Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy Violations Breakdown Missing Security Policies #91

Closed
msymons opened this issue Aug 19, 2021 · 0 comments · Fixed by #144
Closed

Policy Violations Breakdown Missing Security Policies #91

msymons opened this issue Aug 19, 2021 · 0 comments · Fixed by #144
Labels
enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
4.5

Comments

@msymons
Copy link
Member

msymons commented Aug 19, 2021

Current Behavior:

DT v4.1 introduced support for vulnerabilities in policy violations. In DT 4.3.1, the"Overview" tab for individual projects does not include Security Risk in the Policy Violations Breakdown chart:

image

This screenshot was taken from a project with 0 licence violations and 0 operational violations (ie, stats are correct) but which does have 2 security policy violations.

Steps to Reproduce:

  • Create a security policy such as subject == SEVERITY && value IS MEDIUM (or whatever can guarantee at least one violation)
  • For purpose of demonstration there is no need to restrict the policy to a particular project... although this can be done in order to reduce "noise".
  • Navigate to a project that will be in violation of this policy
  • The Policy Violations tab on the project page will list violations of type "security". Count them.
  • The Overview tab on the project page displays a Policy Violations chart, broken down by Classification. Observe that there is no info on security violations.

Expected Behavior:

The Policy Violations by Classification Chart should include "security risk" and the number should match what you counted on the Policy Violations tab.

Environment:

  • Dependency-Track Version: 4.3.1
  • Client Browser: Firefox 90.0
  • Client O/S: Windows 10.

Additional Details:

I am guessing that the problem relates to the code in ChartPolicyViolationBreakdown.vue that is commented out and marked TODO.
@stevespringett stevespringett added enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk and removed in triage labels Aug 20, 2021
@stevespringett stevespringett added this to the 4.4 milestone Aug 20, 2021
@stevespringett stevespringett modified the milestones: 4.4, 4.5 Feb 17, 2022
AbdelHajou added a commit to AbdelHajou/frontend that referenced this issue Apr 29, 2022
@AbdelHajou
Show Security Risk in policy violations overview (fixes DependencyTra…
9b163ef 
…ck#91)

Signed-off-by: Abdel Hajou <[email protected]>
@AbdelHajou AbdelHajou mentioned this issue Apr 29, 2022
Merged
stevespringett added a commit that referenced this issue Apr 30, 2022
@stevespringett
Merge pull request #144 from AbdelHajou/fix-91
7cda349 
Show Security Risk in policy violations overview (fixes #91)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
4.5
Development

Successfully merging a pull request may close this issue.

Show Security Risk in policy violations overview (fixes #91) AbdelHajou/frontend
2 participants
@stevespringett @msymons