GitLab Secure Stage, 24 Oct 2019

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: UX Scorecard for Security What is Day 1 Experience for people to use Security feature

Description

This video is one of the UX scorecard study at gitlab. The purpose of UX scorecard study is to identify, scope, and track the effort of addressing usability concerns within a specific workflow. Today we are focusing on on the secure area of gitlab, this is a feature for our ultimate users.
The persona for this UX scorecard study could be Security specialist, developers or dev ops who take care of the security of their product.

The scenario for this UX scorecard study is: as a security specialist, my main task monitoring and flagging events, running down high priority tasks. I just upgrade gitlab account, so that I want to try out the security feature.

A

A

Hi everyone- this is a camellia UX designer from gillip, and this video is one of Newark's Corker study. A little of the purpose up to the u.s. scorecard study is to identify the scope and track the effort of addressing usability concerns within specific workflow. Today we are going to work on the security area of the web, and this is the feature for our ultimate users on the persona for the UX scorecard study could be security, specialist developers or DevOps. Whoever take up the security part of their products.

A

It depends a skill or for your company, the person's title mites virus, so here I'm the one who just upgraded my account to automate and the one to use security dashboard, which is a man rhythm, that I'm upgrading- and this is my first day so I'm going to set it up to see how the dashboard looks like to make it fresh I'm going to adolescence.

A

Oh, but first, let's check that's we're on the same yeah, so we don't have a security here feature here so I'm not on the riots license I'm going to add lessons which make it work.

A

A

I'm I uploaded lessons. It seems fine xs/s, let's go back to my group, so this is group I'm responsible for, and I want to see all the vulnerabilities and I want to monitor and track them down flag them. So that's my main purpose of using the security, dashboard and I can see that okay, the dashboard the security feature is here so assume the dashboard will be here, but things I, just upgraded I would prefer that the features which is for Oakland user could be highlighted.

A

So it's easier for me to find out and try it and I'm going to click on it. mmm Okay. This looks like a dashboard and I think this is where I'm looking for I can see all the celebrities confidence report time good and vulnerability over time. I have nothing yet so they said to have no vulnerability found in my group, okay, I'm going to keep reading.

A

This is rare to have no room, but so okay, it basically told me I- should have more penalties, but they don't know why that I haven't had it to suggest me to go to settings to set up your dashboard Christ. Okay, I use it a lot before I know. Where is the setting I'm going to settings and have a look? So it's not in the channel before foul I'm.

A

Looking for security search in here, but I didn't found it so I'm going to check one by one to see can I find security where they did settings.

A

A

Don't think that's it, but it Tony settings and okay I'm going to back to the page to double check. Maybe I need to do something mm-hmm. This seems like lead to documentation based on my knowledge, II use it up kid lab I, really don't like documentation, but let's try.

A

So as an on-site really technical person that sometimes documentation is just very difficult to read to digest and but because I want to use it so I think I will read it through and to see. It is easy for me to setup.

A

So this is seems, like general introduction about the dashboard and supported report with Carmen's, okay, I think the requirement is what I'm looking for, and it tell me that I need three things.

A

Okay, I think I satisfy the last one because I'm using it lab calm and for this one I don't know.

A

Okay, this has a non-technical person. This page looks overwhelming and this seems we're really long I'm going to skip I'm going back to the previous page. I probably will ask someone like in my company group to see that do we use the new report in syntax and one of them supported the report.

A

Doesn't things nothing I think the page jumped, so it probably means they're supported report, so I need to have one of those set up. I think I'm interested in dynamic application, security testing, so I'm going to click on it.

A

That's also quite long settings page.

A

Authentic scared, okay, I, think I want both of those scans there, but how should I do it configuration requirements so they're, post configuration and the requirements I think for this one for doctor I also need to ask someone to check that. Are we satisfied and for configuration this means, including this in the llamo file template it doesn't seems very difficult, but I would prefer UI version to do it as a non super technical person. So I will go back to that page.

A

So there is nothing there's if I'm, really in the urgent I probably will follow the documents. I will do it one by one and based on my experience, I think it will take me at least one or two hours to do it as a person who is not super familiar with collab and llamo foul and and developer arrival as someone else to do it. mmm So at this stage, I think for some user who is really not like understands we're about llamo found not comfortable changing the code.

A

The probably will give it up at this stage, so this won't be very successful. Experience for the other and another thing that we need to point that out is like this is group level dashboard, the user might. If the manager groups they cut, used to see everything about group, they might go here and go to security mm-hmm and see this. They didn't know that actually the setting is not on the group. They need to do the setting on the project level, and here there is no actually clear indication.

A

Tell me I need to go to settings for the project and even in the document is telling me to do all those things requirement supported the report assess in one of the project button. It's not really clear for me to like select a project or to something.

A

As another part of this video that we will set up, try to set the dashboard app as a new user with the project level and we will use a prototype because we are already working on UI configuration page to help user to make it better. So I'm going to jump to the prototype.

A

So this is a prototype, not everything is working, but we can kind of simulates. The experienced user might have so I'm going to my test group, but this time, I'm not directly go to the security. I will go to my project and from the project. I will see the security icon and then I see a lot of things here. So there are more things I can play compared to the group dashboard.

A

It could be nice that from the group dashboard you tell me that if I go to project level, I will see more things and also it could be interesting that I can also see all the things directly in the groups like why. Why would I need to go to project level to set everything up? It's not so very clear for me the advantage of going from project if I manage a lot of things from the group level. I monitor several projects. Things I'm interesting in security, dashboard I will directly jump to it.

A

As a new user I see the similar thing. I think this is the documentation. It really doesn't tell me that what I need to do next is not clear that my settings is not running and at least the previous text I need to go to settings, even though the settings not a bad place, but I mean at least I can do something here. I think I can click on learn more and the funny part is I got exactly the same document as I was in the group and the same thing.

A

It's very for me when I check on individual things, so I will just go back to my project and I tend up. Remember that I see a configuration page before so I'm going to get a try.

A

Yeah I think as a non-technical person, this seems like easier so that I can directly configure it here. I, don't need to go through the document and go to the Yama file changes a code. There I prefer this more as a UI user and I'm configuration the feature, including the security scan. Okay, I think I, understand this. That, but doing this about, creates a merge request. They have a dedicated user report user tests around this area.

A

If you are interested, there will be another way to show it so here, I will just quickly summarize what we found out from the user testing. It's not super clear for the user, that's a default branch. They notice it but not pay enough attention and there is no place for user to change from default branch to other feature branch and if I click on it. It's very clear for me that I can creates a merge request, but those two accounts s like it's not configured but can I own and configure them as a user.

A

That's also something not super clear I'm going to just try to create a merge request and if I'm familiar with kill app I probably will jump to the change and check it if I'm not familiar with it. Lab test page might be over running for a new user when they are just interested into the security feature.

A

If you want to setup that you need to click on merge and after the pattern is running- and you probably like will assume that exactly configured but at a new user, if I now I go back to my dashboard I.

A

Don't know that there's no studies up updated to tell me your settings is, is in progress. You just need to wait and if another person like my colleague come in and want to use it, they might do the same thing.

A

I did so I would prefer here to see something to tell me that the setting is ongoing and you will see it soon so for this, how experience I will give it legacy since user can do it but encounter some difficulties mentioned in the video that I will summarize it and in the text and with recommendations?

A

Thank you for watching.