►
Description
a quick walkthrough of an early UI improvement ideation for the issue: https://gitlab.com/gitlab-org/gitlab/-/issues/198034
A
Hi,
I'm
kyle
from
the
security
rex
team
and
today
I'm
reviewing
and
very
early
UI
design,
ideation,
so
sort
of
like
a
fly
by
quick
iteration
on
this
issue,
showing
the
dependency
past
path
on
the
dependency
list
and
vulnerabilities
so
really
quickly.
The
ux
problem
here
is
currently
the
dependency
list
is
a
flat
list
of
dependencies
based
on
the
LOC
file.
So
when
a
user
is
looking
into
a
vulnerability
detected
like
we
see
here,
some
vulnerability
is
detected
with
this
dependency.
A
They
can't
easily
make
sense
of
the
transient
or
in
direct
dependencies
related
to
this
one
and
see
how
it
relates
to
those
dependencies
explicitly
so
understanding.
This
path
is
helpful
to
the
remediation
process
of
a
certain
dependency
when
it
may
be
out
of
date
or
has
a
vulnerability
in
this
design.
Ayesha
n--.
The
dependency
path
is
shown
here
right
by
the
lock
file
and
location
column.
A
So
the
ux
upside
here
is
that
it's
visible
in
space
on
the
table
row
versus
having
the
user
jump
into
the
lock
file
and
try
to
figure
out
the
path
or
and
and
again
the
other
upside,
is
that
it's
just
visible
right
here.
In
the
row,
without
having
to
expand
and
collapse,
they
can
immediately
see
that
path
for
longer
paths.
A
We
could
have
a
truncation
in
the
middle
in
the
middle
to
make
sure
the
dependency
at
the
top
are
sort
of
highest
on
the
path
is
shown
here
so
like
in
this
example,
swell
is
shown
at
the
top,
and
then
the
full
path
could
be
shown
in
a
popover
upon
hover,
okay,
so
going
back
to
our
current
state
here,
the
vulnerabilities
just
just
kind
of
as
a
final
note,
thats
related
to
this.
Just
a
bit
of
background,
though
the
vulnerabilities
on
the
dependency
list
are
not
currently
anchored
to
more
information.
A
As
you
might
see
like
on
the
merge
request,
you
can
click
to
open
the
Moodle
for
more
information
about
the
dependency
or
and
the
vulnerability
list
which
you
can
now
click
to
go
to
the
object
page.
There
is
a
separate
issue,
that's
addressing
this
and
when
that's
complete,
the
vulnerabilities
displayed
will
be
anchored
to
the
object
page,
and
so
how
that's
related
to
this
issue
is
on
this
object.
Page
is
another
place
where
we
could
make
that
dependency
path,
explicit
as
well.
Okay,
so
a
link
to
the
issue
in
the
comments.