UX research: auto-remediation MVC to auto-create merge request with fix
What’s this issue all about?
This research is following up on the outcomes of gitlab#14059 (closed). The discovery focused on creating an MVC that would auto create a merge request
with solutions to known vulnerabilities. The MVC, given our current auto-remediation capabilities, will affect projects that are using dependency scanning and using yarn.
As we evolve the UX for auto-remediation our objective is for a 1) generic auto-remediation UX that handles multiple capabilities (consistent UX across different capabilities) and 2) geting closer to out-of-box UX (meaning it works without configuration). One of the upcoming capabilities is gitlab#35433 (closed) (based on gitlab#9384 (closed)).
We’d like this research to take a look at the general usability of the MVC and identify current/future usefulness this may bring to the customer/users. Additionally, we have a discovery to look at auto-merging of auto-created MRs
; we’ll incorporate any insights from this study to influence the outcomes and recommendations of that discovery gitlab#36503.
Who is the target user of the feature?
What questions are you trying to answer?
- What is the user’s perception about auto-remediation?
- What is the user’s expectation with the feature?
- Where does the user go to turn on/off the feature?
- Where does the user go to learn more about the features?
- Does the user understand the AR settings section - specifically, the user enabling feature is the author of the MRs?
- Where does the user expect to see
auto-created
merge request? - Where does the user go to find the
auto-created
merge request? - Is the notification banner seen on dashboard UI helpful to the user?
- How does the user feel about
auto-creation of MRs
and thenAuto-merging of those MRs
Additional questions
- Do they have any automated vulns fix process today?
- Who would be in charge of these auto-fix vulns
What hypotheses and/or assumptions do you have?
- That users will go to project > security > configuration for opt-in/out of feature
- Concerned that since it’s not turned on out-of-the-box, that the feature may go unnoticed
What decisions will you make based on the research findings?
- Usability improvements to the MVC, such as: general fixes, copy in UI, label naming, and MR description
- Influence and guide the next discovery: gitlab#36503, which is focused on
Auto-merging or auto-created merge request
What's the latest milestone that the research will still be useful to you?
Timeline:
-
Create a draft screener. Deadline: Tuesday Nov 26th. -
Create first draft for a script. Deadline: Tuesday Nov 26th. -
Get approval for screener and begin recruiting. Deadline: Wednesday Nov 27th. -
Finalize script. Deadline: Friday Nov 29th. -
Create and finalize a prototype / visuals. Deadline: Tuesday Dec 03. -
Test run and tweaking. Deadline: Tuesday Dec 03. -
Conduct tests. Dec 04 - Dec 06. -
Analysis and reporting. Deadline: Friday Dec 13th.