone (current Milestone) -
Set the Due Date for the end of the current Milestone -
Assign the entire team PMs and PDs
Edited by Justin Mandell