frontend icon indicating copy to clipboard operation
frontend copied to clipboard

Published 20 hours ago verified publisher icon DependencyTrack

Add Policy Violations Column to Projects Page

Open msymons opened this issue 3 years ago • 4 comments

Current Behavior:

The Projects page offers the following columns:

  • Project Name
  • Version
  • Last BOM Import
  • BOM Format
  • Risk Score
  • Active
  • Vulnerabilities

ie, no display of policy violations

Proposed Behavior:

Add a sortable "Policy Violations" column to the page. This will make it easy to perform tasks such as:

  • Sort by risk and check for low policy violaton count... which may be an indication that policies are incorrectly configured.
  • Sort by policy violation count to see the worst offending projects. When policies are "mature" then these projects should perhaps be focused on first.

Note that a simple count of total violations would include License and Operability Risk... so maybe a bit more nuance might be needed.

msymons avatar Sep 01 '21 23:09 msymons

While all the data is there to visually add them, to sort them I think would require a backend change to store the policy violations total to store a value like lastPolicyViolationsTotal.

I suggest copying the visuals from the vulnerabilities tab and then using a tooltip to allow users to hover over to get more information about it.

{
  policyViolationsAudited: 0,
  policyViolationsFail: 0,
  policyViolationsInfo: 0,
  policyViolationsLicenseAudited: 0,
  policyViolationsLicenseTotal: 0,
  policyViolationsLicenseUnaudited: 0,
  policyViolationsOperationalAudited: 0,
  policyViolationsOperationalTotal: 0,
  policyViolationsOperationalUnaudited: 0,
  policyViolationsSecurityAudited: 0,
  policyViolationsSecurityTotal: 0,
  policyViolationsSecurityUnaudited: 0,
  policyViolationsTotal: 0,
  policyViolationsUnaudited: 0,
  policyViolationsWarn: 0
}

Ill make a preview using Info #20a8d8, Warn #ffc107 and Fail #f86c6b

As having too many different colours may get a bit confusing to be useful information for all of the fields.

I was thinking the violation types may be good originally but then wed need colors to represent violation types which I don't believe there are.

sekwah41 avatar Jan 22 '22 15:01 sekwah41

Proposed view when hovering

image Just to also make it a little clearer.

Can add the extra detail shown above to the hover if wanted.

sekwah41 avatar Jan 22 '22 17:01 sekwah41

I think this is complete following #111?

mykter avatar Dec 22 '23 20:12 mykter

I do not think that it is complete yet because, although we do not have a "Policy Violations" column on the Projects page, the column is not sortable and thus hard to work with.

msymons avatar May 06 '24 15:05 msymons