WIP: Security Engineer customer survey

Overview

We have a few outstanding questions for security engineers we could use some feedback on, such as:

• What are the most desired and most realistic combination of filter queries?
  • We'll use the response to build out 2 or 3 of the most complex responses for the filter prototypes for usability testing. This would let us provide a lot more guidance—and guardrails—to the FE team if we do ask them to help mock up an interactive prototype, and may lead to not even needing their help (if the queries are simple enough to mock up with a design prototype).
• How should we handle grouping by Identifier and Location?
  • For location, Matt and I discussed maybe a subfilter to scope to either directory or file. Or, if the tool is scoped to Container Scanning (only), we can also show grouping by Location > Container image. (For the latter, how might we surface this functionality?)
  • For identifier, we discussed a subfilter for "Primary", "Any", "CWE- most specific", and "CWE - least specific"; referring to the chart on the CVE.mitre.org website here.
  • Would these be helpful or something else?
• How do they use the security tab in the pipeline page?
  • Related issue: User research: Vulnerability management in the pipeline security tab
• TBD

At the end of the survey, we'd also like to ask if they're interested in providing ongoing feedback on upcoming Secure features at GitLab, and if so, how. (e.g. synchronous calls, Slack channel, surveys via email).