UX Theme: Enable Engineering teams to deliver secure and compliant code efficiently
UX Theme: Enable Engineering teams to deliver secure and compliant code efficiently
Problem to solve
- How might we leverage security, automation, and collaboration capabilities to improve the code review experience
- How might we assist Security domain experts who participate in code reviews
Beneficiary
- Engineering teams
Need & Primary JTBD
- When I'm making changes, I want to deliver secure and performant code, so I can ensure the integrity of my organization's software is not compromised.
- Need: Product is delivered to end-users, Security and Compliance policies are maintained, and the integrity of the Organization's assets are not compromised.
Expected outcome
- Code authors will be able to self-review their code and address Security and Compliance policy violations
- Code reviewers will be able to peer-review code and point-out Security and Compliance policy violations to the code author
- Security domain experts will be able to understand the context of the Security and Compliance policy violations in relation to the code changes and assist in the code review process if necessary.
Business objective
- DevSecOps Adoption (Ultimate adoption)
- Increase usability
Confidence
Confidence | Research |
---|---|
🟢 High | gitlab-design#2036 (closed) |
Requirements
The Code Author needs to be able to:
- Know if they have met the criteria required by my organization
- Know what action they are required to take if my changes are not acceptable
- Know if the actions they took addressed the problem
The Code Reviewer needs to be able to:
- Know if the changes meet the requirements of the Org
- Know what the code review requirements are relating to Security and Compliance
- Flag and suggest changes to the author
- Verify requested changes were made
- Bring in a domain expert when there is uncertainty
The Security Domain Expert needs to be able to:
- Set Org policy for what can be merged
- Create flexible policies based on situation and risk
- Ensure engineers can resolve a violation when it is detected
Research
Issue | Research type | Research status |
---|---|---|
Developer Engagement Survey | Problem Validation | Complete |
Understand internal adoption challenges for the Security widget (MR) | Problem Validation | Complete |
Competitive assessment: Managing Security & Code Quality results in the MR | Competitive Assessment | Complete |
Solution validation: New Sec&Compliance flows in the MR | Solution Validation | Complete |
Solution validation: Security widget redesign | Solution Validation | Complete |
UX Vision
Note: The UX vision sets a high-level direction for the proposal. This vision will be further refined and validated as work progresses on this UX Theme.
Ready for design checklist
The items are self-check suggestions; they could be contributed by designers, product managers or researchers
-
The stated Problem to solve
has high confidence (derived from research or other data-gathering techniques) -
Relevant issues, research, and other background information are linked to the Related issues section -
The stated Beneficiary
has been defined -
There is high confidence in the stated Need & Primary JTBD
(derived from research or other data gathering techniques) -
The Expected outcome
has been defined -
The Business objective
has been defined -
The theme Confidence
has been defined as High -
The Requirements
have been defined and the scope has been agreed upon -
This UX Theme contains everything necessary to complete a design solution and is ready for design
Edited by Michael Fangman