Show on dashboard when security tests are not run or out of date
Problem to solve
GitLab Auto DevOps runs SAST/DAST/Dependency scanning/Container scanning by default. We won't force people to run it, but organizations want to ensure that everything they deployed is tested. The security dashboard should show untested applications. (original problem statement from #7521 (closed))
It's unclear in the security dashboard what projects in the group have or have not been tested and when.
- Untested projects (not setup for scanning): Display untested projects in the group dashboard for user awareness. This awareness may prompt the user to setup security scans for untested projects.
- Tested projects (setup for scanning): There may be failed pipelines, that result in the data in the table being "out of date". User should be aware of projects that may be "out of date".
|i layout||ii aside, general||iii aside, overflow/hover||iv no Results||v visual|
|"Project scanning" aside in layout - current work on #12846 (layout update) and #11190 (adding aside)||"Out of date" items are projects that are setup for testing but haven't been tested in "5/15/30/60 or more days". The aside is a fixed height container, with the data in overflow for scroll when needed.
||Project names link to project landing page. The different day ranges are prioritized by "60 days or more" (greatest to least days since testing 60/30/15/5); if a range doesn't contain any projects: it doesn't show in the UI.||In the case no results are found that meets the criteria||Visual design, including #12846 and #11190|
Based on discovery work done in #7521 (comment 195264318)
Permissions and Security
What does success look like, and how can we measure that?
- User awareness of untested projects and/or projects that are out of date
- User better understands the source of information displayed in the chart and table
- Validate in think-aloud testing or other ux-research#240