New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aliases: improve alias column, show aliases optionally in all vulnerability lists #315
aliases: improve alias column, show aliases optionally in all vulnerability lists #315
Conversation
Thanks for the PR @valentijnscholten! IIRC this was deemed to be a non-starter in the related Slack discussion. So I think this can be closed until we come up with a better way to visualize this data. |
It's already used in the Project Findings list, so why not just copy it into the other places for now so we gain some usability around aliases? |
A tooltip might be better compromise for now. See: https://owasp.slack.com/archives/C6R3R32H4/p1667585442465429 |
b817ac3
to
3b15c96
Compare
Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com>
3b15c96
to
9d7266d
Compare
Made some small changes to improve the layout to the existing column already available since 4.6.0 and updated the description to hopefully convince this would be a good PR to merge. |
Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com>
I also looked at a "new line" solution without using . I'm oldschool, so I left the |
Haha the BR tag is rendered as html by GitHub |
@stevespringett Do you want me to set the CWE column to not sortable as well? It behaved erratically, even if all rows have only 1 CWE. BTW In other places the CWE column is rendered differently (and not sortable): I like the good old non-breaking-space |
commit 5d34a8b Merge: e414ddf 71b4370 Author: Niklas <nscuro@protonmail.com> Date: Wed Apr 19 12:39:11 2023 +0200 Merge pull request DependencyTrack#473 from DependencyTrack/dependabot/github_actions/aquasecurity/trivy-action-0.10.0 build(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 commit 71b4370 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Apr 19 02:00:39 2023 +0000 build(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.9.2...0.10.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit e414ddf Author: dependencytrack-bot <106437498+dependencytrack-bot@users.noreply.github.com> Date: Tue Apr 18 18:30:56 2023 +0000 prepare-release: set version to 4.8.0 commit 35fe9dc Merge: bbeb980 51532f6 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 18 10:35:49 2023 +0200 Merge pull request DependencyTrack#472 from DependencyTrack/dependabot/docker/docker/nginxinc/nginx-unprivileged-05b1534 build(deps): bump nginxinc/nginx-unprivileged from `6c9390e` to `05b1534` in /docker commit 51532f6 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Apr 18 02:00:24 2023 +0000 build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `6c9390e` to `05b1534`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit bbeb980 Merge: 837994b 48d7393 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 17 13:46:19 2023 +0200 Merge pull request DependencyTrack#463 from Mvld3r/feat-462-support-jira-authentication-with-personal-tokens Feat: Support Jira authentication with personal tokens Closes DependencyTrack#462 commit 837994b Merge: 55c4f95 247835c Author: Niklas <nscuro@protonmail.com> Date: Sun Apr 16 16:31:26 2023 +0200 Merge pull request DependencyTrack#471 from sephiroth-j/issue-168-show-tags-in-lowercase show tags in lowercase on the project list page commit 247835c Author: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com> Date: Sun Apr 16 14:52:27 2023 +0200 proper URL-encoding of tag value uses router link for escaping, prevents XSS Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com> commit b490088 Author: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com> Date: Sun Apr 16 14:46:26 2023 +0200 display tags in lowercase fixes DependencyTrack#168 Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com> commit 55c4f95 Merge: 99948d0 9e74d9e Author: Niklas <nscuro@protonmail.com> Date: Sat Apr 15 23:08:57 2023 +0200 Merge pull request DependencyTrack#319 from valentijnscholten/tags-in-project-list project list: show tags commit 9e74d9e Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 21:25:30 2023 +0200 project list: add tags column Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 25acb78 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 19:38:57 2023 +0200 project list: add tags column Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 02593a4 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 19:08:38 2023 +0200 fix project tag link Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 914d4b3 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 18:51:31 2023 +0200 tags colum not sortable Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit b326105 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 18:51:16 2023 +0200 remove comma Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 7be3742 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 17:34:32 2023 +0200 add show more button Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit c43f5af Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 17:29:43 2023 +0200 update json5 to fix high sev vuln Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit f6a31fc Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 17:22:01 2023 +0200 add show more button Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit dae0d95 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 16:57:43 2023 +0200 add show more button Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 12d2865 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 16:12:04 2023 +0200 add babel chaining plugin Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit b327f81 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Apr 15 16:07:23 2023 +0200 add babel chaining plugin Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit ed8e785 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Thu Mar 2 18:42:47 2023 +0100 process nuanced feedback Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit a5e71c4 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Thu Mar 2 18:40:19 2023 +0100 process nuanced feedback Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 491d4df Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Wed Feb 15 19:22:43 2023 +0100 project list: add optional tags column Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit d7325f1 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Sat Nov 5 17:03:34 2022 +0100 project list: show tags Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 99948d0 Merge: d6d541e d4fe818 Author: Niklas <nscuro@protonmail.com> Date: Fri Apr 14 22:59:55 2023 +0200 Merge pull request DependencyTrack#315 from valentijnscholten/aliases-in-all-lists aliases: improve alias column, show aliases optionally in all vulnerability lists commit d6d541e Merge: 5ea8093 7d22ebc Author: Niklas <nscuro@protonmail.com> Date: Fri Apr 14 22:51:45 2023 +0200 Merge pull request DependencyTrack#424 from rbt-mm/master-simplify-removing-parent-relationship Make removing parent relationship more convenient Fixes DependencyTrack#407 commit 5ea8093 Merge: 947b500 d6270c7 Author: Niklas <nscuro@protonmail.com> Date: Fri Apr 14 22:47:50 2023 +0200 Merge pull request DependencyTrack#467 from nscuro/add-feature-toggles-for-alias-sync Allow for vulnerability alias synchronization to be disabled for each source that supports it commit 947b500 Merge: ddef024 2382d3f Author: Niklas <nscuro@protonmail.com> Date: Fri Apr 14 22:47:35 2023 +0200 Merge pull request DependencyTrack#469 from DependencyTrack/dependabot/github_actions/actions/checkout-3.5.2 build(deps): bump actions/checkout from 3.5.0 to 3.5.2 commit ddef024 Merge: 6c8414a 6e4322b Author: Niklas <nscuro@protonmail.com> Date: Fri Apr 14 22:47:22 2023 +0200 Merge pull request DependencyTrack#380 from KramNamez/new_alert Added new project notification to frontend alert template commit d6270c7 Author: nscuro <nscuro@protonmail.com> Date: Fri Apr 14 13:25:26 2023 +0200 Add warning for Snyk alias sync; Add tooltip for alias sync toggles Signed-off-by: nscuro <nscuro@protonmail.com> commit 2382d3f Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Apr 14 02:01:22 2023 +0000 build(deps): bump actions/checkout from 3.5.0 to 3.5.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.5.0...v3.5.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 276a812 Author: nscuro <nscuro@protonmail.com> Date: Thu Apr 13 14:32:56 2023 +0200 Allow for vulnerability alias synchronization to be disabled for each source that supports it Signed-off-by: nscuro <nscuro@protonmail.com> commit 6c8414a Merge: 082e566 88ae449 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 11 08:20:38 2023 +0200 Merge pull request DependencyTrack#464 from DependencyTrack/dependabot/docker/docker/nginxinc/nginx-unprivileged-1.23.4-alpine commit 88ae449 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Apr 11 02:00:57 2023 +0000 build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from 1.23.3-alpine to 1.23.4-alpine. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 082e566 Merge: 4d3273b b49a2f4 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 21:32:15 2023 +0200 Merge pull request DependencyTrack#457 from Mvld3r/issue-453-fix-show-inactive-projects Fix: Unable to change page number in project list in some cases when 'show inactive projects' button is clicked commit 4d3273b Merge: bcb3b1e a478c17 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 21:23:42 2023 +0200 Merge pull request DependencyTrack#461 from Codingendless/fix/duplicate_key fix Duplicate Key of 'last_bom_import' commit bcb3b1e Merge: d4f705d 6163d3c Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 16:29:10 2023 +0200 Merge pull request DependencyTrack#459 from DependencyTrack/dependabot/docker/docker/nginxinc/nginx-unprivileged-cd8bb51 build(deps): bump nginxinc/nginx-unprivileged from `839b7ff` to `cd8bb51` in /docker commit d4f705d Merge: ec7baf1 56615e5 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 16:28:57 2023 +0200 Merge pull request DependencyTrack#456 from DependencyTrack/dependabot/github_actions/actions/checkout-3.5.0 build(deps): bump actions/checkout from 3.4.0 to 3.5.0 commit ec7baf1 Merge: 580adb6 198c043 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 16:28:46 2023 +0200 Merge pull request DependencyTrack#439 from DependencyTrack/dependabot/github_actions/aquasecurity/trivy-action-0.9.2 build(deps): bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 commit 48d7393 Author: Enora Germond <enora.germond@deveryware.com> Date: Thu Mar 23 14:18:04 2023 +0100 Feat: Support Jira authentication with personal tokens Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit a478c17 Author: Codingendless <codingendless@40coderplus.com> Date: Thu Apr 6 14:41:14 2023 +0800 fix Duplicate Key of 'last_bom_import' Signed-off-by: Codingendless <codingendless@40coderplus.com> commit 6163d3c Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Apr 4 02:00:54 2023 +0000 build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `839b7ff` to `cd8bb51`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit b49a2f4 Author: Enora Germond <enora.germond@deveryware.com> Date: Fri Mar 24 17:43:55 2023 +0100 Fix: Go to page one of the table when 'show inactive projects' is clicked Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit 018fa92 Author: Enora Germond <enora.germond@deveryware.com> Date: Mon Mar 20 15:01:45 2023 +0100 ProjectList: code cleanup Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit 56615e5 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 27 02:16:50 2023 +0000 build(deps): bump actions/checkout from 3.4.0 to 3.5.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 198c043 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Mar 8 02:03:06 2023 +0000 build(deps): bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.9.1...0.9.2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 7d22ebc Author: RBickert <rbt@mm-software.com> Date: Wed Feb 22 11:40:57 2023 +0100 Display empty option to remove parent Signed-off-by: RBickert <rbt@mm-software.com> commit 5f88200 Author: RBickert <rbt@mm-software.com> Date: Tue Feb 21 10:47:59 2023 +0100 Make removing parent relationship more convenient The parent relationship of a project can be removed in the frontend by selecting the currently selected parent for a second time. To make this removal more convenient, the ProjectDetailsModal now preloads the parent selection with the selected parent instead of an empty list, where you'd have to search for the parent to remove it. Signed-off-by: RBickert <rbt@mm-software.com> commit d4fe818 Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Thu Feb 16 09:20:46 2023 +0100 alias column is not sortable Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 9d7266d Author: Valentijn Scholten <valentijnscholten@gmail.com> Date: Wed Feb 15 18:25:46 2023 +0100 aliases column: improve alignment, add column in more places Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> commit 6e4322b Author: Mark Zeman <zeman@puzzle.ch> Date: Wed Jan 4 16:12:11 2023 +0100 added PROJECT_CREATED to available alerts Signed-off-by: Mark Zeman <zeman@puzzle.ch>
Description
2023-02-15 Attempt 2 at this PR:
The Audit Vulnerabilities tab for a project has an extra column that can be shown to list the aliases of a vulnerability. This PR improves the alignment of these aliases to make it look a little bit better.
Old:
New:
I have also added this optional column to the global Vulnerabilities and Components lists
Addressed Issue
Additional Details
Not everybody might feel this is the "perfect" solution, but let's not make "perfect" the enemy of "good" :-)
Not sure if there's a practical way to wrap around each alias without using
Checklist
Signed-off-by: Valentijn Scholten valentijnscholten@gmail.com