# Purpose This epic is designed to track progress and updates to the MR following the Baseline Evaluation & Recommendations. ## Background From the [Baseline Evaluation](https://gitlab.com/gitlab-org/gitlab-design/issues/479) Inherent workflow issues overshadowed other experience shortcomings enough for a complete reconsideration of the entire security workflow with the MR. ### Problem to solve: How might we create a workflow that simplifies the remediation process and is inclusive to all users no matter their security ability? ### Proposal: #### Solution idea 1: Define areas of the MR for appropriate security information consumption and action. Concept a new security workflow that is meant to address vulnerabilities detected in changes from the commits only. 1. Change the security widget from an action area to an overview area. 2. Move vulnerability actions to the bottom tabs of the MR and leverage existing code review experience to create a security code review process. 3. Bonus: Consider incremental/targeted security testing coupled with a security testing strategy, instead of full branch scans depending on the type of scan being done. [See this issue](https://gitlab.com/gitlab-org/gitlab-ee/issues/12857) | Today | Tomorrow | | ------ | ------ | |  |  | ### Plan