Improve usability of SAST analyzer configuration UI

Problem to solve

As part of 2023 Q3 - KR3: Secure Usability Benchmarking - ... (&7918), 18 research participants were tasked with configuring GitLab's SAST tool using the UI. The study documented a notable number of user errors within the SAST analyzers configuration section of the SAST configuration page. The following is a summary of errors related to the analyzer configuration UI:

1. 6 Participants wanted more in-depth info on analyzers
2. 5 Participants struggled to reveal the list of scanners
3. 5 Participants confused about confidence (Note: fields planned for removal)
4. 4 Participants had to read the UI content carefully before they were able to complete the task
5. 3 Participants were confused about the suggestion to enable all analyzers
6. 2 Participants accidentally disabled all scanners

📸 SAST configuration page (current)

Resources:

• Task summary (research report slide)
• Researcher's summary of results for task (comment)

JTBD / Need

When configuring SAST scanning for a project, I want to understand the purpose of each analyzer and select the best options for my situation, so I can ensure the project's source code is scanned securely.

Impacted user(s)

• Sam (Security Analyst)
• DevOps teams

Proposal

• Review research sessions and document specific issues
• Iterate on SAST Analyzer UI based on noted feedback/usability issues
• Validate solution proposal with users (use similar or same task as benchmarking study)