Skip to content

UX Theme: Enable Engineering teams to deliver secure and compliant code efficiently

UX Theme: Enable Engineering teams to deliver secure and compliant code efficiently

Problem to solve

  1. How might we leverage security, automation, and collaboration capabilities to improve the code review experience
  2. How might we assist Security domain experts who participate in code reviews

Beneficiary

  • Engineering teams

Need & Primary JTBD

  • When I'm making changes, I want to deliver secure and performant code, so I can ensure the integrity of my organization's software is not compromised.
  • Need: Product is delivered to end-users, Security and Compliance policies are maintained, and the integrity of the Organization's assets are not compromised.

Expected outcome

  • Code authors will be able to self-review their code and address Security and Compliance policy violations
  • Code reviewers will be able to peer-review code and point-out Security and Compliance policy violations to the code author
  • Security domain experts will be able to understand the context of the Security and Compliance policy violations in relation to the code changes and assist in the code review process if necessary.

Business objective

  1. DevSecOps Adoption (Ultimate adoption)
  2. Increase usability

Confidence

Confidence Research
🟢 High gitlab-design#2036 (closed)

Requirements

The Code Author needs to be able to:

  • Know if they have met the criteria required by my organization
  • Know what action they are required to take if my changes are not acceptable
  • Know if the actions they took addressed the problem

The Code Reviewer needs to be able to:

  • Know if the changes meet the requirements of the Org
  • Know what the code review requirements are relating to Security and Compliance
  • Flag and suggest changes to the author
  • Verify requested changes were made
  • Bring in a domain expert when there is uncertainty

The Security Domain Expert needs to be able to:

  • Set Org policy for what can be merged
  • Create flexible policies based on situation and risk
  • Ensure engineers can resolve a violation when it is detected

Research

Issue Research type Research status
Developer Engagement Survey Problem Validation Complete
Understand internal adoption challenges for the Security widget (MR) Problem Validation Complete
Competitive assessment: Managing Security & Code Quality results in the MR Competitive Assessment Complete
Solution validation: New Sec&Compliance flows in the MR Solution Validation Complete
Solution validation: Security widget redesign Solution Validation Complete

UX Vision

Note: The UX vision sets a high-level direction for the proposal. This vision will be further refined and validated as work progresses on this UX Theme.

Ready for design checklist

The items are self-check suggestions; they could be contributed by designers, product managers or researchers

  • The stated Problem to solve has high confidence (derived from research or other data-gathering techniques)
  • Relevant issues, research, and other background information are linked to the Related issues section
  • The stated Beneficiary has been defined
  • There is high confidence in the stated Need & Primary JTBD (derived from research or other data gathering techniques)
  • The Expected outcome has been defined
  • The Business objective has been defined
  • The theme Confidence has been defined as High
  • The Requirements have been defined and the scope has been agreed upon
  • This UX Theme contains everything necessary to complete a design solution and is ready for design
Edited by Michael Fangman