🎨 Design: Static Analysis findings within MR changes - Post MVC
Problem to solve
The MVC design proposal for displaying Static Analysis finding details in MR Changes represents a significant enhancement for finding triage in MR changes and establishes a solid foundation for future developments. Nevertheless, there are several opportunities for refinement that will result in a closer alignment with the existing user interface for vulnerability details in the application.
Proposal
Update the SAST and Code Quality inline finding experience so that it provides a more consistent and effective presentation of information, ultimately contributing to an enhanced user experience.
Summary of the proposed changes
- Layout Changes: Revise the layout for SAST findings to align more closely with the vulnerability details page and the new reusable details modal (see related issue: #413516 (closed)). The code quality details drawer should follow a similar design pattern to promote consistency between the drawers.
- Status Field: Update the status field to align with other status fields, similar to the full vulnerability detail page. Additionally, provide details about when the current status was applied, akin to the vulnerability details page as well.
- Name Field: Revise the styling of the finding name to give it more visual prominence, consistent with other object names in the application (typically these use header tags like H1 or H2).
- Finding Actions: Update the action buttons for SAST findings to align with the new reusable vulnerability details modal. Note that actions are also included as part of the CQ vision design, but are not expected to be implemented for CQ yet (this design represents the next iteration for CQ). This update should hopefully help address the problem outlined in [SPIKE] Align the actionable items of the SAST ... (#429883 - closed)
- Pagination: Instead of only allowing pagination between findings on a given line, we should consider allowing users to paginate through all findings in the changes tab. This would streamline finding triage and potentially simplify the implementation. This design proposal also repositions the pagination buttons to better utilize space in the drawer header. (Note: Will need UX Foundations to review)
- Code Quality findings: For Code quality findings, there are two provided drawer designs. One represents an 'ideal vision' and introduces additional elements not yet implemented. These additions include support for the 'body' field (a valuable source of information, when available), a 'status' field, and 'actions' for the findings. Additionally, I've provided a design without these additions that could serve as the target for the next iteration.
- Finding Popover in Changes Tab: In the MVC design proposal there is a small inconsistency in the popover design when dealing with single findings versus multiple findings on a line. This proposal aims to address this issue to ensure consistent information display, whether there is one or multiple findings per line. However, there may still be room for improvement. Striking a balance between consistency and effective information communication is the goal here. Additionally, the popover has been enhanced to indicate when the 'dismissed' status is applied to a finding. This should hopefully help address the problem outlined in [Bug] SAST Inline Findings don't reflect findin... (#429832 - closed)
Intended users
Edited by Michael Fangman