Usability and product validation of security approval MVC
What’s this issue all about?
We want to test the usability and product usefulness of the security approval MVC. Overall, get a better understanding of the user’s perception of the feature and it’s related areas: settings general, MR approvals settings, and the approver's panel in the merge request widget.
Objectives
- General feedback about how users currently secure their applications
- Inform next feature iterations and usability improvements
- Learn if this MVC could bring value to the customer’s workflow
- Better understand how the user perceives the vulnerabilities in the merge request widget
What questions are we trying to answer?
Project Settings > General > Merge request approvers
- Can the user find the setting? Discoverability
- Can the user activate and setup the security approval group
Vulnerability-Check? - Does the user understand the feature?
- What is the users expectations with the feature?
- Does the user know how to learn more?
Merge request widget (approvers section)
- Can the user approve the merge request? Do they know why they approved?
- What is the user’s perception of the approval section?
- What is the user’s expectations? What do they think they are approving?
- If the user is part of the security approval group, do they know why they were mentioned/received a notification about a specific MR?
- If user (analyst) doesn't want to approve merge request, because of a vulnerability, what would they do?
- When the user (developer) wants to merge the MR, but it requires security approval, do they understand why? What would they do next?
Merge request widget (vulnerabilities detected)
- What is the user’s perception of this section?
- What do they think it is and how it works?
- What vulnerabilities are important to them? Why?
- What would they do to address a vulnerability?
Users we want to talk to
Results
Edited by Nicole Schwartz