WIP – UX Theme: Decrease remediation time for DevSecOps teams when managing detected secrets within a codebase

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

---

Theme statement

Decrease remediation time for DevSecOps teams when managing detected secrets within a codebase.

• Need: Decrease remediation time
• Beneficiary: DevSecOps teams
• Small job: Managing (tracking) detected secrets within a codebase

Main Job story

• When I am contributing code to a repository, I want to mitigate cybersecurity risks caused by exposed secrets, so I can decrease the likelihood of a bad actor getting unauthorized access to important data.

Business objective

• To be added...

Confidence

Confidence	Research
High	Discover the Jobs to Be Done (JTBD) for Secret ... (ux-research#2707 - closed)

Requirements

⚠️ Related feature and research issues should be linked in the related issues section (Delete this line when this is done)

The beneficiary needs to be able to:

• Decrease remediation time when managing detected secrets within the codebase. This includes:
  • Creating a ticket to track a detected secret through the remediation process
  • Applying an SLA to the ticket to prioritize and ensure timely resolution
  • Assigning the ticket to a team member to establish clear ownership and accountability for remediation
  • Notifying stakeholders to increase awareness of a newly detected secret
  • Differentiating secrets from other security findings to make the assessment, prioritization, and remediation process more efficient.

Research

Issue	Research type	Research status	Relevant insights
Discover the Jobs to Be Done (JTBD) for Secret ... (ux-research#2707 - closed)	Problem validation	Complete	1) Some organizations treat secrets differently from other security findings, highlighting the need for distinct management. 2) Segregating secrets from other findings is essential for clear prioritization. 3) Ambiguity in ownership complicates the remediation process. 4) The absence of a centralized tool to manage secret activity across the SDLC hampers efficiency in risk assessment and remediation. 5) Inability to enforce SLAs results in inefficiencies in managing secret activity across the SDLC.

Ready for design checklist

The items are self-check suggestions; they could be contributed by designers, product managers, or researchers

• The theme has high confidence (derived from research or other data-gathering techniques)
• The Related issues, features, research, and other background information are linked to the related issues section
• The Business objective has been defined
• The Requirements have been defined, and the scope has been agreed upon
• This UX Theme contains everything necessary to complete a design solution and is ready for design

Thematic design workflow checklist

• Theme assessed Ready for design checklist complete
• Ideate and Iterate
  • User flow diagram generated
  • Low-fidelity wireframes of the entire theme created
  • Feedback requested and incorporated into flow diagram and wireframes
• Validate
  • Solution validation conducted on Low/mid-fidelity flow
• Refine
  • Research findings incorporated into design
  • All micro-interactions are defined
  • All edge-cases are accounted for and defined
  • All copy has been reviewed by tech writing
  • Accessibnility guidelines have been considered
  • High-fidelity designs posted
  • Feedback requested from counterparts
    • (If necessary) Validate high-fidelity flow in a 2nd round of user testing
  • Refine final design from feedback and user research
• Hand-off
  • Designs broken down based on the their ability to stand alone and that they provide value to the user.
  • MVC plan agreement reached
  • Planning breakdown complete