Improve usability of SAST analyzer configuration UI
Problem to solve
As part of 2023 Q3 - KR3: Secure Usability Benchmarking - ... (&7918), 18 research participants were tasked with configuring GitLab's SAST tool using the UI. The study documented a notable number of user errors within the SAST analyzers
configuration section of the SAST configuration page. The following is a summary of errors related to the analyzer configuration UI:
- 6 Participants wanted more in-depth info on analyzers
- 5 Participants struggled to reveal the list of scanners
- 5 Participants confused about confidence (Note: fields planned for removal)
- 4 Participants had to read the UI content carefully before they were able to complete the task
- 3 Participants were confused about the suggestion to enable all analyzers
- 2 Participants accidentally disabled all scanners
Resources:
JTBD / Need
When configuring SAST scanning for a project, I want to understand the purpose of each analyzer and select the best options for my situation, so I can ensure the project's source code is scanned securely.
Impacted user(s)
- Sam (Security Analyst)
- DevOps teams
Proposal
- Review research sessions and document specific issues
- Iterate on
SAST Analyzer
UI based on noted feedback/usability issues - Validate solution proposal with users (use similar or same task as benchmarking study)
Edited by Michael Fangman