Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global Audit View: Policy Violations #3544

Merged
merged 11 commits into from
Sep 24, 2024
Merged

Global Audit View: Policy Violations #3544

merged 11 commits into from
Sep 24, 2024

Conversation

rbt-mm
Copy link
Contributor

@rbt-mm rbt-mm commented Mar 12, 2024
edited
Loading

Description

This PR enhances the /violation API endpoint in the backend to filter the result by ACL and also allow the use of several filters.
This enhancement makes it possible to quickly get all policy violations for one's projects and also to only show relevant violations by filtering them as needed. It can either be used directly via the API or through the new Policy Violations Audit view, which is introduced in the frontend PR.

Addressed Issue

#1770

Additional Details

Requires the VIEW_POLICY_VIOLATIONS permission.

image

image

Checklist

  • I have read and understand the contributing guidelines
    - [ ] This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
    - [ ] This PR introduces changes to the database model, and I have added corresponding update logic
    - [ ] This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

rbt-mm and others added 5 commits March 11, 2024 10:55
@rbt-mm
Global Audit View: Policy Violations
138691d 
Enhances the `getViolations` method in `PolicyViolationResource` to
filter the result by ACL and to also allow the use of additional
filters, so that a user can get more specific results.

Signed-off-by: RBickert <rbt@mm-software.com>
@rbt-mm
Add test for PolicyViolationResource
dcf1000 
Adds a new test for `PolicyViolationResource` which tests the filtering
by ACL of the newly enhanced `getViolations` method

Signed-off-by: RBickert <rbt@mm-software.com>
@rbt-mm
Include unresolved license in filter
9269a99 
Signed-off-by: RBickert <rbt@mm-software.com>
@rbt-mm
Revert changes to preprocessACLs
57c785b 
Signed-off-by: RBickert <rbt@mm-software.com>
@rbt-mm
Merge pull request #22 from rbt-mm/rbt-global-audit-view-policy-viola…
43a34e2 
…tions

Global Audit View: Policy Violations
@rbt-mm rbt-mm mentioned this pull request Mar 12, 2024
Merged
1 task
@codacy-production Codacy Production
Copy link

codacy-production bot commented Mar 12, 2024
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.23% (target: -1.00%) 84.54% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (ab9d19d) 21946 17265 78.67%
Head commit (1caf0d4) 22047 (+101) 17395 (+130) 78.90% (+0.23%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#3544) 97 82 84.54%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@rbt-mm
Copy link
Contributor Author

rbt-mm commented Mar 12, 2024

@nscuro Could this feature also be added to the current milestone so that it will be released alongside the other global audit view (#2472)?

@rbt-mm
Remove leftover comment
ee69982 
Signed-off-by: RBickert <rbt@mm-software.com>
@rbt-mm
Add tests for policy violation filters
5138276 
Signed-off-by: RBickert <rbt@mm-software.com>
@rbt-mm
Remove unused import
4064faf 
Signed-off-by: RBickert <rbt@mm-software.com>
@nscuro nscuro added the enhancement New feature or request label Apr 3, 2024
@nscuro nscuro self-requested a review April 3, 2024 09:11
@nscuro nscuro added this to the 4.12 milestone May 9, 2024
rbt-mm and others added 2 commits September 17, 2024 16:18
@rbt-mm
Merge branch 'master' into master-global-audit-view-policy-violations
ebfb388 
Signed-off-by: rbt-mm <113189967+rbt-mm@users.noreply.github.com>
@rbt-mm
Fix merge errors
5bd46d6 
Signed-off-by: Richard Bickert <rbt@mm-software.com>
nscuro
nscuro requested changes Sep 22, 2024
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just a minor issue with resource method annotations.

src/main/java/org/dependencytrack/resources/v1/PolicyViolationResource.java Outdated Show resolved Hide resolved
@rbt-mm
Fix parameters in PolicyViolationResource
1caf0d4 
Signed-off-by: Richard Bickert <rbt@mm-software.com>
@nscuro nscuro merged commit eada3c4 into DependencyTrack:master Sep 24, 2024
11 checks passed
@sahibamittal sahibamittal mentioned this pull request Oct 9, 2024
Open
2 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
4.12
Development

Successfully merging this pull request may close these issues.
2 participants
@rbt-mm @nscuro