►
From YouTube: Secure UX issue: show on group security dashboard when security tests are not configured
Description
reviewing issue: https://gitlab.com/gitlab-org/gitlab/-/issues/13298
0:00 - 2:15 context and problem overview
2:15 - 3:45 proposal review
3:45 next questions/considerations
A
Hi,
I'm
kyle
from
the
secure
UX
team
and
today
we're
reviewing
a
narration
to
help
with
the
following.
Let's
outline
the
problem,
when
looking
at
the
group
dashboard,
it's
unclear
what
projects
are
being
tested
or
not
being
tested.
Additionally,
some
of
the
data
reported
in
the
screen-
we're
looking
at
now
may
be
out
of
date
due
to
pipeline
failures
or
having
not
run
for
a
certain
time,
also
as
an
information
design,
fundamental
sighting,
the
data
source
of
the
data
being
displayed
is
crucial,
such
as
the
time.
A
So
in
our
case,
the
latest
successful
pipeline
runs
from
project
and
then
the
source.
What
are
the
projects
that
were
getting
this
data
from
these
citations
are
not
noted
in
the
UI.
A
few
other
notable
issues
are
projects
intended
to
be
tested,
but
are
not
being
tested
or
worse
than
a
vulnerability.
A
It's
a
sort
of
vulnerability
in
itself
as
a
project
as
there
are
no
scans
to
document
the
vulnerabilities
in
that
project
for
a
user
know
where
testing
is
taking
place,
there's
also
no
easy
way
to
do
this
other
than
going
from
project
to
project
which
would
be
burdensome
for
larger
customers,
though
the
testing
status
is
shown
on
the
configuration
page,
which
is
at
the
project
level,
and
this
is
a
step
forward
at
the
project
level,
to
help
with
that
problem.
Something
I
note
on
this
page.
Is
we
see
the
scans
available
to
the
user?
A
If
the
project
UI
and
what's
nice
about
this,
is
they
have
understanding
of
how
their
project
quickly
have
understanding
how
their
project
set
up
with
security
scans
and
as
we
roll
out
new
features?
This
also
helps
promote
them
and
make
them
visible
to
the
user.
So
some
things
that
we
may
see
here
soon
are
some
examples
of
that
status
to
help
them
know
and
then
also
to
promote
it.
Our
secret
detection
for
scanning
and
suggested
solutions,
feature
and
security
gates
activation.
A
Just
a
few
examples
of
what
we
could
have
here,
too,
promote
those
things
and
to
give
status
so
going
to
the
original
problem
on
the
group
dashboard.
Taking
a
look
at
the
proposed
solution
here,
we're
looking
at
the
layout
and
where
this
would
live,
which
is
down
here
in
the
aside.
Taking
a
closer
look
at
the
society.
A
We
see
projects
that
are
being
skinned
here
in
this
first
tab,
citing
the
data
source
of
the
vulnerabilities
list
for
the
more
work
organizing
them
by
when
the
scan
was
last
successfully
made
so
showing
the
displayed
within
the
last
five
days,
if
more,
fifteen
thirty
or
sixty
or
more
days
with
the
projects
with
the
most
delayed
scans,
showing
at
the
top.
Since
these
need
the
most
attention,
because
it
could
be
a
failed
pipeline
or
the
source
of
putting
old
data
on
the
screen
in
the
next
tab.
A
We
display
projects
that
are
not
yet
enabled,
with
security
scans,
helpful
starting
point
for
a
user
wanting
to
apply
scans
across
projects.
So
they
can
just
see
an
immediate
sort
of
to-do
list
here
and
they
can
jump
to
these
projects
and
I
had
the
security
jobs.
As
they
see
fit,
and
then
it's
sort
of
a
living
breathing
audit
list
here
of
what
projects
do
or
don't
have
testing,
so
we
don't
put
that
burden
on
the
user.
A
Some
follow-up
considerations
to
this
could
be
specifying
the
exact
scan
type
that's
being
referred
to
and
the
early
embassy
we
scoped
it
down
to
just
showing
if
one
of
the
four
scanners
I'm
omitting
license
scanning
since
that
doesn't
display
information
in
the
dashboard.
So
if
one
or
the
four
of
them
are
configured,
then
that
is
that
constitutes
for
testing.
So
follow-up
Federation
could
be
step
further,
specifying
that
so
the
user
knows
maybe
it's
two
or
four
or
whatnot.
A
So
it's
a
little
bit
easier
to
audit
what
projects
have
what
and
also
it
may
be
helpful
to
further
show
what
projects
have
our
vulnerability
check
feature
again,
something
that
could
promote
the
future,
we're
looking
at
adding
that
to
the
project
level,
but
if
it
was
also
visible
in
something
like
this
area
or
elsewhere
at
the
group
dashboard,
the
customers
could
have
an
understanding
of
where
that
check
is
applied
and
also
again
going
back
to
promoting
that.
That
feature
exists
that
they
can
use
it,
so
it's
promoted
in
the
UI
that
way.
Okay!