Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to select affected products for analysis data propagation #201

Open
wants to merge 11 commits into
base: main
Choose a base branch
from

Conversation

tdruez
Copy link
Contributor

@tdruez tdruez commented Dec 3, 2024

This is an implementation of #105

@tdruez
Copy link
Contributor Author

tdruez commented Dec 3, 2024

This PR introduces a new "Propagate analysis to products:" section in the "Vulnerability analysis" modal.
The list of Products containing the same package as the one currently being analysed are listed and can be selected for "analysis propagation".

Screenshot 2024-12-03 at 19 51 45

When checked, all the Analysis data (status, justification, responses, detail) will be create in the context of that other Product.
Note that if no other Product contains this package, the section is not displayed.
Also, updates are not yet supported, the analysis is propagated only if not analysis is available yet on the target Product. This is to avoid providing an easy way to "destroy" data.

@DennisClark Let me know your thoughs on the current implementation and how you would like to handle the "update" cases.

@DennisClark
Copy link
Member

@tdruez Very nice feature, confirmed working in Staging Starship.

Regarding updates, I think it might be useful to display the Analysis State of the package vulnerability on each potential target product and let the user decide whether to check that product, and if so proceed with an update.

@tdruez
Copy link
Contributor Author

tdruez commented Dec 4, 2024

@DennisClark The "Propagate to product" field is now displayed as a table including the current Analysis values when available. This will help the user to make a conscious decision about propagating to others Product.

It provides also a good overview of the current state of a given vulnerability across Products (see also #104)

The "select-all" feature is available to propagate to all affected Products.

Update when selecting a Product for propagation is now supported.

Screenshot 2024-12-04 at 19 27 22

@DennisClark
Copy link
Member

@tdruez Confirmed the latest improvements in Staging Starship. The updates get propagated properly and the presentation of the related products is very nice. No problems found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants