►
From YouTube: Settings UX - Plan, Secure
Description
As part of the overarching initiative to improve the GitLab Settings experience, we will collect existing user feedback and proposals in order to drive user experience and SUS score improvements for settings. This is a conversation with Plan and Secure.
More on https://gitlab.com/groups/gitlab-org/-/epics/3535
A
A
I
just
wanted
to
kind
of
like
touch
base
with
you
and
try
to
understand
a
little
bit
more
about
what
you're
doing
and
explain
what
what
I
am
trying
to
do
with
the
settings,
which
is
pretty
much
trying
to
understand
the
problem
and
seeing
how
other
designers
are
also
planning
new
features,
proposal
and
new
improvements
for
settings,
but
also
looking
at
the
research
that
we
had
in
the
past,
the
and
the
insights
that
we've
collected
over
the
last
year
or
so,
especially
now
with
navigation
research
that
can
influence
the
improvements
that
we
want
to
do
for
settings.
A
So
that's
why
I
have
that
gigantic
epic,
with
I
don't
know,
100
issues
they're
like
settings
ux
and
they
are
in
different
buckets,
but
so
far
I've
been
talking
to
designers
too,
as
I
say,
understand
the
problem
and
then
see
if
we
can
come
up
with
related
themes
or
topics
so
that
we
can
help
management
to
prioritize
some
of
these
improvements
and
also
yeah,
maybe
different
opportunities
related
to
pajamas
patterns,
etc.
So
that's
my
story,
yeah
and
if
you
want
to
share
a
little
bit
about
what's
happening
in
plain
and
insecure.
C
B
So
this
has
come
up
a
couple
times
recently
needs
for
different
settings
and
there's
you
know
sassed
and
dashed
and
licensed
compliance
and
container
scanning
and
then
there's
a
defend
side
of
things.
So
there's
a
bunch
of
us
and
it's
it's
kind
of
tricky
to
stay
on
top
of
what
everybody
is
working
on,
because
we're
a
little
bit
siloed
within
our
groups
and
then
there's
a
lot
of
things
that
are
shared
because
we're
all
working
with
the
vulnerability
list,
or
it's
currently
called
the
security
project,
security,
dashboard.
B
There's
the
group
security
dashboard,
there's
the
instance
level
security
dashboard
and
then
there's
a
configuration
page
where
everything
lives
and
so
yeah.
It's
been
a
little
bit
of
a
challenge
to
try
to
stay
on
top
of
what
everybody
is
doing,
but
then
also
still
have
time
to
work
on
our
own
stuff,
but
then
be
aware
of
what
everybody
else
is
doing,
because
if
somebody
makes
a
change
to
one
of
the
the
shared
pages,
then
you
know
we
all
have
to
be
aware,
and
so
things
are
starting
to
pop
up.
B
Camille's
been
working
on
some
things
with
dast
and
yeah.
Where
do
I
want
to
go
with
this?
I'm
trying
to
give
you
enough
information,
but
not
too
much
either
there.
There
are
definitely
settings
needs
that
have
come
up
for
all
of
us
when
it
comes
to
security.
B
You
are
also
talking
about
compliance
and,
and
so
there's
a
lot
of
companies
that
want
to
enforce.
You
know
security
jobs
running
on
every
single
pipeline,
or
you
know
for
certain
projects
that
are
have
sensitive
customer
data.
You
don't
want
to
let
developers
merge
code
to
the
production
branch
if
there
are
critical
or
high
vulnerabilities
that
the
pipeline
turned
up,
and
so
there
are
security
teams
that
want
to
enforce.
B
You
know
either
not
letting
code
go
to
production
if
there
are
high
risk
vulnerabilities
on
it
or
at
least
enable
things
like
security
approvers
to
review,
because
there
could
be
a
critical
vulnerability
that
comes
up.
That
is
a
false
positive
as
well,
and
so
anyways
there's
a
lot
of
compliance
that
that
comes
with
the
world
of
security,
and
so
we
want
to
let
people
set
those
policies
and
we've
played
around.
B
I
mean,
I
don't
think
we
have
our
terminology
down
yet
whether
it's
a
security
policy,
whether
it's
a
setting,
but
what
I've
started
to
do
is
I'll.
Just
share
my
screen
real
quick.
So
I
opened
up
this
settings
for
secure
and
defend
issue.
B
So
everything
is
housed
in
here
all
the
links
that
I'm
about
to
show
you.
So
I
started
this
google
spreadsheet
because
there's
a
lot
of
epics
that
contain
a
lot
of
issues
across
all
the
groups
across
the
cure
and
defense,
so
I
kind
of
wanted
them
to
be
in
one
place
and
on
the
left
trying
to
call
out
what
group
is
leading
this.
B
This
requirement
and
ti
is
threat
insights,
but
they
also
so
that's
like
the
security
dashboards
that
we
have.
It
also
touches
on
all
of
the
groups,
so
I
said
all
slash
threat
insights
because
all
of
the
scanners
feed
into
that
security
dashboard
and
then
you
have
the
settings
notes
whether
that
setting
would
live
at
the
project
group
or
instance,
level
a
lot
of
the
time
it's
it
needs
to
exist
at
all
levels.
B
And
then
you
know
what
problem
are
we
trying
to
solve?
And
then
the
related
issues
over
here,
so
I've
asked
all
of
the
groups
across
the
care
and
defend
to
to
add
whatever
settings
needs.
They
currently
have
or
see
themselves
having
in
the
near
future,
and
then
I
took
those
into
a
mural
and
basically
I
think
it
could
be
broken
down
by
two.
There
were
different
ways
to
like.
I
did
some
affinity
diagramming
in
here,
so
there
were.
There
were
a
couple
of
ways
to
think
about
these
by
persona
by
jobs.
To
be
done.
B
You
want
to
require
a
comment
on
a
vulnerability,
dismissal
and
or
you
you
know,
there's
no
current
way
to
enforce
slas
service
level
agreements.
So
I
just
wrapped
up
a
sas
jobs
to
be
done,
research,
initiative
and
from
that
we
validated
that
developers
their
primary
primary
goal
is
to
shift
code
and
meet
meet
their
milestones
or
meet
their
deadlines.
B
They're
just
trying
to
shift
code
and
a
lot
of
them
see
security
as
a
barrier
to
that
or
a
hurdle
and
and
then
you
have
the
security
team,
the
it's
it's
a
different
title
across
different
companies,
security
champion
security,
analyst
security
engineer,
but
their
primary
goal
is
to
make
sure
that
the
developers
are
shipping
safe
code
that
don't
have
those
loopholes
for
for
hackers
to
get
in
and
exploit.
B
You
know
sensitive
data,
so
there's
a
little
bit
of
friction
there
between
those
two
personas
that
we
work
with
and
a
lot
of
the
time
the
developers
just
want
to
ship
code
and
worry
about
security
stuff
later,
whereas
the
security
people
are
saying.
No,
no
we've
got
to
do
this
before
it
gets
into
production,
and
so
these
policy
enforcement
enforcement
things
are
more.
The
security
team
making
sure
that
developers
aren't
skipping
that
step,
making
sure
that
they're
following
company
policies,
but
then
there's
also
things
like
workflow
preferences.
B
So
some
of
our
scanners
have
offer
up
solutions
when
there
are
vulnerabilities
detected,
and
so
one
possibility
is
that
they
could
get
lab,
can
auto
create
a
merge
request
when
solutions
are
available.
That
may
or
may
not
be
something
they
want
to
do.
It's
not
a
security
enforcement
thing.
It's
more
of
a
preference
there's
also
auto
resolve
if
vulnerabilities
are
no
longer
detected.
B
Some
companies
want
to
be
want
that
vulnerability
to
persist,
even
if
the
pipeline
runs
again
and
it's
not
found
others
don't,
and
so
this
is
less
of
like
security
enforcement
or
policy,
and
more
of
like
a
preference.
B
Custom
definition
of
risk
score:
that's
we
assign
different
grades
for
how
at
risk
we
think
a
project
is
on
the
group
security
dashboard.
We
say
this
project
has
no
critical
or
high
vulnerabilities,
and
so
we're
going
to
give
this
an
a
or
there's
a
lot
of
these
open
we're
going
to
give
it
an
f.
But
people
want
to
be
able
to
adjust
what
that
means
to
their
company
and
customize
it.
So
that's
kind
of
more
of
a
preference
and
then
there's
this
other
world
of
scanner
configuration
so
with
sas.
B
We
just
implemented
being
able
to
customize
the
the
sas
job
that
runs
in
the
pipeline.
You
know
being
able
to
set
different
thresholds
within
there
being
able
to
schedule
scans
so
that
so
that
a
project
isn't
out
of
date,
but
you
know
if
there's
no
pipelines
run,
there's
still
security
jobs
that
run
on
it,
let's
say
once
a
month
or
whatever,
so
those
are
kind
of
the
three
buckets
that
I've
identified.
A
B
To
see
that
yeah,
so
each
group
kind
of
has
their
own
jobs
to
be
done.
There
is
a
lot
of
redundancy
when
it
comes
to
things
like
vulnerability
management,
so
we
know
that
you
know.
Ideally,
there
is
the
security
jobs
that
run.
They
say,
hey,
there's
a
vulnerability
here
b.
We
know
exactly
how
to
fix
it.
All
you
have
to
do.
Is
you
know?
B
Here's
a
patch
or
all
you
have
to
do
is
upgrade
to
13
2
when
you're
on
13-0,
but
this
upgrade
is
going
to
fix
that
for
you,
it's
so
so
that's
something
that
you
know.
We
know
that
everybody
wants.
Nobody
necessarily
wants
to
look
into.
What
is
this
vulnerability?
How
risky
is
it?
How
can
I
solve
it?
So
if
there
are
solutions
available
from
the
scanners
that
we
use
great,
you
know
they.
B
A
B
You
have
to
go
into
the
yaml
file
and
then
you'd
create
a
merge
request
to
adjust
those
things.
It's.
What
we're
trying
to
do
is
so
there's
kind
of
two
efforts
running
in
parallel.
One
we're
saying
you
know
here
are
all
of
the
analyzers
we
use.
B
We
use
about
12
open
source
analyzers
as
part
of
of
git
lab's
sas
offering,
and
then
we
run
all
of
those
analyzers
through
kind
of
we
add
a
get
lab
filter
onto
it
for
consistency,
because
they
all
have
their
own
kind
of
definitions
as
to
what
a
critical
vulnerability
is.
We
want
to
present
it
as
something
more
consistent.
B
So
there
is
a
get
lab
filter
on
top
of
all
of
those
analyzers,
so
you
can
customize
that
filter
or
you
can
customize
the
individual
analyzers,
and
what
we're
doing
by
bringing
sas
configuration
ui
into
git
lab
is
we're
offering
some
guidance
on
here's.
What
this
variable
is,
we
can
even
set
thresholds.
We
can
do
some
logic
checks
like
oh,
you
have
this
variable
set
at
this,
but
this
one
set
at
this.
B
There's
a
conflict
there,
rather
than
just
like
them,
going
into
the
yaml
file
and
make
changing
some
things.
They
may
not
know
that
there
is
something
wrong
or
something
conflicting
within
those
variables
until
a
pipeline
runs
and
they
get
an
error
and
they're
not
sure
why,
where
that
error
came
from
so
we're
really
trying
to
guide
them
at
the
same
time
that
we're
helping
them
customize
their
the
the
sas
analyzers.
B
B
If
you
talk
to
anybody
in
the
security
escape
space,
false
positives,
false
positive,
false
positives
comes
up
as
a
huge
pain
point
because
they
have
to
dig
through
all
of
these
things
that
may
or
may
not
be
real,
and
it's
it's
a
huge
pain
point
because
it's
so
time
consuming
to
determine
what's
real
from
from,
what's
not
and
so
we'll
be
able
to
have
more
control
over
the
proprietary
scanner.
B
So
that's
that
may
launch
some
point
in
2021,
but
we're
trying
to
improve
what
we
currently
are
working
with
before.
We
can
launch
that,
if
that
makes
sense.
A
It's
so
interesting
kind
of
a
sidebar,
I'm
working
on
like
three-year
vision
for
release,
and
we
just
want
the
security
and
all
the
vulnerabilities
to
appear
like
in
your
click
pre-deployment
phase,
and
you
have
like
a
runbook
that
everything
is
automated
and
some
other
things
that
you
say.
I'm
gonna
connect
a
sync
later,
but
they
fit
right
into
what
we
want
to
inject
in
their
releases
and
the
deployment
of
the
application.
So
it's
super
interesting
to
see
that
you
did
all
this
investigation.
B
Yeah-
and
I
think
the
last
thing
I'll
say
about
all
of
this-
is
thinking
about
permissions-
I
mean
so
you
don't
want.
You
know
to
let
developers
go
in
here
and
turn
things
off,
because
it's
making
their
job
harder.
We
want
to
be
able
to
enforce
policies
or
let
companies
enforce
their
security
policies.
B
So
permissions
is
a
really
interesting
thing.
When
it
comes
to
this
we've
had
some
discussions,
you
know:
do
we
need
a
security
permissions
role
or
how
might
we
restrict
some
of
these
things
to
to
a
maintainer
level?
That's
something
that
we
haven't
really
solved
for
yet
I
think
we
need
to
do
some,
some
more
problem,
validation
on
that
as
well,
and
just
gather
more
information
about
yeah
about
that.
But
but
it
could
be
tricky
to
let
anybody
go
in
here
and
and
change
these
things.
B
That
said
for
for
an
mvc,
I
don't
think
it's
it's
the
highest.
I
I
think
letting
users
set.
These
policies
is
more
important
than
restricting.
I
don't
think
it's
it's
dangerous
per
se
to
release
it
to
everybody,
because
we
have
things
like
you
know,
get
blame
or
you
know
we
can
keep
track
of,
who
changed
it
and
when
so,
if
they
do
need
to
go
back
and
say
like
hey,
you
know
we're
supposed
to
be
requiring
jobs.
The
security
jobs
run
on
every
pipeline.
B
A
Especially
when
it
comes
to
ui
there's
a
lot
we
can
already
leverage
from
what's
in
the
product
in
release
management,
we
are
also
defaulting
everything
to
the
permissions
that
are
set
in
the
group
level,
so,
for
example,
yeah
with
with
the
protective
branches
at
the
project
level,
we
just
replicate
the
behavior
of
the
group
or
these
cascade.
I
understand
like
the
mdc,
is
the
ability,
the
ability
right
to
be
able
to
set
these
things
in
the
product.
A
C
Yeah,
I
know
I
mean
this
is
all
kind
of
like
hypothetical,
more
high
level.
I
mean
I
myself
haven't
touched
settings
a
whole
lot
and
I
think,
within
the
plan
stage,
we
really
want
to
take
things
out
of
settings
rather
than
add
them,
not
that
like
you're,
proposing
that,
but
that
has
always
been
a
struggle
like
don't
add
it
to
settings.
C
Let's
think
of
what
else
we
can
do
here
and
things
aren't
quite
as
risky
as
some
like
secure,
for
example,
so
we're
we're
lucky
in
that
sense,
I
suppose
yeah
that's
a
good
insight
that
is
anytime.
We
propose
something
go
in
settings,
it's
like
that
is
a
lot
of
pushback
and
that's
fair,
like
I'm
glad
we're
thinking
about
that,
we
want
to
make
things
more
contextual.
C
We
want
to
take
away
those
clicks
and
not
make
people
navigate
to
a
new
page
anytime.
They
want
to
view
you
know
a
new
work
item.
That
kind
of
thing
we're
really
emphasizing
that
within
settings
itself.
I
struggled
to
think
of
what
I
had
challenges
with
in
the
past
within
plan
because,
like
I
said,
we
haven't
touched
it
a
whole
lot
when
we
started.
Thank
you
yeah,
I'm
just
watching
you
type
well.
We
started
thinking
about
what
was
at
the
time,
time
boxes
and
then
morphed
into
iterations.
C
I
was
ideating
on
like
where
that
would
live.
Basically,
the
idea
of
you
have
this
time
box
of
a
milestone.
If
we
add
in
more
time
boxes,
how
would
you
access
that?
How
would
you
allow
users
to
configure
which
ones
they
use?
C
Is
there
an
area
in
settings
where
they
may
be
thinking
through
that
we're
also
thinking
about
issue
types
and
that's
more
on
the
project
management
side,
but
you
might
have
seen
that
work
emilia
did
where
if
you
create
a
new
issue
now
you
have
the
type
of
either
an
issue
or
an
incident,
and
we're
probably
going
to
be
expanding
that
into
you
know,
maybe
a
bug
or
a
feature
almost
making
those
templates
more
high
level,
where
they're
a
type
and
in
the
future.
C
Maybe
it's
like
all
of
issuables
and
maybe
when
you're
creating
a
new
object.
It's
more
like
is
this
an
epic
type.
Is
this
a
requirement
type?
Is
this
an
issue
right
so
kind
of
creating
a
like
a
higher
level
work
item
there
and
we're
thinking
that
again,
you
may
want
to
configure
some
of
that.
Those
objects
in
settings
right.
A
lot
of
configuration
stuff,
I
think,
is
what
I'm
coming
into
kind
of
like.
What
does
your
team
care
about?
C
How
does
your
team
plan-
and
you
know
what
is
their
methodology
right
like
what
items,
because
we're
so
flexible?
We
allow
users
access
to
many
different.
You
know
ways
of
planning,
so
it's
kind
of
like
how
do
you
plan?
What
do
you
use?
Do
you
use
weight?
Do
you
use
this
that
and
focusing
more
on
issue
types?
C
Maybe
that
could
even
morph
into
like
configuring.
C
Your
issue
types
beyond
beyond
templates,
right,
like
a
a
mega
template
like
an
epic
or
even
like
starting
with
just
a
high
level
work
item-
and
you
define
like
this
kind
of
work
item-
has
this
widget
within
it,
and
maybe
that
widget
is
the
epic
tree,
but
maybe
you
also
want
like
related
or
like?
Maybe
you
don't
want
to
see
any
conversations
there,
so
you
disable,
you
don't
add
the
discussions
widget.
You
know
so
we're
thinking
about
that
very
high
level.
Right
now.
C
It's
kind
of
hard
to
talk
about,
I
suppose,
but
making
again
the
idea
of
configuration
and
where
would
that
live
and
that
might
live
in
settings
into
becca's
point.
You
know
you
probably
want
some
permissions
there
around
that
like
who
defines
these
different
types
and
who
defines
templates,
who
defines
some
widgets.
C
Yeah
and
service
desk
worked
on
that
a
tiny
bit
the
tiniest
bit,
but
just
making
that
more
discoverable,
because
it's
powerful
it's
in
the
nav
now,
but
turning
it
on
and
off.
I
I
think
that's
that
could
always
be
improved.
Saving
changes
not
being
obvious.
That's
that's
just
something
personally
like
the
idea
that
you're
filling
out
this
form-
and
I
always
just
want
to
like
navigate
away,
but
I
don't
notice
that
there's
a
save
changes
button
at
the
bottom,
so
I
would
like
some
some
friction
there.
C
If
I
try
to
navigate
away
that
hey,
this
wasn't
saved
yet
because
it's
not
super
obvious
and
then
kind
of
just
like
you
put
brainstorm
opportunities,
so
just
things
I've
been
thinking
about
in
general.
C
First,
I
guess
the
idea
of
groups
versus
projects
is
always
kind
of
a
sticking
point
to
users
and
we
have
a
working
group,
I'm
not
part
of
it,
but
we
do
have
a
working
group
looking
into
that-
and
I
think
daniel's
even
doing
that
scorecard.
So
that's
going
to
be
helpful
here
and
then
consistency
yeah.
This
would
be.
This
would
be
actually
the
the
working
group
is
for
projects
and
groups.
Sorry,
I'm
just
kind
of
like
going.
C
Yeah
consistency
between
issues
and
ethics
in
general,
and
what
I
mean
here
is
that
obviously
issues
are
more
mature
but
they're
similar
objects,
and
you
know,
there's
there's
different
things
and
settings
for
issues
that
you
can
configure
that
you
can't
for
epics
yet,
so
I
think
for
mbc
just
make
sure
these
are
more
consistent
right
like
where
it
makes
sense,
but
it
also
again
kind
of
does
go
back
to
that
challenge
of
epics
our
group
level.
C
So
you
know
how
what
does
that
mean
for
that
consistency
and
then
templating
ties
into
that
as
well.
Issue
templates
exist
and
similar
to.
I
think
what
becca
was
talking
about
like
they're
kind
of
complicated,
especially
for
users
who,
like
maybe
parkers,
I
don't
know
if
they're
going
to
be
going
into
the
repo
and
merging
things
in
all
the
time.
C
They
I'm
not
sure
that
our
model
of
creating
a
template
really
makes
sense
for,
for
some
of
the
users
right,
we're
kind
of
like
creating
markdown
files
and
like
going
into
this
like
template
directory.
So
that
could
be
an
area
for
improvement.
I
think,
and
also
you
know,
making
the
epic
templates
even
exist.
C
If
that
makes
sense,
configuration
options
for
issues
and
epics,
I
kind
of
touched
on
this
and
it
kind
of
goes
back
to
the
the
widgeting
right,
but
is
there
you
know
again
we're
so
flexible
with
how
we
allow
people
to
plan?
How
might
a
user
turn
off?
Let's
say
wait
for
their
their
issues
because
they
don't
use
it
right,
like
their
team
doesn't
use
it.
C
The
sidebar
is
already
has
a
lot
in
it
and
I'm
not
sure
if
that
would
live
in
settings,
but
it
possibly
could
again
back
to
like
the
permissions
and,
like
you
know,
you're
templating
things
there.
Maybe
it
would
work
notifications.
We
have
that
at
the
moment,
but
you
know
we
all
know
what's
going
on
with
notifications,
but
within
settings
you
could
basically
disable
the
emails,
but
maybe
we
think
a
little
further
there.
C
The
issues
can
be
disabled.
I
think
this
one's
interesting
so
like
again
kind
of
back
to
the
configuration
right
like
we
sort
of
allow
it
in
different
places,
and
you
can
say
that
hey
my
team
doesn't
even
use
issues,
so
I
don't
even
want
to
see
it
in
the
nav,
I'm
disabling
it.
I
think
that's
kind
of
an
interesting
thing
and
I
think
we
could
maybe
push
that
even
further.
C
For
example,
like
maybe
some
I
know
this
is
more
of
a
growth
question.
I
would
think,
but
it
might
be
interesting
to
think
about
how
we
can
figure
the
nav
based
on
the
persona
or
the
teams
using
it
and
again
does
that
belong
in
settings.
I
don't
know
maybe
right,
but
that's
kind
of
an
interesting
thing
to
think
through
and
what
does
it
mean
if
I
turn
off
all
of
issues,
because
currently,
if
I
turn
off
issues,
things
like
labels
live
in
issues.
So
what
is
like?
C
If
I'm
turning
off
issues,
then,
can
I
use
labels
and
merge
requests
right,
so
it
ties
into,
I
would
say
again,
probably
the
growth
team,
but
thinking
through
the
nav
in
general
and
thinking
how
to
configure
the
nav.
You
know
the
left
hand
nav
and
also
kind
of
sidebar.
You
know
which
we
don't
have,
but
I
think
that
could
be
interesting.
C
I
think
that's
you
know
that's
a
lot,
but
but
yeah
it's
all
kind
of
like
high
level.
I
haven't
really
tactically,
dug
into
the
nav.
Yet
because
I've
probably
rightfully
been
kind
of
discouraged
to
do
so,
we're
trying
to
make
things
more,
contextual
but
and
again
it's
not
as
risky
as
like
things
like
secure,
where
it's
very
highly
permission
space,
and
here
it's
like
you
know
you
might
miss
a
template
and
it's
not
the
end
of
the
world.
So
it's
not
gonna.
A
A
You
know
it's
like,
especially
when
it
comes
to
navigation.
Everyone
will
be
affected
and
that's
why
seti
is
so
interesting
and
so
tight
to
the
navigation,
research
and
the
the
things
that
our
teams
are
doing
because
they
go,
they
go
together
and
I
think
jeff,
maybe
really
one
of
the
actual
cases
he
mentioned.
Something
like
you
know.
The
minimal
change
will
have
like
a
huge
impact
because
everyone
will
be
affected
with
this.
So
yeah
important.
A
A
A
That's
not
an
issue
per
se,
but
you
work
like
it
right
because
you
should
be
able
to
allow
it
to
to
like
apply
it
to
a
project
or
apply
to
specific
deployment
or
use
feature
flags
with
it,
etc,
and
there's
a
lot
of
questions
also
on
my
site
on
how
to
even
configure
these
things
at
the
group
level
when
they
cascade
to
multiple
projects,
and
what
I
found
right
now
is
that
yeah
just
replicating
the
settings
is
very
painful
and
I
usually
do
what
you
do
I
like
says:
I
don't
go
to
settings.
A
I
just
listed
on
the
ci
file.
First
right,
then
we
figure
it
out.
I
think
that's
one
of
the
pain
points
right
now,
for
I
don't
know,
doesn't
really
help
to
standardize
the
experience.
I
guess
that's
awesome.
C
B
C
A
Exactly
so
like
how
things
cascade
right,
more
or
less
and
for
pajamas,
have
you
put
any
thought
on
what
we
like
today
or
how
can
we
have?
I
know
higher
level
guidelines,
maybe
assets
things
that
will
help
us
bring
consistency,
because
there's
two,
I
think,
there's
two
big
problems
from
the
conversations
I've
been
having
with
our
design
team.
A
A
But
I'm
also
hearing
some
comments
on
pajamas
or
how
can
we
build
some
sort
of
of
you
know,
guidelines
for
settings.
So
it's
a
broad
question,
but
I
kind
of
wanted
to
hear
like
what
your
thoughts
are
on
that
and
if
you
had
any
challenges
in
the
past
building
settings
and
using
a
source
of
truth,
like
with
pajamas
in
the
project.
C
The
patterns
just
look
again:
I'm
not
like
tactically
working
on
these
often,
but
the
patterns
are
kind
of
seem
old
or
outdated.
They're,
like
I'm,
I'm
wondering
if
we've
moved
away
from
some
of
these,
and
I
I
kind
of
like
I
said,
the
save
changes,
the
expand
collapse
button
just
like
little
nitpicky
things
like
that,
I
kind
of
wonder
about
and
if
I
were
to
start
working
on
something
in
settings,
I'd
wonder
like
would
I
have
to
take
on
the
effort
to
improve
this
or.
C
B
A
More
as
in
in
pajamas
right
now,
we
do
have
guidelines
for
how
the
components
behave.
Right,
here's
expand
collapse,
here's
a
button
and
other
designers.
They
share
that
they
would
like
to
have
one
guidelines
for
how
settings
should
work
so
more
broader
guidelines
that
fit
the
it's
kind
of
like
a
page
layout,
and
I
don't
know
just
something
that
you
know
for
the
section
per
section
in
the
product,
but
also
standards
for,
for
example,
how
does
it
work
with
the
expandable
apps?
How
does
it
work
with
search
in
settings?
A
B
Yeah,
I
think
the
I
I
came
across
a
link
in
your
settings,
ux
epic,
that
led
to
dovetail
with
some
findings
there.
That
was
really
really
fascinating.
I
I
feel
like
any
designers
working
on
settings
should
definitely
consume
those
findings,
so
things
like
not
knowing
which
category
something
might
fit
into.
I
I
saw
a
couple
of
people
have
said
that
they
thought
it
was
under
merge
requests,
but
it
was
actually
under
general.
You
know
something
like
that
is
really
interesting,
and
it
got
me
thinking
about
that.
B
We
might
need
a
search
bar
and
then
what
does
setting
search
look
like?
I
don't
know
if
that
follows
the
the
search
of
you
know
the
get
lab
search
or
if
it's
a.
If,
like
that
interaction,
is
it
does
it
suggest?
You
know.
B
You
know
where,
where
this
might
live,
based
on
keywords
or
what
that
looks
like,
I
have
no
idea.
I
would
love
some
guidance
on
how
search
within
that
might
work.
Yeah
I
mean
I
I'm
somebody
who
really
insists
on
like
consistency
across
the
across
any
product,
and
so
you
know,
working
in
silos
could
be
really
dangerous,
while
still
acknowledging
that
there
could
be
some
intricacies
to
every
stage
or
within
every
group.
B
But
things
like
general
having
a
general
bucket
you
know
could
be,
could
be
interesting
in
some
stages,
but
not
in
others.
I
don't
know
yeah,
I
don't
know
alexis
bringing
up
the
collapse.
Thing
is
like
a
whole
other
topic.
Now,
I'm
thinking
about
that
because
for
sas
configuration
ui,
I
was
using
the
collapse
expand
container,
and
then
that
was
just
deprecated.
B
I
guess
or
we're
supposed
to
be,
moving
away
from
that,
and
so
I
just
rebuilt
it
using
the
accordion,
but
then
it's
like
does
all
of
this
text
have
to
be
blue,
and
then
I
have
like
an
icon
in
blue
that
leads
to
the
docs
and
it
looks
like
it's
one
cta
when
it's
actually
two
because
they're
all
blue
the
carrot,
the
the
title
and
the
question
mark
icon
is
all
blue,
and
so
it
looks
like
one
thing
and
yeah
and
I
just
wanted
to
like
ask
you
know:
can
we
just
make?
B
Can
I
just
make
the
title
like
gray
900?
So
then
it
looks
like
separate
ctas
and
then
jeremy
commented.
My
issue
he's
like
what,
if
this
is
a
stepper,
you
know
right
and
I'm
like.
Oh
my
gosh,
it's
so
much
work,
but
yes
like
I.
I
can
definitely
consider
that
so
long
story
short,
I
guess
I'm
just
thinking
out
loud
here
I'd
be
interested
in
knowing
how
the
other
teams
are
organizing
their
settings.
B
A
This
is
very
interesting
because
we
do
have
like
what
you're
saying
expand
collapse
and
which
what
was.
C
A
The
accordion,
and
now
it's
collapsible
or
vice
versa.
That's
definitely
one
of
the
pain
points
right
now
that
we
have,
with
the
the
unfinished
components,
is
that
they
are
very,
very
basic.
So
if
you
really
want
to
replace
it,
for
example
in
settings
it's
going
to
affect
every
single
settings
page
right,
yeah,
one
little
like
the
title
is
like:
what's
16
pixels
16
points,
the
the
header
and
then
indeed
I
don't
think
we
have.
A
I
don't
know
how
should
that
work
in
context
with
multiple
collapsibles
yeah,
and
I
know
that
we
have
in
the
past.
I
think
it's
in
general
settings
general.
That's
just
an
example
is
that
the
first
item
is
expanded,
but
it's
only
in
that
one
page,
and
that
was
because
catherine
told
me
that
there
was
some
research
done
in
the
past
and
they
identified
that
users
would
like
to
see
the
most
relevant
settings
area
or
setting
section
in
the
page
expanded.
A
But
then
that
didn't
scale
they
didn't
really
implement
this
change
across
the
board.
So
what
I'm
hearing
now
right
now
is
that
you'll
be
interested
in
knowing
that
how
other
teams
are
defining
this
pattern
so
that
you
could
replicate
it
right
more
efficiently
into
in
your
designs
in
your
proposals,
but
also
and
correct
me
from
wrong.
I
also
hear
the
the
issue
of
using
things
that
are
not
ready
yet
or
components
or
parts
of
the
ui
right.
Okay,
gotcha.
B
Yeah,
I
think
something
else
that's
going
to
be.
That
would
be
really
helpful.
For
pajamas
to
determine
is
how
save
works.
I've
seen
some
designs
in
other.
I
know.
Kyle
just
is
working
on
something
where
for
in
defend
for
like
for
alerts
where
a
drawer
opens,
and
you
can
change
the
status
of
an
alert
and
there's
no
save
button.
B
So,
but
then
there
are
other
places
in
get
lab
where
you
have
to
click,
save
for
something
to
save
and
so
yeah
for
settings,
I'm
thinking
of
as
soon
as
you
change
something
is
it.
Is
it
saved
automatically?
Is
there
something
like
a
toast
notification
or
something
you
know
under
the
text?
Input
that
says
you
know
say
or
is
it
just
assumed,
or
you
know
is?
Is
there
are
there
rules
for?
Sometimes
you
need
a
save
button
and
other
times
you
you
don't
because
it's
just
implicitly
saved.
C
Yeah
I
had
the
same
issue
becca
when
I
was
working
on
this
like
really
quickly.
You
know
how
do
you
save
a
title
within
the
sidebar
if
you're
editing
an
issue
title
within
a
sidebar
like
what
does
that
look.
C
C
Oh
and
then
also
the
idea
of,
I
think
he
brought
this
up
like
contextual
settings
like
the,
I
could
see
three
levels
of
that
right,
like
contextual
to
the
page
or
like
area
you're,
looking
at
or
contextual
to
even
like
the
navigational
item
where
security
and
compliance
has
this
sort
of,
and
then
there's
also
like
the
settings
here
so
like
there's
at
least
three
levels
that
I
see
and
then
maybe
within
the
object
itself,
so
becca
you're
having
fun.
I
love
it.
I'm
sorry.
B
I
know
I'm
sorry
yeah,
that
was
mom
and
dad.
I
don't
think
you
were
sharing
your
screen
there.
It
sounds
like
you
were
pointing
at
something.
C
Oh
was
I
and
I
wasn't
sharing.
Of
course
I
wasn't
yeah
I
was
just.
I
was
just
showing
this
where
there's
like
a
gosh
configuration
area
here,
yeah
right
and
then
there's
like
a
settings
here
and
then,
like
you
know,
maybe
you're
within
your
own
page
or
maybe
within
an
object.
Even
so
there's
so
many
layers
of
security
settings,
but
some
guidance.
There
would
be
kind
of
helpful
right
like
what
level.
C
A
Yeah
and
also
another
point-
I've
heard
quite
quite
often
was
the
ability
to
go
to
a
different
setting
area
right,
even
if
you're
in
like
in
a
specific
product
or
a
page
of
a
feature.
If
you
need
to
do
a
change
in
the
settings,
then
you
don't
need
to
go
to
the
navigation
to
find
that
information
right
just
so
that
we
are
able
to
kind
of
link
everything
like
full
circle
and
not
because
I
think
right
now.
A
What
happens
is
that
when
people
have
to
configure
something
they
go
to
google
and
they
search
configuring,
ci
pipelines
or
whatever,
then
they.
You
know
the
information
the
documentation
is
going
to
tell
them.
They
have
to
go
back
to
the
project
open.
The
settings
do
this
and
that
I
think
that
would
be
a
good
opportunity
for
us
to
also
provide
this
type
of
guidelines
that
will
empower
designers
to
make
more
informed
decisions,
because
sometimes
it
feels
that
you're
adding
a
button
there.
A
But
then
oh
there's,
no,
no
one
is
telling
me
that
I
can
do
that
or
it's
gonna
break
the
pattern.
I
see
that
happen
quite
often
at
least
with
my
work.
Yeah.
B
B
I
need
to
go
to
settings
and
I
want
to
see
the
settings
across
my
project
or
I
want
to
see
the
settings
across
this
group
and
I
want
to
make
sure
that
security
has
these
things
set
up
and
ci
cd
has
these
things
set
up,
and
I
am
in
a
settings
mode
in
my
brain
right
now
and
I
just
want
to
see
all
the
settings
I
could
also
see
you
know.
I'm
in
you
know
more
persona
based
where
I
am
a
security
analyst,
and
I
just
want
to
see
settings
for
security
and
compliance.
B
So
I'm
going
to
go
to
security
and
compliance,
and
then
what
settings
do
I
have
within
that
by
alexis?
She
hits
a
drop.
But,
yes,
I
don't
know
what's
right,
yeah
there
and
it
could
be
that
they're
both
correct
for
for
different
people.
I
imagine
that
project
owners-
or
you
know
high
high
level
like
c-level
executives,
may
just
want
to
go
and
see
what
is
going
on
within
security.
B
I
don't
know
about
you
know
I'm
very
much
in
the
security
world,
so
I
can't
speak
for
the
other,
the
other
stages
or
the
other
parts
of
the
product,
but
I
I
could.
I
could
see
that
you
know
there's
there's
a
head
security
guy
at
the
company.
He
just
wants
to
see
what's
going
on
with
with
projects
and
what
is
what
are
their
security
policies
that
they
have
in
place?
B
I
don't
think
that
that
person
necessarily
is
also
caring
about
settings
and
other
things,
but
I
mean
maybe
it
all
it's
all
tied
in
I
mean
that
is
what
git
lab
is
right.
It's
it's
ci
cd!
It's
it's
all
of
these
things
integrated!
So
do
you
yeah?
Do
you
have
any
thoughts
about
that
like
what
that
mental
model
is.
A
Yeah
in
release
management,
I
work
with
a
variety
of
personas
and
I
work
with
people
that
are
technical,
so
there's
personals
that
they're
going
to
the
ci
file
that
they're
going
to
configure.
I
think
much
like
what
your
personas
are:
some
of
them
and
they're
going
to
configure
everything
in
cli,
but
then
I
also
have
these
people
that
are
with
these
managers
or
they're
marketing
people
or
they
just
you
know,
writing
a
release
blog
post,
whatever
they
don't
really
care
about
the
code,
the
configuration
they
want,
everything
to
be
set
up
for
them.
A
But
what
I
see
right
now
is
that
because
they
we
assume
that
they
don't
care
about
the
configuration.
We
also
don't
tell
them
why
things
are
the
way
they
are.
So
I
don't
know
there
is
a
you
want
to
enable
a
feature
flag
that
in
your
project,
but
it's
set
up
at
the
group
level
and
right
now
you
just.
Can
you
don't
even
know
where
that
comes
from
right?
A
So
I
don't
really
have
any
solutions
for
that,
because
we
do
have
quite
a
lot
of
insight
from
different
stage
groups
on
that,
and
I
think
the
challenge
right
now
is
to
collect
this
information
and
make
like
an
informed
decision
on
what
is
a
low-hanging
fruit
for
satins
right,
I
think
kind
of
sidebar
as
well.
I
think
it's
the
information
architecture
is
defining
like
you
know.
What
is
a
group
setting?
A
What
is
the
contextual
setting
what
is
and
from
there
we
can
start
feeding
back
all
those
questions
that
we
have
that
are
related
to
specific
personas
and
jobs
to
be
done,
and
then
look
at
the
scenarios
as
well,
but
yeah
it's
it's
a
bit
more
complicated
than
what
it
looks
like.
B
Yeah
you
bring
up
an
interesting
point,
I
mean
originally.
I
was
thinking
you
know.
If
we
wanted
to
make
this
more
permissions
based,
I
it
it
makes
more
sense
to
have
it
in
the
settings
menu
because
you
have
to
be
what
is
it
a
main
container
or
above
to
a
maintainer
or
project
owner
admin
to
see
settings
in
the
nav,
so
that
would
restrict
you
know
a
developer
level
from
being
able
to
adjust
those
settings.
B
However,
if
a
if
a
developer
who
has
developer
permissions
level
is
wondering
where
is
this
coming
from,
it
might
be
interesting
for
them
to
be
able
to
go
into
settings
and
see.
Okay,
there's
this
security
approvals
thing
set
up
here
are
the
different
here,
the
available
you
know
settings
or
I
can
see
that
it's
set
to
if
a
critical
or
high
or
unknown
level,
severity
or
severity
level
vulnerability.
B
That's
why
I'm
getting
these
checks
because
they
may
they
may
assume
that
it's
just
a
critical
level,
but
we're
also
tying
in
unknown,
because
unknown
is
a
severity
that
we
offer.
It
could
be
critical,
but
we
just
don't
have
the
information
to
determine
that.
So
we
throw
unknown
in
with
critical
and
high
on
the
security
checks
or
the
security
approvals,
but
so
they
may
say
like.
Why
is
why
am
I
blocked
on
an
unknown?
Are
you
is
everything?
Okay,
I'm
working
a
firework
is.
A
B
Almost
weekend
that
was
random.
Okay,
I'm
glad
you're
safe,
but
yeah
I
mean
so
they
may
not
know,
and
then
it's
like
who
do
I
reach
out
to
to
find
this
out.
I
could
see
developers
in
slack
like
why
am
I
being
blocked
on
this,
whereas
if
there
was
a
sentence
area,
it
might
be
interesting
for
them
to
go
in
there.
They
may
not
change
it.
B
Maybe
we
need
to
give
people
more
credit
and-
and
they
may
not
change
it
just
to
like
get
rid
of
it
so
they're
unblocked,
but
it
would
provide
that
information
of.
Oh
that's
why
I'm
being
blocked
on
this
yeah.
A
Right
because
I
think
that
it's
going
to
give
them,
for
example,
the
solution,
because
right
now
you
point
to
a
lot
of
documentation,
you
go
to
settings,
there's
more
information,
click
here
go
there,
but
then
how
do
I
solve
this
right
now
or
you
know?
Is
this
a
system
I
mean
that
needs
to
help
me?
Is
it
like?
I
think
there
are.
I
love
this
conversation
today
because
I
think
it's
interesting
to
see
how
the
problems
overlap
and
how
we
could
potentially
come
up
with.
A
I
think
quick,
wins
and
small
boring
solutions
to
at
least,
if
not
necessarily
implement
these
changes
right
now,
but
at
least
say
hey.
This
is
what
we
you
know.
We
have
right
now
and
here
are
some
ideas
of
how
can
we
improve
the
not
only
the
consistency
but
also
the
overall
experience
with
settings,
because
if
you
can
roll
that
out,
for
example,
secure
and
then
we
just
implement
the
same-
a
similar
pattern
in
release
management,
which
will
also
cascades
to
ci,
which
will
cascade
to
you
know
and
yeah?
It
makes
everybody
happy
yeah.
A
A
B
A
The
things
repeat
a
lot:
what
I've
been
hearing
is
really
like:
information
architecture,
discoverability
lack
of
patterns
and
pajamas,
as
in
give
me
an
asset,
give
me
a
template
like
a
starting
point
for
this
and
like
what
we
discussed
now
at
the
end.
What
do
I
do
if
I
find
problem
x
right
not
like
here,
use
this
component?
It
expands
and
collapses.
A
But
in
what
context-
and
I
think
when
it
comes
to
settings
it's
one
of
the
things
I
think
a
bit
more
difficult
than
navigation-
because
navigation
yeah-
we
just
throw
things
at
it,
but
we
can
reorder
we
can
just,
but
with
settings
we
keep
adding
more
and
more
different
functionalities
and,
like
the
auto,
save
you
go
to
the
same
page,
there's
two
ways
of
saving
the
content.
A
So
I'm
glad
that
we
had
a
chance
to
catch
up,
and
I
think
my
next
step
here
is
really
just
grab
all
these
info
put
them
in
buckets.
And
if
you
have
like
any
issues,
I
know
you
share
the.
I
think
it's
an
epic.
What
is
it
no?
This
set
in
security
defense.
I
have
just
one,
but
if
you
have
any
other
issues
that
you
think
are
there
are
interesting
and
also
the
boards
the
mirror
board
they'll
be
super
cool.
Then
I
can.
B
And
about
I
linked
to
the
mural
and
the
spreadsheet
that
I
have
with
the
links
to
the
epics
and
the
issues
in
there.
I
can
also
just
put
the
links
directly
in
the
agenda.
I.
B
Yeah
so
there's
a
ton
of
epics
and
issues
in
there
that
all
relate
to
that,
and
then
I
pinged
you
in
my
issue
yesterday,
because
nicole
schwartz
is
a
pm
for
software
composition.
Analysis.
I
don't
know
if
you
saw
that,
but
she
pinged
me
and
said:
hey
just
so.
You
know
we're
working
on
this
settings
thing
and.
A
A
And
if
you
feel
like
just
feel
free
to
add
anything
to
this
epic
by
all
means,
go
ahead
and
add
content.
If
you
think
it's
it's
going
to
be
useful.
Okay,
I'm
gonna
reorder
some
things,
hopefully
tomorrow
and
I'll.
Try
to
summarize
all
these
findings,
because
I
think
I
talked
to
I
know
many
people
already,
maybe
yeah
designers.
I
think
that's
enough.
A
Yeah,
I
don't
think,
there's
no
decision
so
far.
I
think
what
I
want
to
do
is
not
even
come
up
with
a
proposal,
but
really
from
the
the
shared
pain
points
and
the
shared
solutions
that
you
know
the
common
solutions
that
we
discussed
come
up
with.
I'm
calling
buckets
this
buckets
off.
Okay.
This
could
be
a
potential
opening
for
it
because
there
is
there's
two
challenges.
Maybe
three
or
four
challenges.
A
Right
now
is
that
yeah
we
can
come
up
with
the
design
decisions,
but
we
need
people
to
implement
it,
and
I
think
it's
difficult
to
push
it
forward.
If
we
don't
have
like
what
navigation
like
a
clear
ownership
right
so
yeah
here
we
are
doing
investigation,
we
are
doing
validation,
we're
going
this
team
is
going
to
implement
it.
A
A
So
that's
one
thing
and
another
one.
I
think
you're
not
sure
if
you
saw
in
the
screen
in
the
in
the
epic
that
I
created,
I
have
here
a
list
of
what
I
call
the
themes,
the
I
created
a
bucket
with
bugs
features
and
the
research
or
the
feature
requests
and
the
big
changes,
and
here
you
can
see
like
all
for
the
bugs
that
I
could
find
that
have
settings
and
ux
added
to
them.
A
So
if
you
could
potentially
start
fixing
these
bugs
and
then
you
know,
while
we
make
decisions
on
the
re-architectural
redesign
of
settings,
we
can
already
solve
a
lot
of
problems
like
of
existing
consistency.
So
if
you
also
want
to
talk
to
european
and
say
hey,
there's,
I
don't
know
three
settings
bugs
here
in
secure.
A
They
are
quick
wings.
They
really
don't
need
any
words,
so
by
all
means
pick
it
up
and
try
to
convince
them
to
implement
these
changes.
Oh
yeah,
okay,
yeah,
so
bottom
line.
Let's
see
where
this
goes
and
then
I'll
I'll
make
sure
I'll
share.
Like
the
overview
with
the
ux
team,
we
have
yeah
on
tuesday
they
were
expo
lucky
people
soon.
B
Cool
and
one
thing
I'll
one
other
thing
I'll
say
on
the
the
mental
model
thing
I
could
even
see
settings
living
within
each
state
well
before
the
other
stages
and
where
it
might
live,
and
if
that
makes
sense,
but
for
security
and
compliance
I
mean
we're
we're
going
to
have
a
lot
of
settings
needs,
and
so
I
think
for
us
anyways.
It
makes
sense
to
have
our
own
settings
area,
especially
because
we
have
a
configuration,
page
and
they're
they're
kind
of
linked
settings
and
configuration.
B
So
I've
even
started
playing
around
with
some
ideas
where
there's
a
settings
tab
on
our
configuration
page,
because
there
is
a
relationship
there,
but
I
could
see
a.
B
I
think
it
would
be
great
to
account
for
both
mental
models
and
both
pathways.
So
I'm
in
security
and
compliance.
What
are
the
settings
that
I
have
here,
but
also
I
want
to
see
settings
across
this
project
or
across
this
instance.
How
can
I
go
to
general
settings
and
see
what
all
of
them
are
and
then,
if
I
want
to
adjust
anything,
then
I'm
taken
to
that
area
to
do
it
or
they
exist
in
both
somehow.
But
I
I
think
it
would
be
potentially
one
solution
could
be
not
to
have
to
choose.
A
B
A
Okay,
awesome,
so
you
change
it's
not
like
in
the
model
or
page
now,
there's
a
sidebar
right
so
see
exactly
I.
If
you
go
to
more
in,
you
have
environments,
operations
and
security
dashboards.
A
So
if
you
go
to
the
operations
dashboard,
it's
pretty
much
the
same
thing
as
the
environment
dashboard
different
data,
but
this
is
the
same
user
experience
and
then
in
the
beginning.
Let
me
show
you
my
screen:
that's
maybe
before
it
would
be
worse,
I'm
gonna
want
to
see
a
little
bit
where
I'm
talking
about
here.
I
was
here
right.
C
A
And
this
is
you
go
to
a
project
and
it's
pretty
much
the
same
view
yeah
in
line-
and
this
is,
I
think,
the
lack
of
consistency,
and
then
you
have
here.
You
know
operations
is
the
same
way.
B
B
A
Posted
because
I
think
that,
if
especially,
if
you're
moving
with
the
validation
you
get,
you
know,
I
don't
know
a
good
valid
feedback,
an
insight
from
user.
This
is
definitely
something
that
we
should
roll
out,
especially
with
dashboards.
B
B
I've
worked
on
dashboards
a
lot
before
my
previous
company,
so
I
feel
like
I'm
I'm
I'm.
I
have
like
a
running
start
on
some
of
this,
but
that's
what
kind
of
settings
related,
but
it's
more
like
view
settings
rather
than
like
how
things
run
sometimes
yeah
we're
also
doing
release.
A
Management
of
the
group
level
dashboard
for
a
director.
I
think
we
discussed
this
briefly
in
the
previous
milestones.
There
was
some
exchange
of
messages
of
dashboards
yeah,
but
it's
back
in
the
in
the
backlog,
but
I'll
definitely
get
in
touch
with
you,
because
I
know
that
he
you,
you
folks,
move
much
faster,
faster
because.