Create configuration security training
Create the new "Vulnerability management" tab and add the "Security Training" Section.
Current | Mock |
---|---|
All disabled | Toggled | Training saved & enabled |
---|---|---|
Note
The issue will be further broken down. This will ensure we keep our changes and MR as small as possible.
Issue | Changes |
---|---|
This Issue | Add Security training section |
#346059 (closed) | Add "Primary training" |
#346060 (closed) | Add info popover |
More info
This has been extracted from the design issue > https://gitlab.com/gitlab-org/gitlab/-/issues/326054
Training suggestions will be OFF by default. This is because we are introducing zero-configuration integrations that take GitLab users to an external provider. There is a high probability we will launch with more than one provider, so the user must chose which one(s) to enable. Also, historically, many self-managed Ultimate customers are sensitive to any external network connections we make that are not to a GitLab-controlled domain. To not lose visibility of this new feature, we will use the notification detailed below.
Training configuration makes sense at both the Group and Project level. It would be much more convenient to enable it at the Group level where users can then disable for any specific child Project it is not wanted. It can also be left off for a Group but selectively enabled on individual Projects.
Permission and Security
There are no security or permissions requirements. Any Ultimate user with access to vulnerability findings, vulnerability details pages, and the Security & Compliance → Configuration page can access all of this functionality.
Implementation Plan
Please see spike issue for detail on the vendor API usage > https://gitlab.com/gitlab-org/gitlab/-/issues/346069