gitlab.com
Open in
urlscan Pro
2606:4700:90:0:f22e:fbec:5bed:a9b9
Public Scan
URL:
https://gitlab.com/groups/gitlab-org/-/epics/10063
Submission: On June 03 via api from US — Scanned from DE
Submission: On June 03 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form tabindex="-1" class="b-dropdown-form gl-p-0">
<div data-testid="dropdown-content">
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true" class="gl-icon s16 gl-dropdown-item-check-icon">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(16, 104, 191);"></span> <span class="color-item-text">Blau</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(33, 118, 69);"></span> <span class="color-item-text">Grün</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(201, 28, 0);"></span> <span class="color-item-text">Rot</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(158, 84, 0);"></span> <span class="color-item-text">Orange</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(105, 76, 192);"></span> <span class="color-item-text">Violett</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
</div>
</form>Text Content
Skip to content
GitLab Weiter
* Menü
* Gründe, die für GitLab sprechen
* Preise
* Vertrieb kontaktieren
* Erkunden
* Gründe, die für GitLab sprechen
* Preise
* Vertrieb kontaktieren
* Erkunden
* Anmelden
* Kostenlose Testversion anfordern
PRIMÄRNAVIGATION
Suchen oder aufrufen …
Gruppe
* GitLab.org
* Verwalten
* Aktivität
* Mitglieder
* Labels
* Planen
* Tickets
93k
* Epics
8,7k
* Ticketübersichten
* Epicübersichten
* Fahrplan
* Meilensteine
* Iterationen
* Wiki
* Code
* Merge Requests
3,9k
* Schützen
* Sicherheits-Dashboard
* Sicherheitslückenbericht
* Bereitstellung
* Paket-Registry
* Betreiben
* Terraform-Module
* Analysieren
* Einblicke
* Ticketanalysen
Hilfe
* * Hilfe
* Support
* GitLab-Dokumentation
* GitLab-Pläne vergleichen
* Community-Forum
* Zu GitLab beitragen
* Feedback geben
* * Tastenkürzel ?
* Was ist neu? 8
Code-Schnipsel Gruppen Projekte
1. GitLab.org
2. Epics
3. &10063
FY24 THREAT INSIGHTS UX ROADMAP
Aktionen zum Epic
* * Referenz kopieren
* * Missbrauch melden
Aktionen zum Epic
* * Referenz kopieren
* * Missbrauch melden
Offen Epic erstellt vor 1 Jahr von Becka Lippert @beckalippert
PURPOSE
Using a thematic roadmap designers will have the ability to focus on a larger
problem area -rather than a feature- and to dive deep into a set of related
problems based on user needs. This focus will generate a comprehensive
experience inclusive of any/all related touch-points in the UI as well as an
iterative approach to implementing these experiences. Hence the notion of
theming and maintaining focus on that theme until it is delivered in the
composite. This approach also builds in the runway for extensible problem and
solution validation initiatives that can cover a wider surface area and uncover
more nuance than if we focused on a particular problem for a specific feature.
Learn more about UX Roadmaps
Now Next Future Start=Current Quarter Start=Next Quarter Start=In 2 quarters
Required for maturitycomplete Required for maturitycomplete maturitylovable
We can follow this and make adjustments if themes take more or less time.
Generally, if a theme takes more than a quarter to complete, then it should be
broken down into a smaller theme.
Note: There will be instances where we are working on a feature/capability that
is not contained in one of our themes. Think of themes as the strategic design
initiatives we need to complete to hit our target maturity level. The other
issues are for maintaining the experience as it relates to our standards and our
customer's standards.
GOAL
PRODUCT GOAL:
Complete Definition: Companies use GitLab in concert with their existing
security processes and tools to manage many aspects of vulnerability-related
risks across the entire application lifecycle.
UX GOALS:
* Attain an understanding of complex and nuanced problems, informed by industry
standards and best practices
* Adhere to the design process and best practices to solve user problems
through workflows and comprehensive experiences
* Remain focused on a Theme within the scope of attaining Complete category
maturity
USER GOALS:
* Leadership can see a project, sub-group, group or instance level view of
their vulnerabilities AND their dependencies at each level.
* Security Teams can quickly triage their vulnerabilities and dependencies with
filters, searching and grouping within the vulnerability and dependency
report.
* Developers trust that new vulnerabilities on their branch are accurate. When
possible, repetitive triage tasks are automated.
ROADMAP
NOW
Theme Label Status DRI Target Start Target design complete Leadership can see if
their organization is at risk TBD TBD @beckalippert - -
NEXT
Theme Label Status DRI Target design complete Rem. UX Weight Increase security
team's efficiency when triaging vulnerabilities at scale UX ThemeTriage vulns at
scale In Progress @beckalippert %15.10 TBD
FUTURE
Theme Status DRI Target Start Target design complete Developers trust that new
vulnerabilities on their branch are accurate. - - - -
FUTURE+
Theme Status DRI Target Start Target design complete Enable security teams to
collaborate more effectively - - - - Reduce Security team's effort by automating
time-consuming triage tasks UX ThemeAutomate triage Designs completed in %15.8
@beckalippert
REFERENCE
Contents of a UX theme
Theme Title: The theme title quickly articulates the focus of the theme and its
related activities. This is used for recall when planning / discussing or
working directly on a theme.
Subject Matter: A brief statement noting the breadth of the theme and which
workflows it covers. This helps understand the scope at a high level.
User Benefits: These are the benefits a user would directly receive when the
theme is completed. Related Jobs Documented JTBD that relates to the user
benefit. These are written as jobs excluding the motivation and result.
Business Objective: What do we stand to gain from completing this theme. This is
our internal motivation for working on this theme whereas the user benefits are
our external motivation. Often this is measurable or quantifiable but that
doesn’t have to be the standard.
Sub themes: These can be listed as capabilities and act as an itemized list of
topics to cover in the larger theme. We can close the theme when all of these
are delivered and research hasn’t uncovered additional sub themes. Research
topics: Open and high-level questions relating to the theme. These act as an
initial guide for us to determine if problem validation is required in the
theme. The topics also give us a sense of our understanding and confidence in
the theme.
Related product themes: One or more themes from the product or company vision
that relates to the UX theme. This ensures we are keeping the overall direction
(the forest) in mind when we are working on the issue (the trees) in the theme.
MEASURING SUCCESS
Vulnerability Management to Complete. See FY24 UX Roadmap: Threat Insights Mural
for themes required for Complete.
vor 1 Jahr von Alana Bellucci bearbeitet
Startdatum
Keine
Behoben:
Keine
Vererbt:
Keine
Fälligkeitsdatum
Keine
Behoben:
Keine
Vererbt:
Keine
Labels
4
devops govern group threat insights UX UX Roadmap
4
devops govern group threat insights UX UX Roadmap
UX +3 weitere
Etiketts auswählen
Keine passenden Ergebnisse
Gruppenlabels verwalten
Farbe
Blau
Blau
Blau
Blau
Blau
Epic Farbe zuweisen
Blau
Grün
Rot
Orange
Violett
Vertraulichkeit
Nicht vertraulich
Nicht vertraulich
Hiermit wird die Geheimhaltung eingeschaltet. Nur Gruppe Mitglieder mit
mindestens die Rolle als Reporters könnten diesen Epic sehen oder darüber
benachrichtigt werden.
Abbrechen Einschalten
FY23 Threat Insights UX Roadmap
Vorfahren
* Vulnerability Management - Category Vision
* Vulnerability Management - Viable to Complete
* FY23 Threat Insights UX Roadmap
5
5 Teilnehmer(innen)
UNTERGEORDNETE TICKETS UND EPICS
0 0 0
Hinzufügen
* Ticket
* Neues Ticket hinzufügen
* Vorhandenes Ticket hinzufügen
Untergeordnete Tickets und Epics verknüpfen, um zu zeigen, dass sie in
Zusammenhang stehen oder sich gegenseitig blockieren. Mehr erfahren
VERKNÜPFTE EPICS
0
Verknüpfe epic miteinander, um zu zeigen, dass sie verwandt sind oder andere
blockieren. Mehr erfahren.
AKTIVITÄT
Zusammenfassung anzeigen
Sortieren oder Filtern
* * Neueste zuerst
* Älteste zuerst
* * Alle Aktivitäten anzeigen
* Nur Kommentare anzeigen
* Nur Verlauf anzeigen
* Becka Lippert added groupthreat insights devopsgovern UX UX Roadmap labels
vor 1 Jahr
added groupthreat insights devopsgovern UX UX Roadmap labels
* Becka Lippert added epic &7607 (closed) as parent epic vor 1 Jahr
added epic &7607 (closed) as parent epic
* Becka Lippert changed the description vor 1 Jahr Mit vorheriger Version
vergleichen
changed the description
* * Becka Lippert @beckalippert · vor 1 Jahr
Autor(in)
@abellucci I created this epic as a placeholder until we can work out our
FY24 UX priorities. I'm thinking through whether or not we need to create
new themes, rearrange the priority of the existing themes, or create new
themes altogether. Given the priorities you mentioned in our agenda
yesterday, here's where the corresponding design issues and themes live
for each:
* Leadership can see a project, sub-group, group or instance level view
of their vulnerabilities AND their dependencies at each level.
It sounds like you're referring to the list of vulns and dependencies
specifically, and not any high-level data or trends (e.g. on the Security
Dashboard). Is that right? If so, I think this will be complete after the
Group-level Dependency List MVC and Post-MVC Group/Sub-group level
Dependency List.
Update: on second thought, you'd probably want to add these issues
relating to the project-level Dependency List into this theme as well:
* 🎨 Design: Add Dependency List Filtering and Searching
* 🎨 Design: Dependency List Grouping
* ➕ others in the Dependency Management Minimal to Viable epic
However, I want to note that Threat Insights is responsible for Dependency
Management, while Dependency Scanning, Container Scanning, and License
Compliance are all owned by Composition Analysis (PM: @smeadzinger), but
@sam.white informed me that Threat Insights owns the UI for these things,
and that another thing we need to add is the ability to do grouping on the
Dependency List page so we can deprecate and remove the License Compliance
page in 17.0. (This can either be included in that Post-MVC issue I linked
above, or proposed separately in it's own issue, which would need to be
created.) Other than that, he can't think of any significant License
Compliance features that would be needed. I don't know what other needs
there might be for Dependency List and Container Scanning, but we should
get those listed out now if there are any.
All of the above fits in with our current theme, UX Theme: Increase
security team's efficiency when triaging vulnerabilities at scale, so we
can add any existing related ones (or new ones that need opening) into
that theme.
I'm confused on what's happening to the instance level which was to become
Workspaces and if that's still the plan. @jmandell do you know what the
status is on that?
@abellucci are these priorities in order? In other words, does this focus
on leadership come before the 2 below?
* Security Teams can quickly triage their vulnerabilities and
dependencies with filters, searching and grouping within the
vulnerability and dependency report.
Filtering, grouping, and saved views are all issues in our current theme,
UX Theme: Increase security team's efficiency when triaging
vulnerabilities at scale. There is one other issue in there that was
created by the designer before me, which is unrelated to the topics you
mentioned, and is not ready for design: Problem validation: Comparing and
cross-referencing vulnerabilities. We can move this into a backlog if you
don't see it as a priority. As the issue title suggests, we would need to
do problem validation on this first. This was opened before my time on
Threat Insights and I suspect that grouping and advanced filters might
help solve some of these potential problems.
* Developers trust that new vulnerabilities on their branch are accurate.
When possible, repetitive triage tasks are automated.
Automation we'd have to discuss further, but we do have designs completed
for two Threat Insights policies that will allow some automation, see UX
Theme: Reduce Security team's effort by automating time-consuming triage
tasks. Also related is UX Theme: Developers fix vulnerabilities in new
code more quickly, but there's really only one design issue in there that
pertains to groupthreat insights anymore, the other two are owned by
devopscreate and groupstatic analysis.
We also have UX Theme: Enable security teams to collaborate more
effectively which contains things like the vulnerability detail commenting
improvements, adding assignees, adding to dos on vulns, and more. That was
supposed to be the theme after the current one (UX Theme: Increase
security team's efficiency when triaging vulnerabilities at scale), so
curious where you feel like this falls in priority.
There are 5 other themes in the Future and Future+ buckets that we should
review.
My suggestion would be to duplicate the former Threat Insights UX Roadmap
Workshop Mural to use as a template, where we can list all of these
existing issues, and include any new ones that need opening, and
reorganize them all into new themes which we can prioritize. If that
sounds good, I'll put some time on the calendar to do so!
Bearbeitet vor 1 Jahr bei Becka Lippert
* Antworten reduzieren
* Alana Bellucci @abellucci · vor 1 Jahr
@beckalippert - Thank you for kicking off the UX Roadmap for FY24! We will
do a combination of creating new themes, and rearranging the priority of
some of the existing themes. I went ahead and added four top level themes
for this year and put them in their respective now, next, future, and
future+ tables. Some of the next themes you are already working on, which
is great!
From an engineering perspective, we are tracking this as our 12 month
roadmap. You will see that some of the work will bounce back and forth
between what I've proposed as Now and Next themes for UX. How could we
make more streamlined for you?
I've outlined more details around each theme below and tried to answer all
of your questions for your initial comment. Please take the liberty to
make changes directly to this roadmap based on my feedback and your
inputs.
NOW - LEADERSHIP CAN SEE IF THEIR ORGANIZATION IS AT RISK
Leadership can see if their organization is at risk encompasses the work
for the group/sub-group level dependency list as well as Add support for
the Vulnerability Report and De... (&10048).
> I'm confused on what's happening to the instance level which was to
> become Workspaces and if that's still the plan.
I think it is now the Organization object; Create Organization (&9266).
NEXT - INCREASE SECURITY TEAM'S EFFICIENCY WHEN TRIAGING VULNERABILITIES
AT SCALE
The work you are already doing for UX Theme: Increase security team's
efficiency w... (gitlab#362979) aligns well with security teams can
quickly triage their vulnerabilities and dependencies with filters,
searching and grouping within the vulnerability and dependency report. I
want to make sure we add the ability to filter/group/sort/search for the
Dependency List in addition to the Vulnerability Report.
> ... ability to do grouping on the Dependency List page so we can
> deprecate and remove the License Compliance page in 17.0.
Let's make sure we can group by license. I see this iteration as a post
MVC after Post-MVC Group/Sub-group level Dependency List (&10090).
Problem validation: Comparing and cross-referen... (gitlab#267590) can be
moved to the %Backlog.
I think we should add the existing theme UX Theme: Reduce Security team's
effort by auto... (gitlab#362664 - closed) to this section because the
other theme is also about triaging.
FUTURE - DEVELOPERS TRUST THAT NEW VULNERABILITIES ON THEIR BRANCH ARE
ACCURATE.
I am still working on the requirements for this theme; developers trust
that new vulnerabilities on their branch are accurate. I am in the process
of understand this issues and linking everything I think could be a
problem in this issue. This may be backend only, I should know more in the
coming weeks as I groom and understand the underlying issues.
FUTURE+ - ENABLE SECURITY TEAMS TO COLLABORATE MORE EFFECTIVELY
It looks like you've already identified the different issues for enabling
security teams to collaborate more effectively!
* Bitte registriere oder melde dich an um zu antworten
* Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version
vergleichen
changed the description
* Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version
vergleichen
changed the description
* Becka Lippert mentioned in issue gitlab#398248 (closed) vor 1 Jahr
mentioned in issue gitlab#398248 (closed)
* Becka Lippert changed the description vor 1 Jahr Mit vorheriger Version
vergleichen
changed the description
* Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version
vergleichen
changed the description
* Becka Lippert mentioned in issue gitlab#362670 vor 1 Jahr
mentioned in issue gitlab#362670
* Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version
vergleichen
changed the description
* Becka Lippert mentioned in issue gitlab#415751 vor 11 Monaten
mentioned in issue gitlab#415751
Bitte registriere oder melde dich an um zu antworten