This epic will track expanding the PDF Report capability to the https://gitlab.com/groups/gitlab-org/-/epics/16517+ ## Executive Summary This effort is to continue the work stated here: https://gitlab.com/groups/gitlab-org/-/epics/16989+ but is focused on replicating the panels in the _new_ group and project security dashboards here: https://gitlab.com/groups/gitlab-org/-/epics/16517+ ## Business Case This is related to the security dashboard initiative. The security dashboard initiative has been: 1. Verified by over a [dozen customers](https://gitlab.com/groups/gitlab-org/-/epics/18203#note_2885333541). 2. Addresses a significant competitive gap that arises frequently in POVs. 3. Broadly enables upsells by proving the value of Gitlab to executives. 4. Target metric: Increase the number of 'valuable' sessions on the reporting page 1. Secondary Metric: number of PDF exports ## In Scope * Include all modules that are available in the export when its created. * All filters and group-bys should be honored at time of export * Table of contents * Email content should refer to the dashboard * GitLab logo should be included in the exports * Each module should have a small explanatory blurb on what it is. * Export for static vulnerability counts at group level * Export for vulnerabilities over time at group level * Export for risk score at group level * Export for vulnerability age at group level * Export for Top CWEs at group level * Export for MTTR over time at group level (if available) ## Out of Scope * Vulnerability report export * Dependency list export ## Outstanding Questions | Question | Answer | Assignee | Priority | Blocking? | |----------|--------|----------|----------|-----------| | | | | | | | | | | | | ## Designs TBD ## Functional Requirements ### Page Level Support * [ ] Project * [x] Group * [ ] Pipeline \> Security (findings) * [ ] MR Security Widget (findings) * [ ] Security Center * [x] Security Dashboard ### Workflow * [ ] Requires an additional filter on the Vulnerability Report ([docs](https://docs.gitlab.com/development/internal_analytics/internal_event_instrumentation/quick_start/)) * [ ] Requires an addition to the Vulnerability Report export ([docs](https://docs.gitlab.com/user/application_security/vulnerability_report/#exporting)) * [ ] Requires an additional filter on the Dependency List ([docs](https://docs.gitlab.com/user/application_security/dependency_list/)) * [ ] Requires an addition to the Dependency List export ([docs](https://docs.gitlab.com/user/application_security/dependency_list/#export)) * [x] Requires ~documentation ## Non-Functional Requirements ### Product Usage * [x] Requires new instrumentation for event counts of PDF exports total, weekly, and monthly, and weekly and monthly unique users exporting PDFs of the new dashboard([docs](https://docs.gitlab.com/development/internal_analytics/internal_event_instrumentation/quick_start/)) ### Feature Flag Usage * [x] This feature should be released behind a feature flag? ([docs](https://handbook.gitlab.com/handbook/product-development/product-development-flow/feature-flag-lifecycle/#when-to-use-feature-flags)) ### Testing * [x] Requires new E2E test coverage ([docs](https://docs.gitlab.com/development/testing_guide/end_to_end/)) * [ ] Requires extended manual / UAT phase * [ ] Performance testing needed ([testing](https://docs.gitlab.com/ci/testing/load_performance_testing/)) ## Outstanding Questions | Question | Answer | Assignee | Priority | Blocking? | |----------|--------|----------|----------|-----------| | | | | | | ## Resources 1. [Epic Board](Milestone) showing issues across workflow stages. 2. Documentation links 3. Prior work/projects