Support for summarized and scheduled notifications

docs/_docs/integrations/notifications.md

@@ -61,16 +61,18 @@ multiple levels, while others can only ever have a single level.
 A notification publisher is a Dependency-Track concept allowing users to describe the structure of a notification (i.e. MIME type, template) and how to send a notification (i.e. publisher class).
 The following notification publishers are included by default :
 
-| Publisher  | Description                                         |
-|------------|-----------------------------------------------------|
-| Slack      | Publishes notifications to Slack channels           |
-| Teams      | Publishes notifications to Microsoft Teams channels |
-| Mattermost | Publishes notifications to Mattermost channels      |
-| WebEx      | Publishes notifications to Cisco WebEx channels     |
-| Webhook    | Publishes notifications to a configurable endpoint  |
-| Email      | Sends notifications to an email address             |
-| Console    | Displays notifications on the system console        |
-| Jira       | Publishes notifications to Jira                     |
+| Publisher         | Description                                                                                    |
+| ----------------- | ---------------------------------------------------------------------------------------------- |
+| Slack             | Publishes notifications to Slack channels                                                      |
+| Teams             | Publishes notifications to Microsoft Teams channels                                            |
+| Mattermost        | Publishes notifications to Mattermost channels                                                 |
+| WebEx             | Publishes notifications to Cisco WebEx channels                                                |
+| Webhook           | Publishes notifications to a configurable endpoint                                             |
+| Email             | Sends notifications to an email address                                                        |
+| Console           | Displays notifications on the system console                                                   |
+| Jira              | Publishes notifications to Jira                                                                |
+| Scheduled Email   | Sends a summary of all subscribed events since last notification to an email address           |
+| Scheduled Console | Displays a slim summary of all subscribed events since last notification to the system console |
 
 ### Templating
 
@@ -96,7 +98,7 @@ The template context is enhanced with the following variables :
 > subject will be present at all times. Some fields are optional since the underlying fields in the datamodel are optional.
 > The section below will describe the portfolio notifications in JSON format.
 
-#### NEW_VULNERABILITY
+#### NEW_VULNERABILITY (per event)
 This type of notification will always contain:
 * 1 component
 * 1 vulnerability
@@ -160,6 +162,96 @@ This type of notification will always contain:
 
 > The `cwe` field is deprecated and will be removed in a later version. Please use `cwes` instead.
 
+#### NEW_VULNERABILITY (scheduled summary)
+
+```json
+{
+  "notification": {
+    "level": "INFORMATIONAL",
+    "scope": "PORTFOLIO",
+    "group": "NEW_VULNERABILITY",
+    "timestamp": "2024-05-16T23:26:22.961",
+    "title": "123 new Vulnerabilities in 45 components in Scheduled Rule 'ABC'",
+    "content": "Find below a summary of new vulnerabilities since 2024-05-16T00:00:00Z in Scheduled Notification Rule 'ABC'.",
+    "subject": {
+      "overview": {
+        "affectedProjectsCount": 7,
+        "newVulnerabilitiesCount": 123,
+        "affectedComponentsCount": 45,
+        "suppressedNewVulnerabilitiesCount": 0,
+        "newVulnerabilitiesBySeverity": {
+          "CRITICAL": 13,
+          "HIGH": 24,
+          "MEDIUM": 56,
+          "LOW": 10,
+          "INFO": 17,
+          "UNASSIGNED": 3
+        }
+      },
+      "summary": {
+        "projectSummaries": [
+          {
+            "project": {
+              "uuid": "6fb1820f-5280-4577-ac51-40124aabe307",
+              "name": "Acme Example",
+              "version": "1.0.0"
+            },
+            "summary": {
+              "newVulnerabilitiesBySeverity": {
+                "CRITICAL": 3,
+                "HIGH": 4,
+                "LOW": 2,
+                "INFO": 7
+              },
+              "totalProjectVulnerabilitiesBySeverity": {
+                "CRITICAL": 35,
+                "HIGH": 57,
+                "MEDIUM": 13,
+                "LOW": 105,
+                "INFO": 23,
+                "UNASSIGNED": 13
+              },
+              "suppressedNewVulnerabilitiesBySeverity": {
+                "HIGH": 2,
+                "LOW": 5,
+                "INFO": 1
+              }
+            }
+          }
+        ]
+      },
+      "details": {
+        "projectDetails": [
+          {
+            "project": {
+              "uuid": "6fb1820f-5280-4577-ac51-40124aabe307",
+              "name": "Acme Example",
+              "version": "1.0.0"
+            },
+            "findings": [
+              {
+                "componentUuid": "4d0da61c-b462-4895-b296-da0b4bb34744",
+                "componentName": "axis",
+                "componentVersion": "1.4",
+                "componentGroup": "apache",
+                "vulnerabilitySource": "NVD",
+                "vulnerabilityId": "CVE-2012-5784",
+                "vulnerabilitySeverity": "MEDIUM",
+                "analyzer": "OSSINDEX_ANALYZER",
+                "attributionReferenceUrl": "https://ossindex.sonatype.org/vulnerability/CVE-2012-5784",
+                "attributedOn": "2024-05-16T12:34:39Z",
+                "analysisState": "IN_TRIAGE",
+                "suppressed": false
+              }
+            ]
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
 #### NEW_VULNERABLE_DEPENDENCY
 This type of notification will always contain:
 * 1 project
@@ -324,7 +416,7 @@ This type of notification will always contain:
 }
 ```
 
-#### POLICY_VIOLATION
+#### POLICY_VIOLATION (per event)
 
 ```json
 {
@@ -368,6 +460,93 @@ This type of notification will always contain:
 }
 ```
 
+#### POLICY_VIOLATION (scheduled summary)
+
+```json
+{
+  "notification": {
+    "level": "INFORMATIONAL",
+    "scope": "PORTFOLIO",
+    "group": "POLICY_VIOLATION",
+    "timestamp": "2022-05-12T23:07:59.611303",
+    "title": "2 new Policy Violations in 2 components in Scheduled Rule 'Policy Guard'",
+    "content": "Find below a summary of new policy violations since 2022-05-12T00:00:00Z in Scheduled Notification Rule 'Policy Guard'.",
+    "subject": {
+      "overview": {
+        "affectedProjectsCount": 1,
+        "newViolationsCount": 2,
+        "affectedComponentsCount": 2,
+        "suppressedNewViolationsCount": 0,
+        "newViolationsByRiskType": {
+          "LICENSE": 0,
+          "SECURITY": 0,
+          "OPERATIONAL": 2
+        }
+      },
+      "summary": {
+        "affectedProjectSummaries": [
+          {
+            "project": {
+              "uuid": "7a36e5c0-9f09-42dd-b401-360da56c2abe",
+              "name": "Acme Example",
+              "version": "1.0.0"
+            },
+            "summary": {
+              "newViolationsByRiskType": {
+                "OPERATIONAL": 2
+              },
+              "totalProjectViolationsByRiskType": {
+                "LICENSE": 5,
+                "OPERATIONAL": 2
+              },
+              "suppressedNewViolationsByRiskType": {
+              }
+            }
+          }
+        ]
+      }
+      "details": {
+        "projectDetails": [
+          {
+            "project": {
+              "uuid": "7a36e5c0-9f09-42dd-b401-360da56c2abe",
+              "name": "Acme Example",
+              "version": "1.0.0"
+            },
+            "violations": [
+              {
+                "component": {
+                  "uuid": "4e04c695-9acd-46fc-9bf6-ed23d7eb551e",
+                  "group": "apache",
+                  "name": "axis",
+                  "version": "1.4"
+                },
+                "violation": {
+                  "uuid": "c82fcb50-029a-4636-a657-96242b20680e",
+                  "type": "OPERATIONAL",
+                  "timestamp": "2022-05-12T20:34:46Z",
+                  "policyCondition": {
+                    "uuid": "8e5c0a5b-71fb-45c5-afac-6c6a99742cbe",
+                    "subject": "COORDINATES",
+                    "operator": "MATCHES",
+                    "value": "{\"group\":\"apache\",\"name\":\"axis\",\"version\":\"*\"}",
+                    "policy": {
+                      "uuid": "6d4c7398-689a-4ec7-b5c5-9abb6b5393e9",
+                      "name": "Banned Components",
+                      "violationState": "FAIL"
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
 #### USER_CREATED
 
 ```json

pom.xml

@@ -102,6 +102,7 @@
         <lib.greenmail.version>2.0.1</lib.greenmail.version>
         <lib.jackson.version>2.17.1</lib.jackson.version>
         <lib.jackson-databind.version>2.17.1</lib.jackson-databind.version>
+        <lib.javax.validation>2.0.1.Final</lib.javax.validation>
         <lib.json-java.version>20240303</lib.json-java.version>
         <lib.json-unit.version>3.3.0</lib.json-unit.version>
         <lib.lucene.version>8.11.3</lib.lucene.version>
@@ -116,12 +117,14 @@
         <lib.testcontainers.version>1.19.8</lib.testcontainers.version>
         <lib.wiremock.version>2.35.2</lib.wiremock.version>
         <lib.woodstox.version>6.6.2</lib.woodstox.version>
+        <lib.junit.version>4.13.2</lib.junit.version>
         <lib.junit-params.version>1.1.1</lib.junit-params.version>
         <lib.signpost-core.version>2.1.1</lib.signpost-core.version>
         <lib.httpclient.version>4.5.14</lib.httpclient.version>
         <lib.httpclient5.version>5.3.1</lib.httpclient5.version>
         <lib.log4j-over-slf4j.version>2.0.13</lib.log4j-over-slf4j.version>
         <lib.org-kohsuke-github-api.version>1.321</lib.org-kohsuke-github-api.version>
+        <lib.com-asahaf-javacron.version>1.4.0</lib.com-asahaf-javacron.version>
         <!-- JDBC Drivers -->
         <lib.jdbc-driver.mssql.version>12.6.1.jre11</lib.jdbc-driver.mssql.version>
         <lib.jdbc-driver.mysql.version>8.0.33</lib.jdbc-driver.mysql.version>
@@ -150,6 +153,18 @@
     </repositories>
 
     <dependencies>
+        <!--
+            Workaround for:
+            "The type javax.validation.Payload cannot be resolved. It is indirectly referenced
+            from required type com.github.packageurl.validator.PackageURLJava"
+            in Component.java & Project.java at least.
+         -->
+        <dependency>
+            <groupId>javax.validation</groupId>
+            <artifactId>validation-api</artifactId>
+            <version>${lib.javax.validation}</version>
+        </dependency>
+
         <!-- Alpine -->
         <dependency>
             <groupId>us.springett</groupId>
@@ -390,6 +405,12 @@
             <version>${lib.org-kohsuke-github-api.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>com.asahaf.javacron</groupId>
+            <artifactId>javacron</artifactId>
+            <version>${lib.com-asahaf-javacron.version}</version>
+        </dependency>
+
         <!-- Test Dependencies -->
         <dependency>
             <groupId>junit</groupId>

src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java

@@ -95,6 +95,7 @@ public enum ConfigPropertyConstants {
     ACCESS_MANAGEMENT_ACL_ENABLED("access-management", "acl.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable access control to projects in the portfolio"),
     NOTIFICATION_TEMPLATE_BASE_DIR("notification", "template.baseDir", SystemUtils.getEnvironmentVariable("DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY", System.getProperty("user.home")), PropertyType.STRING, "The base directory to use when searching for notification templates"),
     NOTIFICATION_TEMPLATE_DEFAULT_OVERRIDE_ENABLED("notification", "template.default.override.enabled", SystemUtils.getEnvironmentVariable("DEFAULT_TEMPLATES_OVERRIDE_ENABLED", "false"), PropertyType.BOOLEAN, "Flag to enable/disable override of default notification templates"),
+    NOTIFICATION_CRON_DEFAULT_EXPRESSION("notification", "cron.default.expression", SystemUtils.getEnvironmentVariable("DEFAULT_SCHEDULED_CRON_EXPRESSION", "0 12 * * *"), PropertyType.STRING, "The default interval of scheduled notifications as cron expression"),
     TASK_SCHEDULER_LDAP_SYNC_CADENCE("task-scheduler", "ldap.sync.cadence", "6", PropertyType.INTEGER, "Sync cadence (in hours) for LDAP"),
     TASK_SCHEDULER_GHSA_MIRROR_CADENCE("task-scheduler", "ghsa.mirror.cadence", "24", PropertyType.INTEGER, "Mirror cadence (in hours) for Github Security Advisories"),
     TASK_SCHEDULER_OSV_MIRROR_CADENCE("task-scheduler", "osv.mirror.cadence", "24", PropertyType.INTEGER, "Mirror cadence (in hours) for OSV database"),