Validate Secure configuration UI: value and usability
What’s this issue all about?
This issue is following up on https://gitlab.com/gitlab-org/ux-research/issues/277 that discovered users are struggling to understand and set up security scans. A positive finding: users navigated to the left nav "Security and Compliance" section when tasked with setting up SAST.
Currently, we are working on adding a configuration status screen, https://gitlab.com/gitlab-org/gitlab-ee/issues/13638; this is aimed at bringing awareness of Secure features (and if they have been configured/status). Additionally, we would like to leverage our documentation, displaying links in the UI so the user has access to learn about and how to set up features. As a second step, we'd like to offer the user the ability to configure security scans in the UI, with the objective to get closer to the "out of the box" experience.
Working cross-functionally, the team has as a proposed solution seen in https://gitlab.com/gitlab-org/gitlab-ee/issues/13646. We'd like to get our prototype of the proposed solution in front of users for feedback.
Planning to research this issue concurrently with #360 (closed), leveraging the same study and participants for feedback.
Who is the target user of the feature?
This screen will be available to use by a project or maintainer. Our testing would best be suited for a lead developer or developer.
What questions are you trying to answer?
User navigating to the configuration page
- Can the user find the configuration page (when tasked with setting up a security scan)?
User on the configuration page
- Does the user understand what the UI can do?
- Does the user understand the info text - is it helpful?
- If the user is confused or would like to learn more, what do they do?
- Are the documentation links clear and helpful?
- Does user know why some √ are disabled?
- When user selects a scan to add (via checkbox), do they understand the CTA "Create Merge Request" - what are their expectations?
User on the Merge Request
- Does the user understand the changes that have been committed?
- What does the user expect/want to see/do on the MR landing page?
- Is the default text in the description clarifying?
- Do they proceed to merge the MR?
Core questions
- Is the improvement from our current configuration flow?
- Do users have a positive experience in this workflow?
Additional questions
- Are we using copy that provides clear expectations?
What hypotheses and/or assumptions do you have?
- Hypotheses is that users will be able to find the configuration screen
- This will overall be a more positive experience than a current workflow
- Likely some confusion about the merge request CTA, but if they are familiar with
gitlab-ci.yml
it will be more clear - Documentation links will help answer questions about the scans
What decisions will you make based on the research findings?
- Clarify copy used on the sub-text and CTA buttons
- Improvement to the proposed solution based on user feedback/reactions to design
- Prioritizing the proposed solution for implementation
What's the latest milestone that the research will still be useful to you?
Links: