frontend icon indicating copy to clipboard operation
frontend copied to clipboard

Published 20 hours ago verified publisher icon DependencyTrack

Vulnerabilities: Filter out where "Projects = 0"

Open msymons opened this issue 3 years ago • 5 comments

Current Behavior:

With a totally fresh install of Dependency-Track 4.2.2, the Vulnerability page very quickly "fleshes out" to display more than 125k rows. This provides a usability issue with getting an overall view of "what is affecting me".

Proposed Behavior:

Provide a checkbox similar to the " Show inactive projects" displayed on the Projects screen. The checkbox would act to include/exclude all vulnerabilities that have 0 affected projects, with the suggested default being to exclude. This would reduce the displayed listing from 125k to a (hopefully) a nice low number. Even if there 1000 vulnerabilities it would still only take 10 clicks to navigate from beginning to end with display set to 100 per page.

One use case for this suggested functionality is that it would make it possible to sort vulnerabilities by "Published" and then simply scroll down to see the most recent vulnerabilities to appear in the portfolio. Useful should notifications be unconfigured (or directed to the wrong people, etc).

msymons avatar Aug 01 '21 17:08 msymons

If bootstrap table is updated to 1.19.1 custom buttons are supported on the tables.

Though this may require a backend change to support the query. If this is possible to filter would someone be able to tell me the required parameter for the api/v1/vulnerability endpoint? If depending on how the query is populated it may not be possible to add that without a backend change.

I can have a go at making some proposed UI for applying additional features with some quick buttons for parameters like this.

sekwah41 avatar Jan 22 '22 03:01 sekwah41

Changes to the backend would need to be made. Specifically, a check to see if the vulnerability contains components or services. If either one are true, then the vulnerability would be part of the DB response.

stevespringett avatar Jan 22 '22 04:01 stevespringett

I thought that may be the case. Ill take a look at some of the other UI issues and possibly come back to this as it would be quite useful in the cases as @msymons mentioned.

sekwah41 avatar Jan 22 '22 13:01 sekwah41

To chime in, it would also be nice to be able to sort on the number of projects affected

eriweb avatar Jan 24 '22 07:01 eriweb

I've had a pr merged now which would make the UI changes possible due to upgrading the table library. The old version didn't support custom buttons properly and I spent a good hour trying to debug why they wouldn't even begin to show before seeing the documentation was outdated :sweat_smile:

sekwah41 avatar Jan 26 '22 00:01 sekwah41