-
-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "Show in Dependency-Graph" Button in "Affected Projects" List #2942
Add "Show in Dependency-Graph" Button in "Affected Projects" List #2942
Conversation
Adds the new transient attribute ´affectedComponent´ to the ´Project´ class which allows the Frontend to link from the ´Vulnerability - Affected Projects´ tab to the project's dependency graph with the affected component being highlighted Signed-off-by: RBickert <rbt@mm-software.com>
Signed-off-by: RBickert <rbt@mm-software.com>
…ected-projects Add "Show in Dependency-Graph" Button in "Affected Projects" List
@nscuro any reason for not merging this? |
@rkg-mm No particular reason other than me overlooking it. I'll have a look in the coming days. Thanks for the ping. |
@nscuro ok thanks, just wanted to make sure we didn't miss something :D |
I think there is a caveat here: The modified endpoint returns projects affected by a given vulnerability. It is possible that multiple components in a project are affected, but this implementation does not cover this case and will only ever yield a single component per project. Few options I see:
|
@nscuro you are right. Which solution do you prefer? |
@rkg-mm I would love to see the former option, as the other can be confusing. But have not looked into how much effort it is to support this in the dependency graph view. |
@nscuro I think these are probably all the steps necessary to implement the new solution: Backend
Frontend
I think this would probably need 1 or 2 days to implement, but unfortunately I currently cannot allocate my time to implement this myself. |
Thanks for those details @rbt-mm, very helpful! We also can't work on this within the 4.10 milestone, but should be able to in 4.11 if needed. I'm thus pushing this to 4.11. |
Description
This PR adds the
Show in Dependency-Graph
button to the every project in theAffected Projects
tab of a vulnerability, but only if the affected project has a dependency graph.Clicking the button redirects the user to the projects dependency graph and highlights the affected component.
Addressed Issue
DependencyTrack/frontend#533
Additional Details
Frontend PR: DependencyTrack/frontend#573
Checklist
- [ ] This PR fixes a defect, and I have provided tests to verify that the fix is effective- [ ] This PR introduces changes to the database model, and I have added corresponding update logic- [ ] This PR introduces new or alters existing behavior, and I have updated the documentation accordingly