gitlab.com
Open in
urlscan Pro
2606:4700:90:0:f22e:fbec:5bed:a9b9
Public Scan
URL:
https://gitlab.com/groups/gitlab-org/-/epics/10063
Submission: On June 03 via api from US — Scanned from DE
Submission: On June 03 via api from US — Scanned from DE
Form analysis
1 forms found in the DOM<form tabindex="-1" class="b-dropdown-form gl-p-0">
<div data-testid="dropdown-content">
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true" class="gl-icon s16 gl-dropdown-item-check-icon">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(16, 104, 191);"></span> <span class="color-item-text">Blau</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(33, 118, 69);"></span> <span class="color-item-text">Grün</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(201, 28, 0);"></span> <span class="color-item-text">Rot</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(158, 84, 0);"></span> <span class="color-item-text">Orange</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-item"><button role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img" aria-hidden="true"
class="gl-icon s16 gl-dropdown-item-check-icon gl-visibility-hidden">
<use href="/assets/icons-0b41337f52be73f7bbf9d59b841eb98a6e790dfa1a844644f120a80ce3cc18ba.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="color-item"><span data-testid="color-item" class="dropdown-label-box color-item-color" style="background-color: rgb(105, 76, 192);"></span> <span class="color-item-text">Violett</span></div>
<p></p> <!---->
</div> <!---->
</button></li>
</div>
</form>
Text Content
Skip to content GitLab Weiter * Menü * Gründe, die für GitLab sprechen * Preise * Vertrieb kontaktieren * Erkunden * Gründe, die für GitLab sprechen * Preise * Vertrieb kontaktieren * Erkunden * Anmelden * Kostenlose Testversion anfordern PRIMÄRNAVIGATION Suchen oder aufrufen … Gruppe * GitLab.org * Verwalten * Aktivität * Mitglieder * Labels * Planen * Tickets 93k * Epics 8,7k * Ticketübersichten * Epicübersichten * Fahrplan * Meilensteine * Iterationen * Wiki * Code * Merge Requests 3,9k * Schützen * Sicherheits-Dashboard * Sicherheitslückenbericht * Bereitstellung * Paket-Registry * Betreiben * Terraform-Module * Analysieren * Einblicke * Ticketanalysen Hilfe * * Hilfe * Support * GitLab-Dokumentation * GitLab-Pläne vergleichen * Community-Forum * Zu GitLab beitragen * Feedback geben * * Tastenkürzel ? * Was ist neu? 8 Code-Schnipsel Gruppen Projekte 1. GitLab.org 2. Epics 3. &10063 FY24 THREAT INSIGHTS UX ROADMAP Aktionen zum Epic * * Referenz kopieren * * Missbrauch melden Aktionen zum Epic * * Referenz kopieren * * Missbrauch melden Offen Epic erstellt vor 1 Jahr von Becka Lippert @beckalippert PURPOSE Using a thematic roadmap designers will have the ability to focus on a larger problem area -rather than a feature- and to dive deep into a set of related problems based on user needs. This focus will generate a comprehensive experience inclusive of any/all related touch-points in the UI as well as an iterative approach to implementing these experiences. Hence the notion of theming and maintaining focus on that theme until it is delivered in the composite. This approach also builds in the runway for extensible problem and solution validation initiatives that can cover a wider surface area and uncover more nuance than if we focused on a particular problem for a specific feature. Learn more about UX Roadmaps Now Next Future Start=Current Quarter Start=Next Quarter Start=In 2 quarters Required for maturitycomplete Required for maturitycomplete maturitylovable We can follow this and make adjustments if themes take more or less time. Generally, if a theme takes more than a quarter to complete, then it should be broken down into a smaller theme. Note: There will be instances where we are working on a feature/capability that is not contained in one of our themes. Think of themes as the strategic design initiatives we need to complete to hit our target maturity level. The other issues are for maintaining the experience as it relates to our standards and our customer's standards. GOAL PRODUCT GOAL: Complete Definition: Companies use GitLab in concert with their existing security processes and tools to manage many aspects of vulnerability-related risks across the entire application lifecycle. UX GOALS: * Attain an understanding of complex and nuanced problems, informed by industry standards and best practices * Adhere to the design process and best practices to solve user problems through workflows and comprehensive experiences * Remain focused on a Theme within the scope of attaining Complete category maturity USER GOALS: * Leadership can see a project, sub-group, group or instance level view of their vulnerabilities AND their dependencies at each level. * Security Teams can quickly triage their vulnerabilities and dependencies with filters, searching and grouping within the vulnerability and dependency report. * Developers trust that new vulnerabilities on their branch are accurate. When possible, repetitive triage tasks are automated. ROADMAP NOW Theme Label Status DRI Target Start Target design complete Leadership can see if their organization is at risk TBD TBD @beckalippert - - NEXT Theme Label Status DRI Target design complete Rem. UX Weight Increase security team's efficiency when triaging vulnerabilities at scale UX ThemeTriage vulns at scale In Progress @beckalippert %15.10 TBD FUTURE Theme Status DRI Target Start Target design complete Developers trust that new vulnerabilities on their branch are accurate. - - - - FUTURE+ Theme Status DRI Target Start Target design complete Enable security teams to collaborate more effectively - - - - Reduce Security team's effort by automating time-consuming triage tasks UX ThemeAutomate triage Designs completed in %15.8 @beckalippert REFERENCE Contents of a UX theme Theme Title: The theme title quickly articulates the focus of the theme and its related activities. This is used for recall when planning / discussing or working directly on a theme. Subject Matter: A brief statement noting the breadth of the theme and which workflows it covers. This helps understand the scope at a high level. User Benefits: These are the benefits a user would directly receive when the theme is completed. Related Jobs Documented JTBD that relates to the user benefit. These are written as jobs excluding the motivation and result. Business Objective: What do we stand to gain from completing this theme. This is our internal motivation for working on this theme whereas the user benefits are our external motivation. Often this is measurable or quantifiable but that doesn’t have to be the standard. Sub themes: These can be listed as capabilities and act as an itemized list of topics to cover in the larger theme. We can close the theme when all of these are delivered and research hasn’t uncovered additional sub themes. Research topics: Open and high-level questions relating to the theme. These act as an initial guide for us to determine if problem validation is required in the theme. The topics also give us a sense of our understanding and confidence in the theme. Related product themes: One or more themes from the product or company vision that relates to the UX theme. This ensures we are keeping the overall direction (the forest) in mind when we are working on the issue (the trees) in the theme. MEASURING SUCCESS Vulnerability Management to Complete. See FY24 UX Roadmap: Threat Insights Mural for themes required for Complete. vor 1 Jahr von Alana Bellucci bearbeitet Startdatum Keine Behoben: Keine Vererbt: Keine Fälligkeitsdatum Keine Behoben: Keine Vererbt: Keine Labels 4 devops govern group threat insights UX UX Roadmap 4 devops govern group threat insights UX UX Roadmap UX +3 weitere Etiketts auswählen Keine passenden Ergebnisse Gruppenlabels verwalten Farbe Blau Blau Blau Blau Blau Epic Farbe zuweisen Blau Grün Rot Orange Violett Vertraulichkeit Nicht vertraulich Nicht vertraulich Hiermit wird die Geheimhaltung eingeschaltet. Nur Gruppe Mitglieder mit mindestens die Rolle als Reporters könnten diesen Epic sehen oder darüber benachrichtigt werden. Abbrechen Einschalten FY23 Threat Insights UX Roadmap Vorfahren * Vulnerability Management - Category Vision * Vulnerability Management - Viable to Complete * FY23 Threat Insights UX Roadmap 5 5 Teilnehmer(innen) UNTERGEORDNETE TICKETS UND EPICS 0 0 0 Hinzufügen * Ticket * Neues Ticket hinzufügen * Vorhandenes Ticket hinzufügen Untergeordnete Tickets und Epics verknüpfen, um zu zeigen, dass sie in Zusammenhang stehen oder sich gegenseitig blockieren. Mehr erfahren VERKNÜPFTE EPICS 0 Verknüpfe epic miteinander, um zu zeigen, dass sie verwandt sind oder andere blockieren. Mehr erfahren. AKTIVITÄT Zusammenfassung anzeigen Sortieren oder Filtern * * Neueste zuerst * Älteste zuerst * * Alle Aktivitäten anzeigen * Nur Kommentare anzeigen * Nur Verlauf anzeigen * Becka Lippert added groupthreat insights devopsgovern UX UX Roadmap labels vor 1 Jahr added groupthreat insights devopsgovern UX UX Roadmap labels * Becka Lippert added epic &7607 (closed) as parent epic vor 1 Jahr added epic &7607 (closed) as parent epic * Becka Lippert changed the description vor 1 Jahr Mit vorheriger Version vergleichen changed the description * * Becka Lippert @beckalippert · vor 1 Jahr Autor(in) @abellucci I created this epic as a placeholder until we can work out our FY24 UX priorities. I'm thinking through whether or not we need to create new themes, rearrange the priority of the existing themes, or create new themes altogether. Given the priorities you mentioned in our agenda yesterday, here's where the corresponding design issues and themes live for each: * Leadership can see a project, sub-group, group or instance level view of their vulnerabilities AND their dependencies at each level. It sounds like you're referring to the list of vulns and dependencies specifically, and not any high-level data or trends (e.g. on the Security Dashboard). Is that right? If so, I think this will be complete after the Group-level Dependency List MVC and Post-MVC Group/Sub-group level Dependency List. Update: on second thought, you'd probably want to add these issues relating to the project-level Dependency List into this theme as well: * 🎨 Design: Add Dependency List Filtering and Searching * 🎨 Design: Dependency List Grouping * ➕ others in the Dependency Management Minimal to Viable epic However, I want to note that Threat Insights is responsible for Dependency Management, while Dependency Scanning, Container Scanning, and License Compliance are all owned by Composition Analysis (PM: @smeadzinger), but @sam.white informed me that Threat Insights owns the UI for these things, and that another thing we need to add is the ability to do grouping on the Dependency List page so we can deprecate and remove the License Compliance page in 17.0. (This can either be included in that Post-MVC issue I linked above, or proposed separately in it's own issue, which would need to be created.) Other than that, he can't think of any significant License Compliance features that would be needed. I don't know what other needs there might be for Dependency List and Container Scanning, but we should get those listed out now if there are any. All of the above fits in with our current theme, UX Theme: Increase security team's efficiency when triaging vulnerabilities at scale, so we can add any existing related ones (or new ones that need opening) into that theme. I'm confused on what's happening to the instance level which was to become Workspaces and if that's still the plan. @jmandell do you know what the status is on that? @abellucci are these priorities in order? In other words, does this focus on leadership come before the 2 below? * Security Teams can quickly triage their vulnerabilities and dependencies with filters, searching and grouping within the vulnerability and dependency report. Filtering, grouping, and saved views are all issues in our current theme, UX Theme: Increase security team's efficiency when triaging vulnerabilities at scale. There is one other issue in there that was created by the designer before me, which is unrelated to the topics you mentioned, and is not ready for design: Problem validation: Comparing and cross-referencing vulnerabilities. We can move this into a backlog if you don't see it as a priority. As the issue title suggests, we would need to do problem validation on this first. This was opened before my time on Threat Insights and I suspect that grouping and advanced filters might help solve some of these potential problems. * Developers trust that new vulnerabilities on their branch are accurate. When possible, repetitive triage tasks are automated. Automation we'd have to discuss further, but we do have designs completed for two Threat Insights policies that will allow some automation, see UX Theme: Reduce Security team's effort by automating time-consuming triage tasks. Also related is UX Theme: Developers fix vulnerabilities in new code more quickly, but there's really only one design issue in there that pertains to groupthreat insights anymore, the other two are owned by devopscreate and groupstatic analysis. We also have UX Theme: Enable security teams to collaborate more effectively which contains things like the vulnerability detail commenting improvements, adding assignees, adding to dos on vulns, and more. That was supposed to be the theme after the current one (UX Theme: Increase security team's efficiency when triaging vulnerabilities at scale), so curious where you feel like this falls in priority. There are 5 other themes in the Future and Future+ buckets that we should review. My suggestion would be to duplicate the former Threat Insights UX Roadmap Workshop Mural to use as a template, where we can list all of these existing issues, and include any new ones that need opening, and reorganize them all into new themes which we can prioritize. If that sounds good, I'll put some time on the calendar to do so! Bearbeitet vor 1 Jahr bei Becka Lippert * Antworten reduzieren * Alana Bellucci @abellucci · vor 1 Jahr @beckalippert - Thank you for kicking off the UX Roadmap for FY24! We will do a combination of creating new themes, and rearranging the priority of some of the existing themes. I went ahead and added four top level themes for this year and put them in their respective now, next, future, and future+ tables. Some of the next themes you are already working on, which is great! From an engineering perspective, we are tracking this as our 12 month roadmap. You will see that some of the work will bounce back and forth between what I've proposed as Now and Next themes for UX. How could we make more streamlined for you? I've outlined more details around each theme below and tried to answer all of your questions for your initial comment. Please take the liberty to make changes directly to this roadmap based on my feedback and your inputs. NOW - LEADERSHIP CAN SEE IF THEIR ORGANIZATION IS AT RISK Leadership can see if their organization is at risk encompasses the work for the group/sub-group level dependency list as well as Add support for the Vulnerability Report and De... (&10048). > I'm confused on what's happening to the instance level which was to > become Workspaces and if that's still the plan. I think it is now the Organization object; Create Organization (&9266). NEXT - INCREASE SECURITY TEAM'S EFFICIENCY WHEN TRIAGING VULNERABILITIES AT SCALE The work you are already doing for UX Theme: Increase security team's efficiency w... (gitlab#362979) aligns well with security teams can quickly triage their vulnerabilities and dependencies with filters, searching and grouping within the vulnerability and dependency report. I want to make sure we add the ability to filter/group/sort/search for the Dependency List in addition to the Vulnerability Report. > ... ability to do grouping on the Dependency List page so we can > deprecate and remove the License Compliance page in 17.0. Let's make sure we can group by license. I see this iteration as a post MVC after Post-MVC Group/Sub-group level Dependency List (&10090). Problem validation: Comparing and cross-referen... (gitlab#267590) can be moved to the %Backlog. I think we should add the existing theme UX Theme: Reduce Security team's effort by auto... (gitlab#362664 - closed) to this section because the other theme is also about triaging. FUTURE - DEVELOPERS TRUST THAT NEW VULNERABILITIES ON THEIR BRANCH ARE ACCURATE. I am still working on the requirements for this theme; developers trust that new vulnerabilities on their branch are accurate. I am in the process of understand this issues and linking everything I think could be a problem in this issue. This may be backend only, I should know more in the coming weeks as I groom and understand the underlying issues. FUTURE+ - ENABLE SECURITY TEAMS TO COLLABORATE MORE EFFECTIVELY It looks like you've already identified the different issues for enabling security teams to collaborate more effectively! * Bitte registriere oder melde dich an um zu antworten * Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version vergleichen changed the description * Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version vergleichen changed the description * Becka Lippert mentioned in issue gitlab#398248 (closed) vor 1 Jahr mentioned in issue gitlab#398248 (closed) * Becka Lippert changed the description vor 1 Jahr Mit vorheriger Version vergleichen changed the description * Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version vergleichen changed the description * Becka Lippert mentioned in issue gitlab#362670 vor 1 Jahr mentioned in issue gitlab#362670 * Alana Bellucci changed the description vor 1 Jahr Mit vorheriger Version vergleichen changed the description * Becka Lippert mentioned in issue gitlab#415751 vor 11 Monaten mentioned in issue gitlab#415751 Bitte registriere oder melde dich an um zu antworten