Product discovery for Security Dashboard

Problem to solve

We want to implement a Security Dashboard that will be the main working tool for Security Teams. They will use the dashboard to plan, track and accomplish their work.

We already have a UX research on this topic, now we need to turn it into a working implementation based on this product discovery.

Further details

We want to focus on the group-level Security Dashboard first, but the plan is to have also an instance-level one. This issue may cover both if possible, with more focus on the former.

Work so far:

Define MVC Features
Iterate towards a design deliverable
Integrate past work on security products for UX continunity

Dashboard MVC feature list

Dashboard should work in "horizontal" sections, so we can build it incrementally (first "row" stats, second graph, third issues)
We should be able to "filter" the entire dashboard for data source (sast, dast, container scanning, dependency scanning)
Big colored boxes are easier to visualize and consume for the summary additional filters (issue-list-like) could be used for the third row
Display color-coded vulnerabilities ability to see more details, dismiss or create issue on all occurrences in the list.
See more info, dismiss and/or create an issue for a given occurrence

Features discussed but not in MVC

Timeline graph
- Ability to change time-frame of graph
Mean time to fix show in summary
Dismiss all occurrences for a given vulnerability

Links / references

UX research for Security Dashboard: ux-research#74 (closed)
Group-level Security Dashboard: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
Security Dashboard MVC: &161 (closed)
Security Dashboard improvements: &275 (closed)
Data Model for Storing Security Scanning Results: https://gitlab.com/gitlab-org/gitlab-ee/issues/7046

Edited Sep 07, 2018 by Andy Volpe