Product discovery for Security Dashboard
Problem to solve
We want to implement a Security Dashboard that will be the main working tool for Security Teams. They will use the dashboard to plan, track and accomplish their work.
We already have a UX research on this topic, now we need to turn it into a working implementation based on this product discovery.
Further details
We want to focus on the group-level Security Dashboard first, but the plan is to have also an instance-level one. This issue may cover both if possible, with more focus on the former.
Work so far:
-
Define MVC Features -
Iterate towards a design deliverable -
Integrate past work on security products for UX continunity
Dashboard MVC feature list
- Dashboard should work in "horizontal" sections, so we can build it incrementally (first "row" stats, second graph, third issues)
- We should be able to "filter" the entire dashboard for data source (sast, dast, container scanning, dependency scanning)
- Big colored boxes are easier to visualize and consume for the summary additional filters (issue-list-like) could be used for the third row
- Display color-coded vulnerabilities ability to see more details, dismiss or create issue on all occurrences in the list.
- See more info, dismiss and/or create an issue for a given occurrence
Features discussed but not in MVC
- Timeline graph
- Ability to change time-frame of graph
- Mean time to fix show in summary
- Dismiss all occurrences for a given vulnerability
Links / references
- UX research for Security Dashboard: ux-research#74 (closed)
- Group-level Security Dashboard: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
- Security Dashboard MVC: &161 (closed)
- Security Dashboard improvements: &275 (closed)
- Data Model for Storing Security Scanning Results: https://gitlab.com/gitlab-org/gitlab-ee/issues/7046
Edited by Andy Volpe