Add View to list latest vulnerabilities and policy violations of all projects

[rkg-mm]

Current Behavior:

I am responsible for security questions in all of our projects, including tooling like Dependency-Track and PSIRT process. Even though projects should typically handle things on their own, I shall have an overview of ongoing stuff and monitor new vulnerabilities to speed things up for urgent stuff. Additionally, we soon want to use Dependency-Track for license violations, where also someone central shall have an overview and check the violations if they can be accepted or not.

Currently, I have a mail notification for myself to get informed about new vulnerabilities, but a single vulnerability can trigger several mails for several projects, so with increasing number of projects (and partly also for projects split into several sub-projects) this is getting messy and hard to overview.

Proposed Behavior:

I would appreciate a view or dashboard which shows latest activities regarding newly found vulnerabilities. Ideally a list sorted by occurrence which covers all projects in one list, listing the issues, project name, project version, component name, component version, occurrence date, criticality, current status (e.g. suppressed or not). Maybe a possibility to text-filter over the list to e.g. focus on specific component names or project prefixes. Additionally, the same would be useful for policy violations. Here project name, project version, component + version, license type, policy name, occurrence date, status would be helpful.

Could be the same list with options to filter for policy and/or vulnerability, or separate lists. An option to list every project only once (so that 20 versions of the same projects only generate 1 entry) would be helpful too. And a quick filter to only show active projects should be enabled by default.

The list should show only projects for which I do have permissions for sure.