 and it's recording thank you it's a cloud recording it's what sorry a cloud recording it seems so perfect I don't see the difference is between the two so yeah it should be fine yeah okay so thank you for joining everyone this discussion about the group level dashboard I put in the in the calendar invite a link to the document that was the one already used to discuss about the dashboard in general and I'd like to add a new section today about our discussion on the group level security dashboard the discussion is not just about the dashboard but also on the data model and the artifact parsing that are the source the information source for the dashboard itself so I put in the document at the top three main points I'd like to address today they are strictly related and we just need to figure out that if we have all the information for those and if you know they are talking together well one with each other so if we have all the information from one point to the to the other one the the first one is the final incremental design incremental is just because even if we are very very confident that we can have everything done by this iteration I I still like to have you know an incremental development so if we cannot do all the features that we are considering as part of this first iteration and DC we can still get something so my proposal is that the very first thing to do is the top summary with the big numbers you know in the colored boxes or critical and high so on and that's that the very first thing to work on then we have the list of issues so the second part just at the bottom of the summary where just the list so what can be similar very similar to the actual security report then we have the action items in the list so the ability to create an issue from there to dismiss the issue from there and then filters that still needs some no discussion and how to figure out exactly what we want to filter what the filters will affect so I suppose this is the the right sequence of things all of them are intended to be part of this iteration but just in case this is the priority order inside the same iteration I'll I think that the the graphics are completely out of this iteration so we don't even have to discuss I know that there is already an issue and a possible design for them but we don't have to take time to implement it this iteration is absolutely too much otherwise the second point is the source of the information so the database we still need to completely figure out the structure or maybe probably all of you and Fabiano already have a very good understanding of that I like them to share with us so we know exactly which are the the numbers information available and the second point is how to put data into these tables so how to parse artifacts how to store the artifacts that are coming the other CICD pipeline into the database itself it is something very very similar probably to what gUnit is doing up to the parsing but gUnit as far as I know is not storing data into the the database itself they're just parsing and consuming artifacts you know live at the moment case by case so it's still something that we need to figure out and even here it's totally fine if you can just start with one of the types categories that I remember which was the the final name agreed so dependency scanning probably or SAST could could be a very good spot obviously everything will adapt so as soon as we are able to add more parsers for artifacts it should be absolutely transparent for users and we don't have to change obviously everything again the third point that the last one is the API the interaction between the front end and the back end I consider two main points for them the first one is the page load the what you need to build up the initial page and then the second point is user interactions for example and want to create an issue and want to dismiss something if you click on a filter and want to filter on something these are in my opinion the points we have to address today in order to get the final design they are almost done all of them but just to finalize so we can also discuss you know the technical possible solution implementation and probably the front end and the back end have to align for example if you want to do it dynamically with UJS or if the filters and the list that could be partly a reuse from existing code and so it means that you have some constraint coming from the existing code that you have to take in into account and thank you Lucas for being here I know that Sam is the one assigned we were suggesting or considering a switch but understand that until we don't have you know an agreement on that you will be probably just taking a look and but additionally now that UX is not done it's fine I'm I really agree with the strategy you outlined and I think you know I probably finished the other deliverables first and so I think I also can support Sam because for example take creating the top thing and creating the list can be done separately right so yeah that's perfect sorry for interrupting no problem absolutely as I already remember the in a very multiple places this is the top feature for 11.4 so I will push everyone a little you know in the in the fur in the polite way that's just because I really think that we shipping this in 11.4 is a very important thing for the company for the product for our team so let's start with the you know discussion and probably the the first point is exactly engine about engineers talking so I don't know Andy or Lucas and Fabian who want to jump in and start the talk do you guys want to see just the design so far you want to start with that yeah maybe just go over it really quick to remind us all yeah let me just share my screen so it's changed a bit but it's only changing because it's reusing elements we have so we're not gonna be creating too much more everyone see this yep okay so at the top we have the big numbers color-coded based on G2's new designation for how we're gonna call out critical high medium low and unknown and then you start to just move down you'll see how we can start filtering by source type and we can even keep the count of the source in there we want and by clicking this it will change all of this the idea is not to change this at the moment because I know fleet and Sarah we kind of went back and forth on like is this filter this does this filter this I think it's just easier if we just leave these alone once the user starts you know work in the list and working with these counts if they want to they're gonna be focused on this area so I'm okay with that as we move forward past the MVC you'll start seeing how these might become a little more dynamic but for now we're not not gonna make these dynamic at least in my mind and then we have filters for severity confidence project identifier and then our Boolean for dismissed and then we have a sort feature you can sort by last detected which is our date you can sort by severity level and many other things if we decide there should be more confidence right other things vulnerability name and I don't think so and then we'll paginate because loading this you know long list won't make sense so maybe 10 maybe a little more if we if there's a standard practice we want to adhere to and then you have the ability to reset the filters so thoughts questions comments oh yes I have a bind so I'm just going to start first thing you can filter by project but I don't see the project anywhere yeah first one and what's filtering by identifier yes those are my two questions okay identifier was pulled up in the issue as something that we can and could possibly sort by you have to really know what's what means a different property yeah yeah and this is really like the project you may you may have a lot of potential results for for this kind of filters and you potentially can filter by multiple identifiers like same as multiple projects so I don't know it will fit with this design compared to the stackable filters in the issues list and what's what what about that column would also be missing right now because if I I don't know I I don't know all the CV is by head right and now I have no way to select one I would for example see okay the medium insecure variable is CVE 5000 but I don't know it now I would have to open the motor right yeah and you have to start typing because this is dynamic data we don't have this all in database every data we have from the miner abilities is coming from the report so we don't have anything in database except from the sources and the confidence and severity level which are normalized values but everything else is coming from the report so for identifiers it can be a lot a lot of different values maybe we can narrow down the options so that it's about only common identifiers like CVE or CWE and remove every vendor specific identifiers like five same bugs went to three four or break mine 24 I don't know could remark the identifier as optional for the MVC then because we have control over severity confidence and project we could yeah the need for the user would be eventually you get an email notification about there is a command induction that has just been disclosed this is a CV went to three four and you go to the dashboard and you type this to know which of your project are impacted by that specific vulnerabilities this was the intended usage but we could eventually move it back to the next iteration that's not a big problem okay yes I also feel that ended fires should not be you know here and in general a we have to stick with what we have as columns in the database and also that is missed I'm not sure we want to show it there even because we are not allowing filtering out for this missed in the reports so yes could be an option but I don't see it to be a very top priority for for this filtering option for showing dismissed yeah so we can I think it would be beneficial because then we could get rest rid of the dismissed items in the in a much request views and on the normal report views for example yeah the thing is that currently this feature is really not readable so I feel the value to just don't be annoyed and remove remove some noise from the view by removing the dismissed the vulnerabilities this is great but you have to know that currently this is a alpha or beta feature I don't remember and it's really not readable and from one major question another some previously dismissed issues with the nerve history will come back so may come back so we this is not something we want to push really hard to the user so if we need to remove some things this one could be removed to us and also the the sorting is it something that is based on data that we have in the database that means that we should have them everything you want to filter on must be from the database columns and yes and that's why my my question is and I don't know which are the other options there but it seems to me that we have to line the data should be in the database or we should not have that specific option in the UI we don't remove detected and keep that for severity project name and confidence if we want and if we want any other ones we can keep that in there do we really need to know are we sorting by project or by confidence isn't the severity thing the most important one we want to you know just to avoid some you know option you know that we like conventions of our configuration so maybe we don't need at least not in the first iteration let's say no list in the first iteration no ordering in the first iteration you mean yeah I feel that sorting by severity is you know the default that should be and if you are interested in the project level you will jump to the project level dashboard and not on the group level but as Luca said said we don't have an indication of the project and this is something that we we should have I don't know for example in issue issue lists issue boards at the group level you have near to the title if I remember correctly the project name so you can easily get this information from the list without opening without going deep or filter so that could be an option and sorry just bear last question about this filter for now at least is the drop-down supposed to allow multiple values or is it just one value if we want to have critical and high only it should it should be a multiple yeah that's a challenge I don't think we have solved for yet I know there's actually a concurrent drop-down with sorting but what's what's with the isn't it also a challenge for the API then like if you have multiple severities and multiple projects for example to be supported in other places like getting all open issues and now open and closed issues at the same time doesn't make sense like all all issues assigned to Fabien and me yeah if you are a filter on the issues list you you can add multiple filters from the same properties multiple values from the same property but they are in and nothing or yes yeah that's probably we want to know or between different project multiple projects or multiple well maybe severity is not really a thing because if you are ordering by severity or just interested in one of the severity you can go down to the least up to the level you want yeah are you sure when you search for levels it's and yeah it's and but here we probably want to use or I just tried it out in the merge request if I search for much request authored by Lucas iPod and authored by Olivier I find nothing because it's an end and here we want an or because all these values just apply once for each category that's it for a fridge kind of of property so you will not never have critical and high on the same vulnerability but you may be interested in having a critical and high so okay but I could be fine having just one value for each if it's very challenging from you know the API and the backend but just let's consider that we should follow up on this to figure out if it's really you know important this filtering is solving a problem to users so our users using this filtering option for something or it's just something we are adding but there is no value in it because nobody will use they will just scroll up to the point they want if it's like that we don't need a filter in this way so it's just avoid putting a complexity into the feature that users will never benefit off do we want to hold off on having the sort feature for this version in that case the sort I'd say yes yeah even because we I think we don't have these that into the database and the the filtering we we should keep it and if it's hard to have multiple values because it's not a standard pattern we are having it gilab we can have one selection for each of them and obviously the old or I know no filter I don't know when you go and you say any milestone for example in the initials but then I'd like Andy and everyone else obviously to follow up and to figure out if you can improve the filtering in some way I have another question these what do these three links do the one is dismissing it probably right what's the blue one and what's the what's the I jumped to it one what do they do so blue is create an issue and then this arrow out will actually take you to this model of the model pop-up where you can see more information I'm sorry and but isn't that exactly the same view you have if you click on the enter itself I believe so this is just based on G2's interactions he created for this but there is currently no way to either go to the pipeline or merge request or I always just all on master these are master report for the master branch okay and there is like no link to the commit that introduced it or something not the second but could be a good follow-up I don't know if we have this data into the we have it but it's not really yellow it's like the the date column it's nice to have that you have to know that it's not something really reliable at least for SAS yeah so I'd say let's iterate on top of it and let's add this link this information but I really like to understand if we need that all the three buttons because I feel we just need two of them the the creating issue and the dismiss and not the details yeah the details you already should have them when you click on I don't know if the new design is changing also in the reports but in the reports at the moment you click yes exactly there on the vulnerability title I don't know vulnerability name and you go to the details so there is no meaning of having a specific button to open the same the same window that that's my take away if I understand it correctly yeah you can think maybe G2 to know maybe was not considered maybe he has a very different approach we are not seeing in in his proposal yeah I would assume that if if you click on the world role you will have this pop-up raising yeah no you can't do it on the world because otherwise you lose every other interactions no no not on the world role at a link the the vulnerability name should be a link like it is right now in the security reports in the merge request widget for example and then you get details from there even because you're not jumping it is not commit or something you will jump to so you open the the box and then Andy this is a question for you I'm not pushing in one direction or the other but I know because of the experience that sometimes UX said that we don't want to have the same action twice in the UI so in this specific case that we can dismiss or create an issue from the list that the full list itself or from the details window so I'm totally fine with it I don't have a strong opinion against having multiple times because I can feel that maybe you are just seeing the list and click all of them because you don't need more details on vulnerability so opening one one by one and click dismiss it's a little you know time-consuming so I feel the value of dismiss the issue from the full list I just want to be sure that from a UX direction I don't know best practices we are not doing something wrong that can create problems for the future but it's completely you know up to the UX so you can figure it out and comment yeah I think we want to try to keep all the actions in the same area that's why you see G2 going to these three buttons here as opposed to this like clicking on a link and then clicking on two buttons I guess time will tell if that works because I think that's what might be getting implemented soon or not in 11-4 but that he's been working on so just to be clear I think that we have to remove the first button I say that's obviously not prescriptive but and that's one thing because as a user I will click on the vulnerability name 100% that's why I think you click on the vulnerability name because at the moment you have no other way of opening that model but yeah for me for example I think users like having you know all the all actions that are available and in one place just just my opinion so I just have the completely opposite opinion that's totally fine yeah and then the second point is it's fine to have the actions both in the details and in the in the list my answer is yes but I know that UX in the past said no so I just want to be sure that we are not doing something you is unwise in this case it makes sense because if you want to dig into the vulnerability you will open the pop-up and then you will have to and then the same thing I know for past experiences that this was not the good way you know to do things but maybe in this case it's totally fine just checking a very last question about this I can I can be on a call for another 30 minutes if you have better we clear up all the questions then schedule another call yeah absolutely so is there a strong reason behind having the violet as the medium color but it feels to me a little you know out of the I don't want to say the standard because probably there is no standard but I normally see from red to green with a variety of orange yellow and not violet and medium is not so you know bad but not so good as well so I will not see it as a priority possible priority with this color I agree Fabio it really attracts the eye more than the critical ones actually that's the side effects what I do do Lou could work we use blue for other elements yellow won't work because you can't see it especially in these tags so that's why we went from orange to purple or I'm assuming G2 wins again this is based on G2's color like color scheme and I like it I like the way that like medium it does pop a little bit you're right it is also in the center that doesn't help and when you're looking between yellow and red purple does pop off so we don't have a good color for it is currently the answer have we have we also checked for color blindness just saying I yes I have this emulation now open and it seems okay the difference between low and high is not that good but otherwise it looks rather good okay anyway so sorry but just to you know I don't want to cut the conversation but I think that the problem is clear that the problem that the topic is clear so Andy can dig a little more on that and I feel not speaking behalf of frontend people but that if we have to adjust the colors and we know it in two days or three days it will not be a very dramatic change so we can allow Andy to do some research and to check if the color is fine okay perfect one last comment on this regarding the date colon it's kind of confusing to me because in security we have different dates it could be the the first time when we spotted the issue it could be the last time when we spotted the issue it could be a lot of things so we need to be the disclosure date but we don't I would remove it because currently we don't have a variable information so we don't we don't need it yeah we need it but we need it you don't have it but we don't have the information and if we had information we would need to be more precise than that so in this first iteration I would remove the date completely I love everything we did need yeah I guess so and I'm considering also if we need to show the confidence probably yes because we are sorting but yes should it be a full column you know a dedicated column for it we need a column for the project anyway so oh no it can be under the name I think the the five path doesn't bring any value at the group low who on the group will be down to the code itself I mean if you and if you and the vulnerability you will have the model and then you will have a lyric link to the to the fire ready so I think we could leverage that line to provide some more useful information like the project name maybe some identifiers and things like that that's a very good idea I like it and we can add the more information in the future if we feel that they are very important what do you think Andy yes I saw that you mentioned that in the issue too as well of you which is good I think just try to think of what happens when you want to sort by project oh you'll see it yeah I'm just trying to think if you need a column for project because you're sorting by something or sorry filtering by it yeah I don't think you do you don't need the column because you will not click on the column header to filter or to sort that you use that the drop-downs so it just results will be filter and you see in all the lines the same project name but that's what was expected so my last question here is do we need the confidence column or I can we since sometimes I don't know I just want to save some space I don't know if it's needed or not but can't we add the confidence information in the bottom line in the second line just I don't know project name and confidence just I don't know I will look like but the issue is the value of confidence is not meaningful by itself you have to prefix it with confidence so this might take some more space there so it's maybe an issue you mean you need to specify that is confidence yeah because if you just put low or high we don't know what it's about no obviously you should boost the confidence low so okay I'm fine having a separate column for it and if possible obviously the project name should be a link to the project I'm just wondering maybe the security dashboard that project level at this point not the project on page because it's also missing we're also missing the project link from the model so instead of fire it probably should say like like a full path you know like project and then the file or something so like like a full full link so to say yeah just having another another item project with the link yeah or another yeah and the challenge here for the project is what about subgroups we should be you know we should support the subgroups as well MVC yes MVC you mean that we don't support subgroups no I think we would just include all subgroups but we don't support like subgroup filtering for example right that supporting all the projects in any subgroup would be awesome for an MVC yeah I mean because you basically just have just have to iterate over the whole group over all project in the group and each project in a subgroup also belongs belongs to the top-level group right I don't know how the background code is structured I'm just assuming it's just a transitive relationship so it's okay I just want to avoid the problem we had with the labels at the group level that were not propagating to subgroups and so if we can manage everything here it's fine if we cannot go deep into a subgroup that will be improved later but if you can do in the MVC absolutely fine with it and then I agree you don't have to filter by subgroup but that is challenging probably what you want to visualize in the project drop down so how to render but probably it's the same when you move an issue to a different trip or you can have you know the group slash the project name so we just remember to do a lot of you know visual testing with subgroups in order to figure out if it's working and if it's looking understandable at least if not nice okay the one other thing is do we want to have a title for this page just to state that is a security dashboard I know that probably something we are not doing anywhere else no we're not doing with anywhere else but I was thinking because we said that the boxes are not dynamic maybe we should have like an horizontal rule line thingy or something or like an like a sentence that says these are all the things and you can search them here so just to differentiate all space or however that you really because it's not interacting with each other now at the moment we should probably have some yeah yeah it makes a sort of header at the top the numbers yeah and also I was wondering if we have the project now under the vulnerability if it makes sense to switch to both drop downs so that we have severity project confidence because it matches the order in the in the table and just a general question because I don't think we have such interactive lists right now like used in GitLab or I can't think of any because if you have an issue list it's not that interactive you have to open the single issue right and I understand why we have the models in a merge request but in a previous endeavor I always found out that models can be a bit annoying have we ever thought about like opening a sec like that you can open the whole thing and that the instead of a model the details are like in a extensible row yeah just just in general we don't have to do it for MVC because we have the models already in place but I was wondering if this is something your ex is ever thinking about you know I like instead you know because you open a model you have to close it and if you open and if you're in front of critical if there would be a small thing to open and close it you could open it see are that's that vulnerability and close it right away you don't have to move the occurs or all the way and stuff like that you know no I totally agree yeah just an idea yeah yeah collapsing lists already so yeah and also takes away the pain with dual controls because then you also already have the controls in the in the original row and in a details row you don't have to read the controls for dismissing and approving and stuff like that dismissing and yeah what's the other thing creating issue also it seems that's also for I know doesn't matter yeah yeah okay getting sidetracked but that could be a thing for next version or absolutely that's totally appreciated and now that we have these awesome design the question is how can we make it real do not much that's talking about that the question is do we have the information available into the database in order to have all of them without parsing the artifacts and the second question is how can front and then back end you know exchange the information in the proper way how that the front end in your opinion Lucas could be struck or can we reuse something existing that is putting limitations into our choices so I just had a look and basically the issues and merge requests because I looked at the previous layout with the search bar with the awesome search bar we have there and these lists are still rendered in Hamel so they're not touched in view I mean the drop-downs yeah we have drop-downs several so we could reuse that but I don't know about the pagination if we would do and that's something I have to talk with the front-end maintainers if we want to do the pagination here on the front-end side so that everything is via Ajax or if we do it on the on the back-end side like the normal Ruby page in page nation I don't know what the best course of action would be here yeah if the pagination is an issue can we have you know long list and have this kind of more and you just pile on the in the page not sure if it's easier for you or not not familiar with both because I have I didn't have to create anything with it yet so I will find out what the best is I don't think if you have 3,500 issues the vulnerabilities that an endless crawling list is the best thing but I have to check out whether we have pagination already available in view so that you can use the API properly because I think we want to go API first and once we build it API we should also build it in the public API or are you planning on building it in the non-public API way what's the plan I think that yeah there is no plan at the moment that I don't feel strong reasons to have it not in the public API I don't know that the latest you know agreement between front-end and back-end about the usage of public APIs or not but I feel that this feature could be useful for you know building integrations without a starter so someone else could be in the lab to get this information so it's good to have not a priority obviously not in the NBC but APIs are always okay the yeah and other than that I don't think we have too much I mean we can reuse the model obviously we already have the model in place so we don't have to deal with that so we basically have to implement two things on the front-end side we have to implement the top which does one request interest renders the rent renders all the summary and then we have to have a paginated API where we can do all the filtering I mean at the moment I'm only seeing filtering by type like dependency scanning fast and so on severity project and confidence and whether a thing is dismissed I don't know if it's possible to get around with the dismissed thing or because it will mean more work on in the back-end right because the dismissed is currently in a different place in the database or it's not an issue okay no it's fine yeah okay cool yeah so I think that's completely possible for NBC here yeah I just have one warning if you want to do it in the public API it has more constraints that just a standard controller even if it just use a similar API I mean we can we can provide the data the exact same way but putting it in the public API would add more work for us because we never did that before so we have to check the constraints about doing so the documentation and we have to keep in mind that once we publish it there we have to maintain it so if you want to later do some changes we will have to maintain back about compatibility do we have a way to create beta endpoints I mean that we say okay we're creating that beta endpoint and the public API and we also want you know user feedback from that new public API or whatever and then three releases later say this is like the version we are hammering in or do we have other than that I would say put it in the private API but maybe in a way so that it can be moved easily to the public API once we stabilized on the on the API itself on the scheme schema sorry yeah from the back-end size just a matter of where you put the file for the controller just that but what and once on one place you have a lot of things to work on like documentation how did they do it with the JUnit reports are they now public API right right off the bat or is it I don't think so I think it's just endpoint for on the measure request private controllers okay and maybe go private and keep in mind to open it up maybe I can look at it if I have some spare time but I won't go that way first can we just we're just rewind a bit I want to to wrap it up on the UX part because I think we're really close to have something UX ready but that we are missing one part in this is the interactions it's not of use to me what this UI will hold it this UI will behave when I for example when I click on this miss vulnerability what is going to happen are we going to strike through the vulnerability are we going to update the contours on the top well I don't think we would update the counters because the counters would be still the same right odd it's a question do we count this missed vulnerabilities if I have ten vulnerabilities that are critical and I click on them and this miss them if they're still in the contours that means I will have to reload again and again counter counters should not have vulnerabilities that are that mean dismissed like we are changing if I remember correctly Lucas in this iteration in the reports so we are not counting them anymore in the in the month we want to show them because people should be aware of it and it's the only way to I'm not this miss think for now at least but I want to see zero if I dismiss everything because for me they are not valid they are not real vulnerabilities anymore yeah I was I was about to say the same thing if I dismiss availability I would assume that the counter on decrements otherwise it's a bug yeah otherwise it's but it's it's I get more work on the on the front and so on to make sure that it's not an issue if we if we do that so you mean the updating the counters yeah yeah it would be no issue because we can just trigger reloading the data from the back end and I mean if you yeah the other spot will be to end of the row because if you want to strike through and move it at the end of the page that means you will have to remove that through and load another one but also now I don't think so I think so we would I think we would go like with the baby to do is if you dismiss it it will be strike through and if you reload the page will be in the end because if you dismiss it you want maybe it was an accident and you want to undismiss yeah right away you have to go find it in the end of the list exactly so yeah totally makes it as we don't have like a text search it would be really hard to find the vulnerability in the thousands right also we might know we can have like in Jimmy you have a small tooltip with undo yeah that should be like I love the Gmail feature to undo things can I click on the the metrics that are on the top of the page not in this version the summary you mean you the numbers they are not cricket but just to make sure that is probably the same as filtering by severity yeah we have the functionality but we can improve it later just clicking not to have a shortcut but we are not adding a new functionality there so another question though regarding the numbers do we I mean we don't in the summary in the top we don't count it do we count it in the bubbles behind the dependency scanning and such or because for me it will be completely confusing if the thing says you have zero sars vulnerabilities but you click on it and you see all dismissed once yeah that's a good point I mean may adjust an idea because we have this dismissed button could we also have dismissed button whether you show them know not just counts that would be the behavior I expect because if I don't want to see this missed vulnerabilities I will just toggle the thing off and yeah make sense but it should impact only the you know the small bubbles with the numbers that the top one that the summary once will never consider dismissed okay yeah make sense and if we are not having more than dependency scanning for the first iteration probably don't want to have the tabs that would be sass oh sass is the first candidate so okay so do we want to have the sass tab and so we have all sources and sass that are excelled the same or can we just choose one of the two in order to avoid people to you know wondering what's the difference between the two shouldn't we shouldn't we then just put a notice and and the top and said at the moment it only supports us nice I mean it's not a very good-looking thing about I'm open to I mean we could also just call it security dashboard and in hyphen and in brackets we can call sass and once we add the other ones we will just remove I never I never saw any kind of you know limitation and answer the into the product itself I don't think it's one of our patterns so I'm quite you know not saying no but probably is to know me not not the best option anyway not you know something that you can figure out I would leave that in there just sass in the first in the first place as a top and the other tabs could be there but just in gray and if really we can do that we can also could have the empty at illustration thingy which we have on other pages if you go there and you know I I really don't think so I saw empty stages is one of my next question so and that's the boring you know think we need the empty states that we need loading states and this kind of you know standard states transitional states if you put an empty state or a grayed out thing it means that the feature is existing and you are expected to have something and you have nothing for this specific instance I know to say this dashboard but if we know in advance that you will never see something because the feature is not even implemented it's confused may be confusing for users to see sass that zero no sorry sass would be the one container scanning zero they may expect okay I cannot click but there are no vulnerabilities for container scanning then you go at the project level and you find that you have 1000 if you just disable the tab and you have an over with a tooltip saying that it's not implemented yet and it's going to be in the next release speaking I don't like it because it's not let's say it's not something that is the gilab a current pattern but I think that's what we do we had to use pattern like that I did it out of DevOps thing yesterday but I showed all the DevOps and Kubernetes and stuff and there we have like beta things all over the place and we just plainly write this is not should not be it's not bit anymore so no I mean but on some specific things I already saw it and I think it would be completely safe in settings in settings I say yes but I don't know in the in the feature itself because you know this is the user-facing part in the settings you may expect to see some additional but anyway maybe and you know only do us we should transport the message that it's only is asked for the moment right again that's just we have one tab that is named sass but I don't know why you don't see the others yeah I will help you to decide because we have to deal with that anyway even if the features are ready because what if your project doesn't have configured desk do you want to have the desk column always showing yeah that's a good point so we have to decide whether we want to be static or dynamic based on project configuration and this is a part right now that was going to suggest that let's implement at least two so we don't have the problem but the problem that's the easy solution you know just remove that line at all and yeah we sorry we just have seven minutes left so I just want to be sure that we are covering almost everything so I feel that maybe Andy could try to understand a good ux to you know manage if you lack one report if you miss one report if you don't have it because we are not implementing it yet so so then Andy I just want to be sure you put a note about empty states transition states so just to you know they are near that point I have the feeling that we have covered everything there and we are really close we have something UX ready right oh I think so I think it's just what we want to say here it seems like Fabio is against saying anything that hints at us not being ready and then some other people feel like there's I have a good a good point on this if you look at the pipelines page and you know we have now security reports and license management and those tabs the pipeline view are shown only if you have the report otherwise but you have other you have other tops there that's the point if I'm UX perspective it makes no sense to show a tabbing interface if there will always be one top it makes no sense you know because if you just have the pipeline I know baby because you have pipeline and jobs maybe I'm not sure if you don't have any report if you have just one tab or multiple tabs no you always have more than one tab on the pipeline's page hundred percent sure okay anyway Andy something probably you can figure out I think that is blocking the start of the development even if it takes a couple of days to to be figured out to be fine so just back on you Fabian and Olivier do you feel that everything we just agreed on is doable with the current structure of the database that you worked on yeah I would say we've got everything in the database and it's even bigger than it was because the the location has been replaced with the the name of project which is already in the database whereas the location the full location is part of a JSON blob so it's it's a bit better we've got everything pretty sure maybe I should take the time to check that um Olivier I think there is someone behind you yeah there's some thumbs up all the time yeah she agrees with that oh yeah so next steps probably are for Andy to you know address all the the questions that we put there sorry there are a lot about at least we should be covering everything and come with the final proposal let's say proposal but would be probably the final version as soon as possible even because we may need the design for you know the announcement and these kind of things so maybe it's a good idea to push this one I don't know whatever is it just update the current one in the issue that is worse than that this one and then you can iterate on top of the design so it's not too extreme yet but at least it's very near to and then on I know that the merger quest about the database tractor is having you know so hard times to to be finished and merged I already asked Camilla to work closely with you we should have an answer about his availability later today so I hope that he will help us in this story as part of you know the team and if we can agree an API between front and the back end and just you know ensure that information in the API will be available by the database it's be awesome and the front end could be a little unrelated you know and unlinked by the back end and so development can start as soon as possible yeah just just one more question so that's the name of the project like here secret products and I don't know where it's ready to raise the browser when we click on the link I've got a bit many ideas in that but what should be your answer Andy to me it would make sense to redirect to the project itself so it could be the security dashboard of the project in the particular context of that particular issue we could even redirect to in the case of SAS and we could redirect to the exact file and exactly where it's if I may stop you there because Fabio said before that if you click on the vulnerability name you open the model and if you click on the other thing and you go somewhere else I think it's a bit confusing because both links on the same column and the same oh great yeah it's even better yeah great maybe just maybe just have to link to the project to open the project in the model and then yeah but then it should but you're right you still need to define where to go if you click the project yeah but then it shouldn't be the model yeah yeah the color should be the same all black maybe the grayish one I mean yeah exactly yeah okay any other last moment comment otherwise there is an FGU starting one minute and I feel you're all excited by this feature a lot of work to do but and I will push a little you know to gather sometimes updates and to ensure that everything is working as the as fine and we are not blocking or waiting for something so I will try to be you know a little project management helper so we will go to success for this feature and thank you really thank you to everyone for your availability and we'll wait for the new mock-up to be there and be free to discuss about a meeting for the rest we just cover the first point and we have two other points the source of information and API can we do a same meeting tomorrow or the same time could you schedule it it's more an engineering story so you can do we use the same document because I would know okay okay because I'm going to write down an API proposal beforehand from the front-end perspective like a really top level I think that that is better to use the issue itself or if it's a very no proposal you don't want to share until it's validated please create a new document and then put in the issue it should be in the end as soon as it's a good shape okay thank you very much everyone