Display "Last BOM Import" timestamp on project page #147
Comments
|
Great proposal. I was looking for a way to assess the freshness of my portfolio. |
|
In exchange with @msymons, this appears to be an acceptable MVP:
I'll raise a PR to implement it. We also discussed (a while back) that it'd be useful to see a log or trend of BOM (and VEX) uploads. DT already tracks this information, the biggest challenge will be to display it in an easily digestible way. |
|
RE:
That would cause even more confusion, as "measurement" is referring to metrics measurement, not the vulnerability analysis. Metrics are measured every hour, whereas the actual vulnerability analysis is taking place every 24 hours. |
Current Behavior:
The projects screen has a (default) column displaying "Last BOM Import" for each individual project. The column is sortable and very useful for quickly seeing which projects have not had an import performed for a while. (eg, when a team switched from building a project in Jenkins to using Azure DevOps without incorporating BOM upload into the new pipeline).
This timestamp is not displayed on the project pages themselves. The "Last Measurement" timestamp is displayed. This is useful... but in this screenshot it is EIGHT months later than the last BOM Import.
The problem is compounded when one has navigated directly to the project page from a link in an email, Slack message, GitHub PR, etc. ie everything looks perfectly OK but it is not OK.. and the only way to see that there is a problem is to navigate to projects and then find the project there (and make sure that you do not accidentally mix up a version or even the project name itself).
Proposed Behavior:
The text was updated successfully, but these errors were encountered: