Add View to list latest vulnerabilities and policy violations of all projects #1770
Labels
enhancement
New feature or request
Milestone
Comments
2 tasks
|
UI proposal, addressing this as part of DependencyTrack/frontend#349. Maybe tab names need to add "Vulnerabilities ...", so another tab could be added for policy violations. But roughly this would be a great improvement for my work:
|
This was referenced Feb 8, 2023
This was referenced Mar 12, 2024
|
@rkg-mm With both global audit PRs merged now, can this issue be closed? |
|
Yes, thanks! |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Behavior:
I am responsible for security questions in all of our projects, including tooling like Dependency-Track and PSIRT process. Even though projects should typically handle things on their own, I shall have an overview of ongoing stuff and monitor new vulnerabilities to speed things up for urgent stuff.
Additionally, we soon want to use Dependency-Track for license violations, where also someone central shall have an overview and check the violations if they can be accepted or not.
Currently, I have a mail notification for myself to get informed about new vulnerabilities, but a single vulnerability can trigger several mails for several projects, so with increasing number of projects (and partly also for projects split into several sub-projects) this is getting messy and hard to overview.
Proposed Behavior:
I would appreciate a view or dashboard which shows latest activities regarding newly found vulnerabilities. Ideally a list sorted by occurrence which covers all projects in one list, listing the issues, project name, project version, component name, component version, occurrence date, criticality, current status (e.g. suppressed or not). Maybe a possibility to text-filter over the list to e.g. focus on specific component names or project prefixes.
Additionally, the same would be useful for policy violations. Here project name, project version, component + version, license type, policy name, occurrence date, status would be helpful.
Could be the same list with options to filter for policy and/or vulnerability, or separate lists.
An option to list every project only once (so that 20 versions of the same projects only generate 1 entry) would be helpful too. And a quick filter to only show active projects should be enabled by default.
The list should show only projects for which I do have permissions for sure.
The text was updated successfully, but these errors were encountered: