Solution validation: Security scanning in Web IDE
What’s this issue all about?
Today we begin scanning for vulnerabilities when the pipeline runs and the build job starts. We could potentially reduce time needed to manage vulnerabilities if we move some scanning into the web IDE. Some but not all competitors have a similar feature, mainly due to their integrations so this could give us a competitive advantage while shifting security responsibilities to the developer.
Let's assess both the value and (TBD) proposed experience here with the goal of influencing the MVC.
What questions are you trying to answer?
- What are the expectations users might have for this feature?
- What are the users' goals and objectives when using this feature?
- Is the TBD initial solution is a good problem/solution fit?
What assumptions do you have?
- Developers and engineers will love this feature because it allows them to catch vulnerabilities quicker.
- Developers and engineers will love this idea because it will allow them to commit vulnerability free code changes.
- Security teams will love this feature because it will reduce the number of vulnerabilities that need to be managed in the MR.
- Organizations will love this feature because it expedites the review process and ensures secure code is committed before the review happens.
What decisions will you make based on the research findings?
IF the general idea is valid work toward a Product discovery will be initiated.
Insights from the research will be baked into the Product discovery work.
What's the latest milestone that the research will still be useful to you?
12.4
Test plan:
There may need to be multiple iterations of testing to satisfy both the desire and problem/solution fit.
- Survey: could help provide quant data about desirability
- Mixed contextual inquiry and usability study: could help quickly assess the concept and influence refinements and changes. This might break into two separate studies if the sessions run long and usability testing is compromised