24 Jul 2023
Description of the left nav for security findings using a test project against a production instance of Gitlab
- 4 participants
- 23 minutes
1 Sep 2022
A walkthrough of the high-level vision for Security Profiles. https://gitlab.com/gitlab-org/gitlab/-/issues/372190
- 1 participant
- 18 minutes
25 Apr 2022
Walkthrough of the design proposal for DAST pre-scan verification. https://gitlab.com/gitlab-org/gitlab/-/issues/344959#note_918912355
- 1 participant
- 15 minutes
15 Oct 2020
- 1 participant
- 10 minutes
16 Sep 2020
Becka Lippert, Product Designer of the Static Analysis group within the Secure & Defend stage at GitLab, walks through the initiative to bring SAST Configuration into the UI for a more seamless workflow and improved user experience.
- 1 participant
- 15 minutes
9 Sep 2020
UI/FE revisions/updates to upcoming MVC to auto-create merge request w/fixes
https://gitlab.com/gitlab-org/gitlab/-/issues/234082/
and
https://gitlab.com/gitlab-org/gitlab/-/issues/235126
https://gitlab.com/gitlab-org/gitlab/-/issues/234082/
and
https://gitlab.com/gitlab-org/gitlab/-/issues/235126
- 1 participant
- 5 minutes
17 Aug 2020
- 1 participant
- 2 minutes
8 Jul 2020
design review for alerts MVC (threats monitoring): https://gitlab.com/groups/gitlab-org/-/epics/3438
- 1 participant
- 6 minutes
20 May 2020
Reviewing a low-cost experiment aiming to drive direct feedback from users, reinforcing contribution guidelines, and possible user research recruiting
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/218369
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/218369
- 1 participant
- 5 minutes
20 May 2020
Reviewing epics with ux/usability improvement recommendations at the project and group level
0:00 - 2:57 context and current ux demo
2:57 - 20:18 epic issues overview (project level)
20:18 - 22:08 epic issues overview (group level)
epics:
https://gitlab.com/groups/gitlab-org/-/epics/2319
https://gitlab.com/groups/gitlab-org/-/epics/3202
0:00 - 2:57 context and current ux demo
2:57 - 20:18 epic issues overview (project level)
20:18 - 22:08 epic issues overview (group level)
epics:
https://gitlab.com/groups/gitlab-org/-/epics/2319
https://gitlab.com/groups/gitlab-org/-/epics/3202
- 3 participants
- 22 minutes
15 May 2020
reviewing issue: https://gitlab.com/gitlab-org/gitlab/-/issues/13298
0:00 - 2:15 context and problem overview
2:15 - 3:45 proposal review
3:45 next questions/considerations
0:00 - 2:15 context and problem overview
2:15 - 3:45 proposal review
3:45 next questions/considerations
- 1 participant
- 5 minutes
15 May 2020
a quick walkthrough of an early UI improvement ideation for the issue: https://gitlab.com/gitlab-org/gitlab/-/issues/198034
- 1 participant
- 3 minutes
28 Apr 2020
Walk-through demonstrating how ZAP definitions are updated in DAST
- 3 participants
- 34 minutes
3 Apr 2020
Prep walkthrough ahead of the upcoming Think-BIG session with Secure & Package team, the review includes:
• Container scanning configuration required at the project level https://docs.gitlab.com/ee/user/application_security/container_scanning/
• Displaying container vulnerabilities detected
• Filtering vulnerabilities from multiple images
• Suggested solution, current UX: create merge request with updates
• Suggested solution, future UX: auto-created merge request
• Suggested solution, future UX: show in merge request findings and solutions
• Secure/Package improvement issues for consideration
• Container scanning configuration required at the project level https://docs.gitlab.com/ee/user/application_security/container_scanning/
• Displaying container vulnerabilities detected
• Filtering vulnerabilities from multiple images
• Suggested solution, current UX: create merge request with updates
• Suggested solution, future UX: auto-created merge request
• Suggested solution, future UX: show in merge request findings and solutions
• Secure/Package improvement issues for consideration
- 1 participant
- 8 minutes
30 Mar 2020
0:00 - 06:29 A brief history: proprietary software, free software movement, and open source
06:29 - 9:57 What are software licenses and what makes code open source?
9:57 - 15:25 Current UX review and next steps
06:29 - 9:57 What are software licenses and what makes code open source?
9:57 - 15:25 Current UX review and next steps
- 1 participant
- 15 minutes
23 Mar 2020
Sam has been working on the Security Dashboard Integration recently. As the task has shown to be bigger than expected, we had a talk/planning on how to divide it so that multiple people can work at the same time on different parts of it.
Here is the MR for the plan we decided to follow during this talk: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27674
Here is the MR for the plan we decided to follow during this talk: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27674
- 2 participants
- 28 minutes
19 Mar 2020
00:00 - 00:30 Introduction
00:30 - 02:50 Classification review
02:50 - 05:11 Current UX in Projects license compliance section
05:11 - 07:50 Current UX in merge request (newly detected licenses)
07:50 - 10:18 Latest proposal iteration review
10:18 - 11:07 Wrap up and next steps
Issue seen in video: https://gitlab.com/gitlab-org/gitlab/-/issues/196845
A related issue, displaying out-of-compliance: https://gitlab.com/gitlab-org/gitlab/-/issues/33870
00:30 - 02:50 Classification review
02:50 - 05:11 Current UX in Projects license compliance section
05:11 - 07:50 Current UX in merge request (newly detected licenses)
07:50 - 10:18 Latest proposal iteration review
10:18 - 11:07 Wrap up and next steps
Issue seen in video: https://gitlab.com/gitlab-org/gitlab/-/issues/196845
A related issue, displaying out-of-compliance: https://gitlab.com/gitlab-org/gitlab/-/issues/33870
- 1 participant
- 11 minutes
17 Mar 2020
UX iteration review on dependency list UI to improve displaying vulnerabilities, usability, readability
00:00 - 02:25 context and problem overview
02:25 - 08:02 iteration proposal review
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/195928
00:00 - 02:25 context and problem overview
02:25 - 08:02 iteration proposal review
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/195928
- 1 participant
- 8 minutes
15 Mar 2020
- 1 participant
- 8 minutes
12 Mar 2020
00:00 - 03:20 context, current UX, and problem to solve
03:20 - 04:42 latest iteration solution overview
04:42 - 06:08 issue feedback, next steps, and conclusion
Issue (license compliance): https://gitlab.com/gitlab-org/gitlab/-/issues/33870
Related issue (dependency list UI polish): https://gitlab.com/gitlab-org/gitlab/-/issues/195928
03:20 - 04:42 latest iteration solution overview
04:42 - 06:08 issue feedback, next steps, and conclusion
Issue (license compliance): https://gitlab.com/gitlab-org/gitlab/-/issues/33870
Related issue (dependency list UI polish): https://gitlab.com/gitlab-org/gitlab/-/issues/195928
- 1 participant
- 6 minutes
25 Feb 2020
This video goes over the Secure Data Model objects as they appear in the database.
This was recorded Feb 25, 2020.
More information on the Secure Data Model can be found here on the issue below, including links to supporting documents.
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/issues/5
This was recorded Feb 25, 2020.
More information on the Secure Data Model can be found here on the issue below, including links to supporting documents.
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/issues/5
- 7 participants
- 1:00 hours
21 Feb 2020
00:00-01:56 background context
01:56-03:07 problem and ideation
03:07-08:06 design review
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/202224
Problem validation issue: https://gitlab.com/gitlab-org/gitlab/issues/7149
01:56-03:07 problem and ideation
03:07-08:06 design review
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/202224
Problem validation issue: https://gitlab.com/gitlab-org/gitlab/issues/7149
- 1 participant
- 8 minutes
20 Feb 2020
00:00-03:15 problem context
03:15-06:47 proposal ideation
06:47-10:30 discovery questions
%12.9 discovery overview looking into creating a security member for our upcoming auto-remediation feature; which auto-creates merge requests with fixes to vulnerabilities.
Discovery issue: https://gitlab.com/gitlab-org/gitlab/issues/197349
Related previous discovery, MVC (auto-creation of merge requests): https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
03:15-06:47 proposal ideation
06:47-10:30 discovery questions
%12.9 discovery overview looking into creating a security member for our upcoming auto-remediation feature; which auto-creates merge requests with fixes to vulnerabilities.
Discovery issue: https://gitlab.com/gitlab-org/gitlab/issues/197349
Related previous discovery, MVC (auto-creation of merge requests): https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
- 1 participant
- 11 minutes
17 Feb 2020
0:00-4:23 Context and flow configuring SAST, License Compliance, Dependency Scanning
4:23-9:47 Proposal when the user selects to configure DAST and/or Container Scanning UX
9:47-12:27 Related flow: untested projects on group dashboard anchors to the project configuration screen
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/34771
Related video: https://www.youtube.com/watch?v=gKtVOMt5WO0
4:23-9:47 Proposal when the user selects to configure DAST and/or Container Scanning UX
9:47-12:27 Related flow: untested projects on group dashboard anchors to the project configuration screen
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/34771
Related video: https://www.youtube.com/watch?v=gKtVOMt5WO0
- 1 participant
- 12 minutes
4 Feb 2020
Reviewing the latest UX iteration for this issue: https://gitlab.com/gitlab-org/gitlab/issues/196533
Related: recent auto-remediation MVC walkthrough https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
Related: recent auto-remediation MVC walkthrough https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
- 1 participant
- 12 minutes
21 Nov 2019
Kyle shares the UX strategy for GitLab's new Secure Configuration UI
- 1 participant
- 15 minutes
15 Nov 2019
0:00 - 1:26 • context and current UX
1:26 - 12:12 • MVC review
12:12 - end • resulting issues and next steps
Issue update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_245374632
Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
1:26 - 12:12 • MVC review
12:12 - end • resulting issues and next steps
Issue update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_245374632
Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
- 1 participant
- 16 minutes
6 Nov 2019
Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
Issues update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_240956001
Issues update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_240956001
- 1 participant
- 16 minutes
24 Oct 2019
This video is one of the UX scorecard study at gitlab. The purpose of UX scorecard study is to identify, scope, and track the effort of addressing usability concerns within a specific workflow. Today we are focusing on on the secure area of gitlab, this is a feature for our ultimate users.
The persona for this UX scorecard study could be Security specialist, developers or dev ops who take care of the security of their product.
The scenario for this UX scorecard study is: as a security specialist, my main task monitoring and flagging events, running down high priority tasks. I just upgrade gitlab account, so that I want to try out the security feature.
The persona for this UX scorecard study could be Security specialist, developers or dev ops who take care of the security of their product.
The scenario for this UX scorecard study is: as a security specialist, my main task monitoring and flagging events, running down high priority tasks. I just upgrade gitlab account, so that I want to try out the security feature.
- 1 participant
- 14 minutes
26 Sep 2019
The Secure team reviewing the current state of license compliance feature, discussing priorities, and outlining next steps.
License compliance list issue: https://gitlab.com/gitlab-org/gitlab/issues/13582
Discovery, license policy MVC: https://gitlab.com/gitlab-org/gitlab/issues/12941
License compliance list issue: https://gitlab.com/gitlab-org/gitlab/issues/13582
Discovery, license policy MVC: https://gitlab.com/gitlab-org/gitlab/issues/12941
- 4 participants
- 17 minutes
19 Aug 2019
UX team reviews and ideates on low-fidelity designs for day I and setup UX for Secure features
- 4 participants
- 21 minutes
31 Jul 2019
Stage: Secure
Experience: Interacting with vulnerabilities in the MR
Job to be done: When committing changes to my project, I want to be made aware if I am adding risk through vulnerable code, so that I know my changes can be merged without increasing the risk of my project.
Evaluation: https://gitlab.com/gitlab-org/gitlab-design/issues/400
Recommendations: https://gitlab.com/gitlab-org/gitlab-design/issues/479
Link to issue: https://gitlab.com/gitlab-org/gitlab-design/issues/400
Link to Experience Baselines and Recommendations documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Experience: Interacting with vulnerabilities in the MR
Job to be done: When committing changes to my project, I want to be made aware if I am adding risk through vulnerable code, so that I know my changes can be merged without increasing the risk of my project.
Evaluation: https://gitlab.com/gitlab-org/gitlab-design/issues/400
Recommendations: https://gitlab.com/gitlab-org/gitlab-design/issues/479
Link to issue: https://gitlab.com/gitlab-org/gitlab-design/issues/400
Link to Experience Baselines and Recommendations documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
- 1 participant
- 8 minutes
6 Jul 2019
Walkthrough of a Secure feature: license management, which is included in our Ultimate tier. It’s important to note that this feature is at a very early stage and is currently considered as an MVP. There are a lot of upcoming improvements so this video will quickly get outdated.
This is part of the GitLab Design team’s Baseline-Experience initiative, where we audit our existing core features quarterly and propose improvement recommendations.
Experience Baseline Documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Related issues:
https://gitlab.com/gitlab-org/gitlab-design/issues/402
https://gitlab.com/gitlab-org/gitlab-design/issues/478
Secure UX: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/
This is part of the GitLab Design team’s Baseline-Experience initiative, where we audit our existing core features quarterly and propose improvement recommendations.
Experience Baseline Documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Related issues:
https://gitlab.com/gitlab-org/gitlab-design/issues/402
https://gitlab.com/gitlab-org/gitlab-design/issues/478
Secure UX: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/
- 1 participant
- 13 minutes
1 Jul 2019
Kyle walking through a design recommendation for the layout on our Security Dashboard feature.
Secure UX team: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/index.html
Baseline Experience: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Secure UX team: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/index.html
Baseline Experience: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
- 7 participants
- 29 minutes
18 Jun 2019
Walking through design recommendation for the layout on our Security Dashboard feature. This is part 2 of our Baseline Experience initiative.
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/eng...
Part 1 issue, audit: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Part 1 experience walkthrough: https://www.youtube.com/watch?v=_JtUdaTyAbk&list=PL05JrBw4t0KqkW0oPW3n0HqVgKcONVnO5&index=3
Part 2 issue, recommendation: https://gitlab.com/gitlab-org/gitlab-design/issues/460
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/eng...
Part 1 issue, audit: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Part 1 experience walkthrough: https://www.youtube.com/watch?v=_JtUdaTyAbk&list=PL05JrBw4t0KqkW0oPW3n0HqVgKcONVnO5&index=3
Part 2 issue, recommendation: https://gitlab.com/gitlab-org/gitlab-design/issues/460
- 1 participant
- 8 minutes
15 Jun 2019
Quick overview of the features under the Secure SCA group:
- Intro 0:08
- Dependency Scanning: 0:49
- Container Scanning: 6:36
- License Management (being renamed License Compliance): 13:06
- Vulnerability database: 20:39
- Misc: 25:37
- Intro 0:08
- Dependency Scanning: 0:49
- Container Scanning: 6:36
- License Management (being renamed License Compliance): 13:06
- Vulnerability database: 20:39
- Misc: 25:37
- 5 participants
- 32 minutes
4 Jun 2019
Walking through "job to be done" baseline experience: When reviewing vulnerabilities for multiple projects, I want to see them all in one location, so that I can prioritize my efforts to resolve or triage them while seeing the larger picture.
Overview: dashboard feature is at an early product stage and considered an MVP. The user we are designing for works in an organization's web security department. Roles such as: security analysts, security engineers, or head of security. Although, some mid-to-smaller organizations may not have a dedicated security department, in this case the users would likely be: developers, tech leads, and devops engineers.
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/#grading-rubric
Issue: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Overview: dashboard feature is at an early product stage and considered an MVP. The user we are designing for works in an organization's web security department. Roles such as: security analysts, security engineers, or head of security. Although, some mid-to-smaller organizations may not have a dedicated security department, in this case the users would likely be: developers, tech leads, and devops engineers.
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/#grading-rubric
Issue: https://gitlab.com/gitlab-org/gitlab-design/issues/401
- 1 participant
- 6 minutes
24 May 2019
Andy Volpe shares new Secure designs for inline vulnerability management. Link to previous iteration: https://gitlab.com/gitlab-org/gitlab-ee/issues/8426#note_172752482
- 8 participants
- 34 minutes
