Support Filtering by "Active" Flag on Component & Vulnerability Projects Listing

[msymons]

Current Behavior:

Dependency-Track v3.6.0 introduced the active bit/flag (#399), whereby projects can be configured as inactive and then are hidden from display by default, with projects screen displaying a checkbox "Show inactive projects".

The functionality works and is useful.

However, inactive projects are displayed (not filtered out) on:

• Component screen -> Projects tab
• Vulnerability screen -> "Affected Projects" listing

Proposed Behavior:

Filter out inactive projects by default from:

• Component screen -> Projects tab
• Vulnerability screen -> "Affected Projects" listing

..and add "Show inactive projects" checkbox to these screens,

Here's one use case, for the Component screen:

• 120 projects. 60 use component XXX and 60 use component YYYY
• It is trivial to filter (and count) projects using XXX and YYY in in Dependency Track 3.6.1
• We need to update projects to migrate XXX to YYY
• However, some of the projects are not deployed (ie, are inactive) and do not need to be counted (or updated) when looking at XXXX.
• Hence, with the help of the active bit, the count of 60 might drop to (say) 40.

[muellerst-hg]

We are very interested in this feature because it would improve UX for our daily work.

Our approach is to create a clone of a project for each release, bumb the version and set the old project versions to inactive. This allows us keep track of the full project history. Filtering inactive projects allows us to focus on the latest release. However the filtering capability is yet missing in components and vulnerabilities view.