You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The projects screen has a (default) column displaying "Last BOM Import" for each individual project. The column is sortable and very useful for quickly seeing which projects have not had an import performed for a while. (eg, when a team switched from building a project in Jenkins to using Azure DevOps without incorporating BOM upload into the new pipeline).
This timestamp is not displayed on the project pages themselves. The "Last Measurement" timestamp is displayed. This is useful... but in this screenshot it is EIGHT months later than the last BOM Import.
The problem is compounded when one has navigated directly to the project page from a link in an email, Slack message, GitHub PR, etc. ie everything looks perfectly OK but it is not OK.. and the only way to see that there is a problem is to navigate to projects and then find the project there (and make sure that you do not accidentally mix up a version or even the project name itself).
Proposed Behavior:
Add "Last BOM Import" timestamp to each project page.
Suggest changing text for "Last Measurement" to "Last Analysis" to improve clarity
Suggest displaying "Last BOM Import" timestamp to the LEFT of "Last Analysis" ("Last Measurement") as this represents the normal flow... first we upload a BOM and then we analyze things.
The text was updated successfully, but these errors were encountered:
Great proposal. I was looking for a way to assess the freshness of my portfolio.
Besides the clarification on the date, what about giving the possibility to use "Last BOM import date" as an input for the Policy engine ? This way, one would be able to define freshness rules and alert on them if need be
In exchange with @msymons, this appears to be an acceptable MVP:
I'll raise a PR to implement it.
We also discussed (a while back) that it'd be useful to see a log or trend of BOM (and VEX) uploads. DT already tracks this information, the biggest challenge will be to display it in an easily digestible way.
Suggest changing text for "Last Measurement" to "Last Analysis" to improve clarity
That would cause even more confusion, as "measurement" is referring to metrics measurement, not the vulnerability analysis. Metrics are measured every hour, whereas the actual vulnerability analysis is taking place every 24 hours.
Current Behavior:
The projects screen has a (default) column displaying "Last BOM Import" for each individual project. The column is sortable and very useful for quickly seeing which projects have not had an import performed for a while. (eg, when a team switched from building a project in Jenkins to using Azure DevOps without incorporating BOM upload into the new pipeline).
This timestamp is not displayed on the project pages themselves. The "Last Measurement" timestamp is displayed. This is useful... but in this screenshot it is EIGHT months later than the last BOM Import.
The problem is compounded when one has navigated directly to the project page from a link in an email, Slack message, GitHub PR, etc. ie everything looks perfectly OK but it is not OK.. and the only way to see that there is a problem is to navigate to projects and then find the project there (and make sure that you do not accidentally mix up a version or even the project name itself).
Proposed Behavior:
The text was updated successfully, but these errors were encountered: