From 37167633183b413b04df963d29e443a6a8117c04 Mon Sep 17 00:00:00 2001 From: Hendrik Borchardt Date: Wed, 22 Mar 2023 22:46:28 +0100 Subject: [PATCH 001/165] Add spdx expression field to component dialog and list The licenseExpression field has been added to the component model in the backend. Show it and make it editable in the component popup, and show it in the component list's "license" column if no resolved license is available. Signed-off-by: Hendrik Borchardt --- src/i18n/locales/en.json | 2 ++ src/views/portfolio/projects/ComponentDetailsModal.vue | 3 +++ src/views/portfolio/projects/ProjectComponents.vue | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index db78e4e78..822f2ef25 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -245,6 +245,7 @@ "template": "Template", "source_header": "Source Header", "license_name": "License Name", + "license_expression": "SPDX Expression", "license_url": "License URL", "required_license_name": "The license name is required", "license_name_desc": "The name of the license as provided by the supplier", @@ -310,6 +311,7 @@ "component_swid_tagid_desc": "The ISO/IEC 19770-2:2015 (SWID) tag ID provided by the software vendor", "component_classifier_desc": "Specifies the type of component: Assets (applications, operating systems, and hardware) and non-assets (libraries, frameworks, and files)", "component_spdx_license_desc": "Specifies the SPDX license ID of the component", + "component_license_expression_desc": "Specifies license information for the component in the form of an SPDX expression", "component_license_url_desc": "Specifies the URL to the license of the component", "component_filename_desc": "Specifies the observed filename of the component", "component_hash_desc": "Specifies the observed hash value of the component using the preceding algorithm", diff --git a/src/views/portfolio/projects/ComponentDetailsModal.vue b/src/views/portfolio/projects/ComponentDetailsModal.vue index 9649fed16..34495c0b1 100644 --- a/src/views/portfolio/projects/ComponentDetailsModal.vue +++ b/src/views/portfolio/projects/ComponentDetailsModal.vue @@ -66,6 +66,9 @@ v-model="selectedLicense" :options="selectableLicenses" :label="$t('message.license')" :tooltip="$t('message.component_spdx_license_desc')" :disabled="this.isNotPermitted(PERMISSIONS.PORTFOLIO_MANAGEMENT)" /> + diff --git a/src/views/portfolio/projects/ProjectComponents.vue b/src/views/portfolio/projects/ProjectComponents.vue index 262d4980d..5ae80db45 100644 --- a/src/views/portfolio/projects/ProjectComponents.vue +++ b/src/views/portfolio/projects/ProjectComponents.vue @@ -130,8 +130,12 @@ if (Object.prototype.hasOwnProperty.call(row, "resolvedLicense")) { let licenseurl = "../../../licenses/" + row.resolvedLicense.licenseId; return "" + xssFilters.inHTMLData(row.resolvedLicense.licenseId) + ""; - } else { + } else if (value) { return xssFilters.inHTMLData(common.valueWithDefault(value, "")); + } else if (row.licenseExpression) { + return xssFilters.inHTMLData(common.valueWithDefault(row.licenseExpression, "")); + } else { + return ""; } } }, From f82bc0cbe03aa9801b3bafbb7c0d157f422ce84a Mon Sep 17 00:00:00 2001 From: mehab Date: Thu, 6 Jul 2023 14:10:40 +0100 Subject: [PATCH 002/165] added changes to ui to support authentication for repositories regardless of whether they are for internal packages or not Co-authored-by:Sahiba Mittal Signed-off-by: mehab --- src/i18n/locales/en.json | 1 + .../repositories/Repositories.vue | 23 +++++++++++++++++-- .../RepositoryCreateRepositoryModal.vue | 19 +++++++++++---- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index c4dafad23..cfadda796 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -696,6 +696,7 @@ "create_repository": "Create Repository", "repository_type": "Repository Type", "internal": "Internal", + "repository_authentication": "Authentication required", "delete_repository": "Delete Repository", "repository_created": "Repository created", "repository_deleted": "Repository deleted", diff --git a/src/views/administration/repositories/Repositories.vue b/src/views/administration/repositories/Repositories.vue index 752b1c282..d71f81ebf 100644 --- a/src/views/administration/repositories/Repositories.vue +++ b/src/views/administration/repositories/Repositories.vue @@ -89,6 +89,15 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; return value === true ? '' : ""; }, }, + { + title: this.$t('admin.repository_authentication'), + field: "authenticationRequired", + class: "tight", + sortable: true, + formatter(value, row, index) { + return value === true ? '' : ""; + }, + }, { title: this.$t('admin.enabled'), field: "enabled", @@ -134,13 +143,16 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal";
{{$t('admin.internal')}}
+
+ {{$t('admin.repository_authentication')}} +
@@ -148,8 +160,9 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; @@ -173,6 +186,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; identifier: row.identifier, url: row.url, internal: row.internal, + authenticationRequired: row.authenticationRequired, username: row.username, password: row.password || null, enabled: row.enabled, @@ -189,7 +203,11 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; }, enabled() { this.updateRepository(); + }, + authenticationRequired(){ + this.updateRepository(); } + }, methods: { deleteRepository: function() { @@ -207,6 +225,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; identifier: this.identifier, url: this.url, internal: this.internal, + authenticationRequired: this.authenticationRequired, username: this.username, password: this.password || null, enabled: this.enabled, diff --git a/src/views/administration/repositories/RepositoryCreateRepositoryModal.vue b/src/views/administration/repositories/RepositoryCreateRepositoryModal.vue index 05cf65110..e202f26be 100644 --- a/src/views/administration/repositories/RepositoryCreateRepositoryModal.vue +++ b/src/views/administration/repositories/RepositoryCreateRepositoryModal.vue @@ -18,24 +18,30 @@ + +
+ {{$t('admin.internal')}} +
- {{$t('admin.internal')}} + {{$t('admin.repository_authentication')}}
- -
@@ -74,6 +80,7 @@ import BValidatedInputGroupFormInput from "../../../forms/BValidatedInputGroupFo repositoryType: null, initialRepositoryType: null, internal: false, + repository_authentication: false, username: null, password: null, enabled: true, @@ -103,6 +110,7 @@ import BValidatedInputGroupFormInput from "../../../forms/BValidatedInputGroupFo identifier: this.identifier, url: this.url, internal: this.internal, + authenticationRequired: this.repository_authentication, username: this.username, password: this.password || null, enabled: this.enabled @@ -124,6 +132,7 @@ import BValidatedInputGroupFormInput from "../../../forms/BValidatedInputGroupFo this.username = null; this.password = null; this.enabled = true; + this.repository_authentication = false; } } } From fa607ce6e15bb4be6e25fcf550e06f1b530518ec Mon Sep 17 00:00:00 2001 From: mehab Date: Thu, 6 Jul 2023 18:35:31 +0100 Subject: [PATCH 003/165] password required field changes Signed-off-by: mehab --- src/views/administration/repositories/Repositories.vue | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/views/administration/repositories/Repositories.vue b/src/views/administration/repositories/Repositories.vue index d71f81ebf..94e8dc030 100644 --- a/src/views/administration/repositories/Repositories.vue +++ b/src/views/administration/repositories/Repositories.vue @@ -152,6 +152,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; id="username" :label="$t('admin.username')" input-group-size="mb-3" v-model="username" + rules="required" v-show="authenticationRequired" v-debounce:750ms="updateRepository" :debounce-events="'keyup'"/>
@@ -162,6 +163,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; input-group-size="mb-3" type="password" v-model="password" + rules="required" v-show="authenticationRequired" v-debounce:750ms="updateRepository" :debounce-events="'keyup'"/> @@ -188,7 +190,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; internal: row.internal, authenticationRequired: row.authenticationRequired, username: row.username, - password: row.password || null, + password: row.password || "HiddenDecryptedPropertyPlaceholder", enabled: row.enabled, uuid: row.uuid, labelIcon: { @@ -205,6 +207,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; this.updateRepository(); }, authenticationRequired(){ + this.updateRepository(); } @@ -227,7 +230,7 @@ import RepositoryCreateRepositoryModal from "./RepositoryCreateRepositoryModal"; internal: this.internal, authenticationRequired: this.authenticationRequired, username: this.username, - password: this.password || null, + password: this.password || "HiddenDecryptedPropertyPlaceholder", enabled: this.enabled, uuid: this.uuid }).then((response) => { From 130aeef54ca43e28708ac432ef049d0f404eac95 Mon Sep 17 00:00:00 2001 From: RBickert Date: Wed, 2 Aug 2023 13:56:49 +0200 Subject: [PATCH 004/165] Redirect from vulnerability to dependency graph Adds a `Show in Dependency-Graph` button to the every project in the `Affected Projects` tab of a vulnerability that highlights the affected component in the project's dependency graph Signed-off-by: RBickert --- src/views/portfolio/vulnerabilities/AffectedProjects.vue | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index 796f2d173..0dba48062 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -25,9 +25,10 @@ title: this.$t('message.name'), field: "name", sortable: true, - formatter(value, row, index) { + formatter: (value, row, index) => { let url = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid); - return `${xssFilters.inHTMLData(value)}`; + let dependencyGraphUrl = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid + "/dependencyGraph/" + row.affectedComponent) + return row.directDependencies ? ` ` + `${xssFilters.inHTMLData(value)}` : `${xssFilters.inHTMLData(value)}`; } }, { From 2e5e89430d9120c89734a5a5b4006963a4a74664 Mon Sep 17 00:00:00 2001 From: RBickert Date: Wed, 2 Aug 2023 14:08:41 +0200 Subject: [PATCH 005/165] Redirect from component search to dependency graph Adds a `Show in Dependency-Graph` button to the every component in the `Component Search` that highlights the affected component in the project's dependency graph Signed-off-by: RBickert --- src/views/portfolio/components/ComponentSearch.vue | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/views/portfolio/components/ComponentSearch.vue b/src/views/portfolio/components/ComponentSearch.vue index e348084f6..ef9ab9e85 100644 --- a/src/views/portfolio/components/ComponentSearch.vue +++ b/src/views/portfolio/components/ComponentSearch.vue @@ -155,7 +155,8 @@ sortable: true, formatter(value, row, index) { let url = xssFilters.uriInUnQuotedAttr("../components/" + row.uuid); - return `${xssFilters.inHTMLData(value)}`; + let dependencyGraphUrl = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.project.uuid + "/dependencyGraph/" + row.uuid) + return row.project.directDependencies ? ` ` + `${xssFilters.inHTMLData(value)}` : `${xssFilters.inHTMLData(value)}`; } }, { From 2a46ef17e3d64c52e7c6745329092ac2c45665f4 Mon Sep 17 00:00:00 2001 From: RBickert Date: Mon, 7 Aug 2023 17:42:48 +0200 Subject: [PATCH 006/165] Go to expanded finding from "Affected Projects" Clicking on a project from the "Affected Projects"-tab of a vulnerability now opens the project's "Findings"-tab, showing only the expanded vulnerability Signed-off-by: RBickert --- src/i18n/locales/en.json | 3 ++- src/router/index.js | 15 +++++++++++++++ src/views/portfolio/projects/ProjectFindings.vue | 10 ++++++++++ .../vulnerabilities/AffectedProjects.vue | 5 +++-- .../portfolio/vulnerabilities/Vulnerability.vue | 2 +- 5 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index 28ab21aa9..89c334e6f 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -520,7 +520,8 @@ "version_distance_major": "major", "version_distance_minor": "minor", "version_distance_patch": "patch", - "version_distance_tooltip": "Specify the difference between version numbers, or empty to ignore" + "version_distance_tooltip": "Specify the difference between version numbers, or empty to ignore", + "matrix": "Matrix" }, "admin": { "configuration": "Configuration", diff --git a/src/router/index.js b/src/router/index.js index 6a4c65c34..a978b7d19 100644 --- a/src/router/index.js +++ b/src/router/index.js @@ -129,6 +129,21 @@ function configRoutes() { permission: 'VIEW_PORTFOLIO' } }, + { + path: 'projects/:uuid/findings/:affectedComponent/:vulnerability', + name: 'Project Finding Lookup', + props: (route) => ( { + uuid: route.params.uuid, + affectedComponent: route.params.componentUuid, + vulnerability: route.params.vulnerability + } ), + component: Project, + meta: { + i18n: 'message.projects', + sectionPath: '/projects', + permission: 'VIEW_PORTFOLIO' + } + }, { path: 'components', name: 'Component Lookup', diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue index 9fa6384df..5b0132b23 100644 --- a/src/views/portfolio/projects/ProjectFindings.vue +++ b/src/views/portfolio/projects/ProjectFindings.vue @@ -216,6 +216,12 @@ import common from "../../../shared/common"; formatter(value, row, index) { return value === true ? '' : ""; }, + }, + { + title: this.$t('message.matrix'), + field: "matrix", + sortable: true, + visible: false } ], data: [], @@ -233,6 +239,7 @@ import common from "../../../shared/common"; pageSize: (localStorage && localStorage.getItem("ProjectFindingsPageSize") !== null) ? Number(localStorage.getItem("ProjectFindingsPageSize")) : 10, sortName: (localStorage && localStorage.getItem("ProjectFindingsSortName") !== null) ? localStorage.getItem("ProjectFindingsSortName") : undefined, sortOrder: (localStorage && localStorage.getItem("ProjectFindingsSortOrder") !== null) ? localStorage.getItem("ProjectFindingsSortOrder") : undefined, + searchText: (this.$route.params.affectedComponent && this.$route.params.vulnerability) ? this.$route.params.uuid + ":" + this.$route.params.affectedComponent + ":" + this.$route.params.vulnerability : undefined, icons: { detailOpen: 'fa-fw fa-angle-right', detailClose: 'fa-fw fa-angle-down', @@ -558,6 +565,9 @@ import common from "../../../shared/common"; tableLoaded: function(data) { loadUserPreferencesForBootstrapTable(this, "ProjectFindings", this.$refs.table.columns); this.$emit('total', data.total); + if (this.$route.params.affectedComponent && this.$route.params.vulnerability) { + this.$refs.table.expandRow(0); + } }, initializeTooltips: function () { $('[data-toggle="tooltip"]').tooltip({ diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index 0dba48062..d8c22a803 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -16,7 +16,8 @@ mixins: [permissionsMixin], props: { source: String, - vulnId: String + vulnId: String, + vulnerability: String }, data() { return { @@ -26,7 +27,7 @@ field: "name", sortable: true, formatter: (value, row, index) => { - let url = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid); + let url = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid + "/findings/" + row.affectedComponent + "/" + this.vulnerability); let dependencyGraphUrl = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid + "/dependencyGraph/" + row.affectedComponent) return row.directDependencies ? ` ` + `${xssFilters.inHTMLData(value)}` : `${xssFilters.inHTMLData(value)}`; } diff --git a/src/views/portfolio/vulnerabilities/Vulnerability.vue b/src/views/portfolio/vulnerabilities/Vulnerability.vue index 1a1d75c59..a10879242 100644 --- a/src/views/portfolio/vulnerabilities/Vulnerability.vue +++ b/src/views/portfolio/vulnerabilities/Vulnerability.vue @@ -140,7 +140,7 @@ - + From 0dc986bcc7131f00d8b12897a2eb526228ae3184 Mon Sep 17 00:00:00 2001 From: mattmatician Date: Tue, 15 Aug 2023 16:21:59 +0100 Subject: [PATCH 007/165] Add chown to default nginx conf file, to make it owned by nginx user Signed-off-by: mattmatician --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index a1a039efd..97888e6f0 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -30,7 +30,7 @@ RUN chown -R 101:0 ${APP_DIR} \ USER 101 # Setup entrypoint -COPY ./docker/etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf +COPY --chown=101:0 ./docker/etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf COPY ./docker/docker-entrypoint.sh /docker-entrypoint.d/30-oidc-configuration.sh # Specify the container working directory From af7d2deee0d10ebf8ca1a90327635ce1eef2d094 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Aug 2023 01:23:32 +0000 Subject: [PATCH 008/165] build(deps): bump actions/setup-node from 3.7.0 to 3.8.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.7.0 to 3.8.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.7.0...v3.8.1) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/ci-release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index f701536a5..90e1d2f03 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v3.5.3 - name: Set up NodeJs - uses: actions/setup-node@v3.7.0 + uses: actions/setup-node@v3.8.1 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index bc6682e67..4a9064e02 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v3.5.3 - name: Set up NodeJs - uses: actions/setup-node@v3.7.0 + uses: actions/setup-node@v3.8.1 with: node-version: '18' cache: 'npm' From 787a745c30163f3a3eae6c2e2a3beddff2cf1eb7 Mon Sep 17 00:00:00 2001 From: nscuro Date: Sun, 20 Aug 2023 00:11:31 +0200 Subject: [PATCH 009/165] Fix license expression input fields Signed-off-by: nscuro --- src/views/portfolio/projects/ComponentDetailsModal.vue | 3 +++ src/views/portfolio/projects/ProjectAddComponentModal.vue | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/src/views/portfolio/projects/ComponentDetailsModal.vue b/src/views/portfolio/projects/ComponentDetailsModal.vue index 34495c0b1..0f001160d 100644 --- a/src/views/portfolio/projects/ComponentDetailsModal.vue +++ b/src/views/portfolio/projects/ComponentDetailsModal.vue @@ -224,6 +224,7 @@ author: this.component.author, description: this.component.description, license: this.selectedLicense, + licenseExpression: this.component.licenseExpression, licenseUrl: this.component.licenseUrl, filename: this.component.filename, classifier: this.component.classifier, @@ -258,6 +259,8 @@ retrieveLicenses: function() { let url = `${this.$api.BASE_URL}/${this.$api.URL_LICENSE_CONCISE}`; this.axios.get(url).then((response) => { + // Allow for license to be un-selected. + this.selectableLicenses.push({value: '', text: ''}); for (let i = 0; i < response.data.length; i++) { let license = response.data[i]; this.selectableLicenses.push({value: license.licenseId, text: license.name, uuid: license.uuid}); diff --git a/src/views/portfolio/projects/ProjectAddComponentModal.vue b/src/views/portfolio/projects/ProjectAddComponentModal.vue index b3a2146e0..974cc0671 100644 --- a/src/views/portfolio/projects/ProjectAddComponentModal.vue +++ b/src/views/portfolio/projects/ProjectAddComponentModal.vue @@ -48,6 +48,10 @@ + + { + // Allow for license to be un-selected. + this.selectableLicenses.push({value: '', text: ''}); for (let i = 0; i < response.data.length; i++) { let license = response.data[i]; this.selectableLicenses.push({value: license.licenseId, text: license.name}); From ca2cfe95d6773dc6724e320d0e01caed2ac95c4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Aug 2023 01:18:31 +0000 Subject: [PATCH 010/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from 1.25.1-alpine to 1.25.2-alpine. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index a1a039efd..102b8bb9c 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:279824ecfd934ab8cf08b5e4debabdc711c5768371203263f2d5c5141423ed80 +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:200c8aaeff3588ef5434a957ac2e84d80a4833127035918080074353934b8e30 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 5f91262d1bc637e3773059f684e8523d486652c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Aug 2023 01:15:27 +0000 Subject: [PATCH 011/165] build(deps): bump actions/checkout from 3.5.3 to 3.6.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.3...v3.6.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 4 ++-- .github/workflows/ci-publish.yaml | 4 ++-- .github/workflows/ci-release.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/dependency-review.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index f701536a5..9e839d31a 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set up NodeJs uses: actions/setup-node@v3.7.0 @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index 5285abf66..8754f2949 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -20,7 +20,7 @@ jobs: fi - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Parse Version from package.json id: parse @@ -46,7 +46,7 @@ jobs: - call-build steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index bc6682e67..9aeaa6183 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set up NodeJs uses: actions/setup-node@v3.7.0 diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index a78347682..8f619f854 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 10ddeeeca..844814a98 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Dependency Review uses: actions/dependency-review-action@v3 From 08a5947e9b1b4bbdc3a1a1b92d66747231936317 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 01:31:49 +0000 Subject: [PATCH 012/165] build(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.9.1 to 2.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2.9.1...v2.10.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index f701536a5..52cd6ecb5 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -79,7 +79,7 @@ jobs: uses: docker/setup-qemu-action@v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.9.1 + uses: docker/setup-buildx-action@v2.10.0 id: buildx with: install: true From 06ed5270f6b69c21efc1047cd07cc6f3f3c62611 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Aug 2023 02:00:10 +0000 Subject: [PATCH 013/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `200c8aa` to `1cf077e`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 102b8bb9c..4d39f8cea 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:200c8aaeff3588ef5434a957ac2e84d80a4833127035918080074353934b8e30 +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:1cf077e4fe1356a0f953d5d50a573869c89b2284d0fa49ccc6e9f4df699fdacf # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From d729195e97556e2b0bca319c9a200b6ececd50ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 01:23:18 +0000 Subject: [PATCH 014/165] build(deps): bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.11.2 to 0.12.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.11.2...0.12.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 817928403..4389c38a4 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -116,7 +116,7 @@ jobs: - name: Run Trivy Vulnerability Scanner if: ${{ inputs.publish-container }} - uses: aquasecurity/trivy-action@0.11.2 + uses: aquasecurity/trivy-action@0.12.0 with: image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }} format: 'sarif' From f3a99c7587bb5d99ec9ca988690d669b6c34d66f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 01:47:06 +0000 Subject: [PATCH 015/165] build(deps): bump actions/checkout from 3.6.0 to 4.0.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.6.0...v4.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 4 ++-- .github/workflows/ci-publish.yaml | 4 ++-- .github/workflows/ci-release.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/dependency-review.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 817928403..6a9190017 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Set up NodeJs uses: actions/setup-node@v3.8.1 @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index 8754f2949..b410d106d 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -20,7 +20,7 @@ jobs: fi - name: Checkout Repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Parse Version from package.json id: parse @@ -46,7 +46,7 @@ jobs: - call-build steps: - name: Checkout Repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index b750d341a..e426819cc 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Set up NodeJs uses: actions/setup-node@v3.8.1 diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 8f619f854..15becd3b1 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 844814a98..1b289efd9 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Dependency Review uses: actions/dependency-review-action@v3 From f41c7839f2f394a41d7528bcac220af75f93ccfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Sep 2023 01:22:05 +0000 Subject: [PATCH 016/165] build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 817928403..7e8c6bb58 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -54,7 +54,7 @@ jobs: npm run build --if-present - name: Upload Artifacts - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: assembled-frontend-node${{ matrix.node-version }} path: |- From a81ff025e54ada02acf945080de29a6d8f07badf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 01:09:21 +0000 Subject: [PATCH 017/165] build(deps-dev): bump uuid from 7.0.3 to 9.0.1 Bumps [uuid](https://github.com/uuidjs/uuid) from 7.0.3 to 9.0.1. - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v7.0.3...v9.0.1) --- updated-dependencies: - dependency-name: uuid dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package-lock.json | 18 +++++++++++------- package.json | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5650129ec..81b92298c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -66,7 +66,7 @@ "https-proxy-agent": "2.2.4", "sass": "1.49.7", "sass-loader": "8.0.2", - "uuid": "7.0.3", + "uuid": "9.0.1", "vue-template-compiler": "2.6.14" }, "engines": { @@ -18077,10 +18077,14 @@ } }, "node_modules/uuid": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz", - "integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg==", + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", "dev": true, + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], "bin": { "uuid": "dist/bin/uuid" } @@ -33754,9 +33758,9 @@ "dev": true }, "uuid": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz", - "integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg==", + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", "dev": true }, "validate-npm-package-license": { diff --git a/package.json b/package.json index 68565cd46..293141160 100644 --- a/package.json +++ b/package.json @@ -75,7 +75,7 @@ "https-proxy-agent": "2.2.4", "sass": "1.49.7", "sass-loader": "8.0.2", - "uuid": "7.0.3", + "uuid": "9.0.1", "vue-template-compiler": "2.6.14" }, "overrides": { From 88b70b1d3861f0ee17e456089b518c36d9177969 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 01:10:03 +0000 Subject: [PATCH 018/165] build(deps): bump docker/setup-buildx-action from 2.10.0 to 3.0.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.10.0 to 3.0.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2.10.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 817928403..5673d67ac 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -79,7 +79,7 @@ jobs: uses: docker/setup-qemu-action@v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.10.0 + uses: docker/setup-buildx-action@v3.0.0 id: buildx with: install: true From cedc68893829a384d1f2cf0c8ee27b585742e3c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 01:10:10 +0000 Subject: [PATCH 019/165] build(deps): bump docker/build-push-action from 4.1.1 to 5.0.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.1 to 5.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4.1.1...v5.0.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 817928403..8be2918f1 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -103,7 +103,7 @@ jobs: echo "tags=${TAGS}" >> $GITHUB_OUTPUT - name: Build multi-arch Container Image - uses: docker/build-push-action@v4.1.1 + uses: docker/build-push-action@v5.0.0 with: tags: ${{ steps.tags.outputs.tags }} build-args: |- From 0ce766db26d3427c112ab447bf0a02d25412d079 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 01:29:32 +0000 Subject: [PATCH 020/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `1cf077e` to `d1451a6`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 4d39f8cea..ca192e674 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:1cf077e4fe1356a0f953d5d50a573869c89b2284d0fa49ccc6e9f4df699fdacf +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:d1451a619989600ce745b569e548c1d055d08ef9255ad16517263665376f518c # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 20c5c740a8df3b82432f9c07bb3d8eafdccd6484 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 01:58:08 +0000 Subject: [PATCH 021/165] build(deps): bump docker/setup-qemu-action from 2.2.0 to 3.0.0 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.2.0 to 3.0.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 98720df89..01d05b7a0 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -76,7 +76,7 @@ jobs: name: assembled-frontend-node${{ inputs.node-version-package }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2.2.0 + uses: docker/setup-qemu-action@v3.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3.0.0 From 6e25d62affcf1e208463943399ecbc25c86a7bfa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 01:58:11 +0000 Subject: [PATCH 022/165] build(deps): bump docker/login-action from 2.2.0 to 3.0.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 2.2.0 to 3.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2.2.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 98720df89..7b7b6bf7b 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -85,7 +85,7 @@ jobs: install: true - name: Login to Docker.io - uses: docker/login-action@v2.2.0 + uses: docker/login-action@v3.0.0 if: ${{ inputs.publish-container }} with: registry: docker.io From 649294c0aa6ed8767a896ad7eb4352d3e1d34cd0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 01:58:15 +0000 Subject: [PATCH 023/165] build(deps): bump actions/checkout from 4.0.0 to 4.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 4 ++-- .github/workflows/ci-publish.yaml | 4 ++-- .github/workflows/ci-release.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/dependency-review.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 98720df89..15a5ad299 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Set up NodeJs uses: actions/setup-node@v3.8.1 @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index b410d106d..ddd49615f 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -20,7 +20,7 @@ jobs: fi - name: Checkout Repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Parse Version from package.json id: parse @@ -46,7 +46,7 @@ jobs: - call-build steps: - name: Checkout Repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index e426819cc..d322300f0 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Set up NodeJs uses: actions/setup-node@v3.8.1 diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 15becd3b1..a62e0bdc5 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 1b289efd9..511c1eec1 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Dependency Review uses: actions/dependency-review-action@v3 From 8b3a1b33556a3bbfa37c3c0355f2c3f920c230d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Sep 2023 02:00:25 +0000 Subject: [PATCH 024/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `d1451a6` to `0ff517f`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index ca192e674..d66409c87 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:d1451a619989600ce745b569e548c1d055d08ef9255ad16517263665376f518c +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:0ff517fdfa1b15687c065a5a4823dc829850cd4468791d3a90dd3160ef1e3965 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From c80557dc3554115a8649d92e21f5b83d8e848b5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 01:10:37 +0000 Subject: [PATCH 025/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `0ff517f` to `bddf6a6`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index d66409c87..fd662ea41 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:0ff517fdfa1b15687c065a5a4823dc829850cd4468791d3a90dd3160ef1e3965 +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:bddf6a61f1b8609652c60f77fbe011e0465547e58bd9c1e771a1662c94d87126 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 52102c5b85ab655d85e24496aadb93b45d236412 Mon Sep 17 00:00:00 2001 From: Sahiba Mittal Date: Fri, 6 Oct 2023 14:19:58 +0100 Subject: [PATCH 026/165] Update CreatePolicyModal.vue Signed-off-by: Sahiba Mittal --- src/views/policy/CreatePolicyModal.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/policy/CreatePolicyModal.vue b/src/views/policy/CreatePolicyModal.vue index aecb11da7..21bc099f2 100644 --- a/src/views/policy/CreatePolicyModal.vue +++ b/src/views/policy/CreatePolicyModal.vue @@ -37,7 +37,7 @@ }).then((response) => { this.$root.$emit('bv::hide::modal', 'createPolicyModal'); this.$emit('refreshTable'); - this.$toastr.s(this.$t('message.project_created')); + this.$toastr.s(this.$t('message.policy_created')); }).catch((error) => { this.$toastr.w(this.$t('condition.unsuccessful_action')); }).finally(() => { From 9061c0c6324b44a80861e94edf8953bb2de2d488 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 01:53:49 +0000 Subject: [PATCH 027/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `bddf6a6` to `e88307e`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index fd662ea41..dcb4a1f0f 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:bddf6a61f1b8609652c60f77fbe011e0465547e58bd9c1e771a1662c94d87126 +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:e88307e503e3805876f25f3ca55d185d8c8ad85aa4613576e964a222af85e23b # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From d489224b0628c8f8c9f6f8bc6233320aa2b31612 Mon Sep 17 00:00:00 2001 From: nscuro Date: Wed, 11 Oct 2023 23:16:57 +0200 Subject: [PATCH 028/165] Fix outdated indicator not being displayed in dependency graph Regression introduced in #455 Signed-off-by: nscuro --- src/views/portfolio/projects/ProjectDependencyGraph.vue | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/views/portfolio/projects/ProjectDependencyGraph.vue b/src/views/portfolio/projects/ProjectDependencyGraph.vue index 0de8a1b34..2989b5ae5 100644 --- a/src/views/portfolio/projects/ProjectDependencyGraph.vue +++ b/src/views/portfolio/projects/ProjectDependencyGraph.vue @@ -334,11 +334,13 @@ export default { let dependencies = [...data]; if (dependencies.length > 0) { for (let dependency of dependencies) { - if (dependency && dependency.directDependencies) { + if (dependency) { let treeNode = treeNodeMap.get(dependency.uuid); treeNode.latestVersion = dependency.latestVersion; - let jsonObject = JSON.parse(dependency.directDependencies); - this.$set(treeNode, 'children', this.transformDependenciesToOrgTree(jsonObject, false, treeNode, dependency.uuid, "COMPONENT")); + if (dependency.directDependencies) { + let jsonObject = JSON.parse(dependency.directDependencies); + this.$set(treeNode, 'children', this.transformDependenciesToOrgTree(jsonObject, false, treeNode, dependency.uuid, "COMPONENT")); + } } } } From 4b64ac55af08590b8bb07c68db91a91a11f83ab4 Mon Sep 17 00:00:00 2001 From: Nikemare <102925451+Nikemare@users.noreply.github.com> Date: Sun, 15 Oct 2023 22:22:40 +0200 Subject: [PATCH 029/165] Hide default login form when OIDC available Resolve #429 Signed-off-by: Nikemare <102925451+Nikemare@users.noreply.github.com> --- src/i18n/locales/en.json | 1 + src/views/pages/Login.vue | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index 1713486c0..cc4a21c49 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -5,6 +5,7 @@ "login_desc": "Sign In to your account", "login_unauthorized": "Invalid username or password", "login_forbidden": "This account is inactive or has been suspended", + "login_more_options": "More options", "password_force_change": "Update Password", "password_force_change_desc": "You need to change your password", "password_change": "Change password", diff --git a/src/views/pages/Login.vue b/src/views/pages/Login.vue index c66473142..2b3662914 100644 --- a/src/views/pages/Login.vue +++ b/src/views/pages/Login.vue @@ -21,6 +21,7 @@ v-model="input.username" autofocus="true" lazy="true" + v-show="showLoginForm" /> - - + + {{ $t('message.login') }} - + {{ oidcLoginButtonText() }} OpenID Logo + {{ $t('message.login_more_options') }} @@ -102,7 +108,8 @@ export default { response_type: this.$oidc.FLOW === "implicit" ? "token id_token" : "code", scope: this.$oidc.SCOPE, loadUserInfo: false - }) + }), + showLoginForm: false }; }, methods: { @@ -187,6 +194,7 @@ export default { this.checkOidcAvailability() .then(oidcAvailable => { this.oidcAvailable = oidcAvailable; + this.showLoginForm = !oidcAvailable; if (!oidcAvailable) { return; @@ -235,6 +243,8 @@ export default { }); }) .catch(err => { + // automatic fallback to login form when oidc availability check failed + this.showLoginForm = true; this.$toastr.e(this.$t("message.oidc_availability_check_failed")); }); } From 2ffd56be32d002aa72477a2a49fcb88f6b951ea5 Mon Sep 17 00:00:00 2001 From: dependencytrack-bot <106437498+dependencytrack-bot@users.noreply.github.com> Date: Mon, 16 Oct 2023 18:26:50 +0000 Subject: [PATCH 030/165] prepare-release: set version to 4.9.0 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5650129ec..7e7ac21eb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@dependencytrack/frontend", - "version": "4.8.0", + "version": "4.9.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@dependencytrack/frontend", - "version": "4.8.0", + "version": "4.9.0", "license": "Apache-2.0", "dependencies": { "@coreui/coreui": "2.1.16", diff --git a/package.json b/package.json index 68565cd46..ee4d42576 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@dependencytrack/frontend", - "version": "4.8.0", + "version": "4.9.0", "description": "Single Page Application for OWASP Dependency-Track", "author": "Steve Springett", "homepage": "https://dependencytrack.org/", From dc9dec49f31fe180d5b47e20233d9a945e67c551 Mon Sep 17 00:00:00 2001 From: Niklas Date: Mon, 16 Oct 2023 20:46:52 +0200 Subject: [PATCH 031/165] Fix name of build artifact With the Node version having changed to 18, the old name including version 16 is no longer valid. The name should be dynamic, but fixing this now to prevent future builds from failing. Signed-off-by: Niklas --- .github/workflows/ci-publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index ddd49615f..3aa143d53 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -51,7 +51,7 @@ jobs: - name: Download Artifacts uses: actions/download-artifact@v3.0.2 with: - name: assembled-frontend-node16 + name: assembled-frontend-node18 - name: Create Checksums run: |- From b840950e9c67ddea581b506db69369f52b26d820 Mon Sep 17 00:00:00 2001 From: Nikemare <102925451+Nikemare@users.noreply.github.com> Date: Mon, 16 Oct 2023 21:39:41 +0200 Subject: [PATCH 032/165] Changed input validation on login form to passive Fixes #585 In BValidatedInputGroupFormInput mode of validation-provider will automatically fallback to default mode 'aggressive' if no mode is specified. Signed-off-by: Nikemare <102925451+Nikemare@users.noreply.github.com> --- src/forms/BValidatedInputGroupFormInput.vue | 3 ++- src/views/pages/Login.vue | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/forms/BValidatedInputGroupFormInput.vue b/src/forms/BValidatedInputGroupFormInput.vue index 16f97b222..71941414f 100644 --- a/src/forms/BValidatedInputGroupFormInput.vue +++ b/src/forms/BValidatedInputGroupFormInput.vue @@ -1,5 +1,5 @@ @@ -64,78 +64,72 @@ export default { dataOn: '\u2713', dataOff: '\u2715' }, + searchedComponentUuids: {} } }, watch: { project: async function (newVal, oldVal) { - if (this.$route.params.componentUuid) { - if (this.project && this.project.directDependencies) { - this.$emit('total', 1); - this.loading = true - let url = `${this.$api.BASE_URL}/${this.$api.URL_COMPONENT}/project/${this.project.uuid}/dependencyGraph/${this.$route.params.componentUuid}` - this.axios.get(url).then(response => { - if (response.data && Object.keys(response.data).length > 0){ - this.notFound = false - this.response = response - this.data = { - id: this.nodeId, - label: this.createNodeLabel(this.project), - objectType: "PROJECT", - children: this.transformDependenciesToOrgTreeWithSearchedDependency(this.response.data, {gatheredKeys: []}, !this.showCompleteGraph), - fetchedChildren: true, - expand: true - } - this.loading = false - new Promise(resolve => setTimeout(resolve, 50)).then(() => { - document.getElementsByClassName("searched").item(0).scrollIntoView({ - behavior: "smooth", - inline: "center", - block: "center" - }) - }) - } else { - this.$route.query.dependencyGraph = null - this.notFound = true - this.data = { - id: this.nodeId, - label: this.createNodeLabel(this.project), - objectType: "PROJECT", - children: this.transformDependenciesToOrgTree(JSON.parse(this.project.directDependencies), true, {gatheredKeys: []}, this.project.uuid, "PROJECT"), - fetchedChildren: true - } - this.loading = false - } + // prepare base object + const data = { + id: this.nodeId, + label: this.createNodeLabel(this.project), + objectType: "PROJECT" + } + // do not assign data to this.data yet, otherwise tree breaks :( + + // project has no tree data + if (!this.project || !this.project.directDependencies) { + this.$emit('total', 0); + this.data = data; + return; + } + + // tree available, populate common info + this.$emit('total', 1); + data.fetchedChildren = true; + + // full tree, not searching components + if(!this.$route.params.componentUuids) { + data.children = this.transformDependenciesToOrgTree(JSON.parse(this.project.directDependencies), true, {gatheredKeys: []}, this.project.uuid, "PROJECT"); + this.data = data; + return; + } + + // tree with component search active + this.createSearchedComponentLookupTable(this.$route.params.componentUuids); + this.loading = true + let url = `${this.$api.BASE_URL}/${this.$api.URL_COMPONENT}/project/${this.project.uuid}/dependencyGraph/${this.$route.params.componentUuids}` + this.axios.get(url).then(response => { + if (response.data && Object.keys(response.data).length > 0){ + this.notFound = false + this.response = response + + data.children = this.transformDependenciesToOrgTreeWithSearchedDependency(this.response.data, {gatheredKeys: []}, !this.showCompleteGraph); + data.expand = true; + this.data = data; + + this.loading = false + new Promise(resolve => setTimeout(resolve, 50)).then(() => { + const firstSearched = document.getElementsByClassName("searched").item(0); + firstSearched && firstSearched.scrollIntoView({ + behavior: "smooth", + inline: "center", + block: "center" + }); + !firstSearched && console.warn('Failed to locate first searched component in tree'); }) } else { - this.$emit('total', 0); - this.data = { - id: this.nodeId, - label: this.createNodeLabel(this.project), - objectType: "PROJECT", - } - } - } else { - if (this.project && this.project.directDependencies) { - this.$emit('total', 1); - this.data = { - id: this.nodeId, - label: this.createNodeLabel(this.project), - objectType: "PROJECT", - children: this.transformDependenciesToOrgTree(JSON.parse(this.project.directDependencies), true, {gatheredKeys: []}, this.project.uuid, "PROJECT"), - fetchedChildren: true - } - } else { - this.$emit('total', 0); - this.data = { - id: this.nodeId, - label: this.createNodeLabel(this.project), - objectType: "PROJECT", - } + this.$route.query.dependencyGraph = null + this.notFound = true + data.children = this.transformDependenciesToOrgTree(JSON.parse(this.project.directDependencies), true, {gatheredKeys: []}, this.project.uuid, "PROJECT"); + this.loading = false + + this.data = data; } - } + }); }, showCompleteGraph: function () { - if (this.$route.params.componentUuid && localStorage) { + if (this.$route.params.componentUuids && localStorage) { localStorage.setItem("ProjectDependencyGraphShowCompleteGraph", this.showCompleteGraph.toString()); } if (this.showCompleteGraph) { @@ -145,9 +139,9 @@ export default { objectType: "PROJECT", children: this.transformDependenciesToOrgTreeWithSearchedDependency(this.response.data, {gatheredKeys: []}, false), fetchedChildren: true, - expand: !!this.$route.params.componentUuid + expand: !!this.$route.params.componentUuids } - if (this.$route.params.componentUuid) { + if (this.$route.params.componentUuids) { new Promise(resolve => setTimeout(resolve, 50)).then(() => { document.getElementsByClassName("searched").item(0).scrollIntoView({ behavior: "smooth", @@ -173,13 +167,15 @@ export default { } }, $route: function (to, from) { - if (!to.params.componentUuid && from.params.componentUuid) { + if (!to.params.componentUuids && from.params.componentUuids) { this.showCompleteGraph = true this.collapse(this.data.children) this.data.expand = false - } else if (to.params.componentUuid && !from.params.componentUuid) { + } else if (to.params.componentUuids && !from.params.componentUuids) { this.showCompleteGraph = (localStorage && localStorage.getItem("ProjectDependencyGraphShowCompleteGraph") !== null) ? (localStorage.getItem("ProjectDependencyGraphShowCompleteGraph") === "true") : false; } + // build map of searched components for later fast lookup + this.createSearchedComponentLookupTable(to.params.componentUuids); } }, methods: { @@ -255,11 +251,11 @@ export default { if (dependencies) { let directDependencies = JSON.parse(this.project.directDependencies) directDependencies.forEach((directDependency) => { - if (dependencies[directDependency.uuid] && (!onlySearched || (onlySearched && (dependencies[directDependency.uuid].expandDependencyGraph || directDependency.uuid === this.$route.params.componentUuid)))) { - let childNode = this.transformDependencyToOrgTreeWithSearchedDependency(dependencies[directDependency.uuid]) + if (dependencies[directDependency.uuid] && (!onlySearched || (dependencies[directDependency.uuid].expandDependencyGraph || this.searchedComponentUuids[directDependency.uuid]))) { + let childNode = this.transformDependencyToOrgTree(dependencies[directDependency.uuid]) childNode.gatheredKeys.push(childNode.label) children.push(childNode) - if (onlySearched && directDependency.uuid === this.$route.params.componentUuid) { + if (onlySearched && this.searchedComponentUuids[directDependency.uuid]) { this.$set(childNode, 'children', this.getChildrenFromDependencyWithSearchedDependency(dependencies, dependencies[directDependency.uuid], childNode, false)) } else { this.$set(childNode, 'children', this.getChildrenFromDependencyWithSearchedDependency(dependencies, dependencies[directDependency.uuid], childNode, onlySearched)) @@ -273,15 +269,15 @@ export default { let children = [] if (component.dependencyGraph) { component.dependencyGraph.forEach((dependency) => { - if (dependencies[dependency] && (!onlySearched || (onlySearched && (dependencies[dependency].expandDependencyGraph || dependency === this.$route.params.componentUuid)))) { - let childNode = this.transformDependencyToOrgTreeWithSearchedDependency(dependencies[dependency]) + if (dependencies[dependency] && (!onlySearched || (dependencies[dependency].expandDependencyGraph || this.searchedComponentUuids[dependency] !== -1))) { + let childNode = this.transformDependencyToOrgTree(dependencies[dependency]) for (const gatheredKey of treeNode.gatheredKeys) { childNode.gatheredKeys.push(gatheredKey) } if (!childNode.gatheredKeys.some(gatheredKey => gatheredKey === childNode.label)) { childNode.gatheredKeys.push(childNode.label) children.push(childNode) - if (onlySearched && dependency === this.$route.params.componentUuid) { + if (onlySearched && this.searchedComponentUuids[dependency]) { this.$set(childNode, 'children', this.getChildrenFromDependencyWithSearchedDependency(dependencies, dependencies[dependency], childNode, false)) this.collapse(childNode.children) } else { @@ -299,25 +295,13 @@ export default { id: this.nodeId, label: this.createNodeLabel(dependency), version: dependency.version, - objectType: dependency.objectType, - uuid: dependency.uuid, - fetchedChildren: false, - gatheredKeys: [] - } - }, - transformDependencyToOrgTreeWithSearchedDependency: function(dependency) { - this.nodeId++; - return { - id: this.nodeId, - label: this.createNodeLabel(dependency), - version: dependency.version, - objectType: "COMPONENT", + objectType: dependency.objectType || "COMPONENT", uuid: dependency.uuid, - fetchedChildren: dependency.expandDependencyGraph, + fetchedChildren: !!dependency.expandDependencyGraph, gatheredKeys: [], - expand: dependency.expandDependencyGraph, - latestVersion: dependency.latestVersion - } + expand: !!dependency.expandDependencyGraph, + latestVersion: dependency.latestVersion || dependency.repositoryMeta?.latestVersion + }; }, getChildrens: function (treeNodes, parentUuid, objectType) { let dependenciesFunc = async () => { @@ -376,11 +360,10 @@ export default { } }, labelClassName: function(data) { - if (this.$route.params.componentUuid && data.uuid === this.$route.params.componentUuid) { + if(this.$route.params.componentUuids && this.searchedComponentUuids[data.uuid]) { return 'clickable-node searched' - } else { - return 'clickable-node' } + return 'clickable-node' }, renderContent: function(h, data) { if (this.highlightOutdatedComponents && data.version && data.latestVersion && data.latestVersion !== data.version) { @@ -398,7 +381,7 @@ export default { data.fetchedChildren = true e.target.style.cursor = "pointer" this.$set(data, 'expand', true) - } else { + } else { if ('expand' in data) { data.expand = !data.expand if (!data.expand && data.children) { @@ -410,7 +393,6 @@ export default { } }, onNodeClick: function(e, data) { - //console.log('onNodeClick: %o', data) this.$set(data, 'selectedKey', !data.selectedKey) if (data.objectType === 'COMPONENT') { this.$router.push({ path: "/components/" + data.uuid }); @@ -446,103 +428,112 @@ export default { _this.toggleExpand(data.children, val) } } + }, + createSearchedComponentLookupTable: function(componentUuids) { + this.searchedComponentUuids = {}; + if(componentUuids) { + componentUuids.split('|').forEach((uuid) => { + this.searchedComponentUuids[uuid] = true; + }); + } + return this.searchedComponentUuids; } } }; diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index d8c22a803..b1d32aba4 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -27,9 +27,19 @@ field: "name", sortable: true, formatter: (value, row, index) => { - let url = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid + "/findings/" + row.affectedComponent + "/" + this.vulnerability); - let dependencyGraphUrl = xssFilters.uriInUnQuotedAttr("../../../projects/" + row.uuid + "/dependencyGraph/" + row.affectedComponent) - return row.directDependencies ? ` ` + `${xssFilters.inHTMLData(value)}` : `${xssFilters.inHTMLData(value)}`; + const url = this.$router.resolve({name: 'Project Finding Lookup', + params: {'uuid': row.uuid, affectedComponent: row.affectedComponentUuids[0], + vulnerability:this.vulnerability}}).href; + + let html = `${xssFilters.inHTMLData(value)}`; + if(row.dependencyGraphAvailable) { + const dependencyGraphUrl = this.$router.resolve({name: 'Dependency Graph Component Lookup', + params: {'uuid': row.uuid, + componentUuids: row.affectedComponentUuids.join('|')}}).href; + html = ` ` + html + } + + return html; } }, { From 029924ff5e83ad8f4d9c900fe35b3164b3e676ba Mon Sep 17 00:00:00 2001 From: Ralf King Date: Sun, 10 Dec 2023 19:46:13 +0100 Subject: [PATCH 085/165] Encode URI parameter Signed-off-by: Ralf King --- src/views/portfolio/projects/ProjectDependencyGraph.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/portfolio/projects/ProjectDependencyGraph.vue b/src/views/portfolio/projects/ProjectDependencyGraph.vue index efb12751e..38bd87326 100644 --- a/src/views/portfolio/projects/ProjectDependencyGraph.vue +++ b/src/views/portfolio/projects/ProjectDependencyGraph.vue @@ -98,7 +98,7 @@ export default { // tree with component search active this.createSearchedComponentLookupTable(this.$route.params.componentUuids); this.loading = true - let url = `${this.$api.BASE_URL}/${this.$api.URL_COMPONENT}/project/${this.project.uuid}/dependencyGraph/${this.$route.params.componentUuids}` + let url = `${this.$api.BASE_URL}/${this.$api.URL_COMPONENT}/project/${this.project.uuid}/dependencyGraph/${encodeURIComponent(this.$route.params.componentUuids)}` this.axios.get(url).then(response => { if (response.data && Object.keys(response.data).length > 0){ this.notFound = false From 2206563c0b55b07a4b13bb774dd0d08494e74bfd Mon Sep 17 00:00:00 2001 From: Ralf King Date: Sun, 10 Dec 2023 20:02:09 +0100 Subject: [PATCH 086/165] When opening Project findings for vulnerability, show all affected components instead of only one. Signed-off-by: Ralf King --- src/router/index.js | 3 +-- src/views/portfolio/projects/ProjectFindings.vue | 4 ++-- src/views/portfolio/vulnerabilities/AffectedProjects.vue | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/router/index.js b/src/router/index.js index 00a94667b..8f8c76c15 100644 --- a/src/router/index.js +++ b/src/router/index.js @@ -131,11 +131,10 @@ function configRoutes() { } }, { - path: 'projects/:uuid/findings/:affectedComponent/:vulnerability', + path: 'projects/:uuid/findings/:vulnerability', name: 'Project Finding Lookup', props: (route) => ( { uuid: route.params.uuid, - affectedComponent: route.params.componentUuid, vulnerability: route.params.vulnerability } ), component: Project, diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue index 5b0132b23..6f342ea17 100644 --- a/src/views/portfolio/projects/ProjectFindings.vue +++ b/src/views/portfolio/projects/ProjectFindings.vue @@ -239,7 +239,7 @@ import common from "../../../shared/common"; pageSize: (localStorage && localStorage.getItem("ProjectFindingsPageSize") !== null) ? Number(localStorage.getItem("ProjectFindingsPageSize")) : 10, sortName: (localStorage && localStorage.getItem("ProjectFindingsSortName") !== null) ? localStorage.getItem("ProjectFindingsSortName") : undefined, sortOrder: (localStorage && localStorage.getItem("ProjectFindingsSortOrder") !== null) ? localStorage.getItem("ProjectFindingsSortOrder") : undefined, - searchText: (this.$route.params.affectedComponent && this.$route.params.vulnerability) ? this.$route.params.uuid + ":" + this.$route.params.affectedComponent + ":" + this.$route.params.vulnerability : undefined, + searchText: this.$route.params.vulnerability ? ":" + this.$route.params.vulnerability : undefined, icons: { detailOpen: 'fa-fw fa-angle-right', detailClose: 'fa-fw fa-angle-down', @@ -565,7 +565,7 @@ import common from "../../../shared/common"; tableLoaded: function(data) { loadUserPreferencesForBootstrapTable(this, "ProjectFindings", this.$refs.table.columns); this.$emit('total', data.total); - if (this.$route.params.affectedComponent && this.$route.params.vulnerability) { + if (this.$route.params.vulnerability) { this.$refs.table.expandRow(0); } }, diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index b1d32aba4..1e782f97c 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -28,8 +28,7 @@ sortable: true, formatter: (value, row, index) => { const url = this.$router.resolve({name: 'Project Finding Lookup', - params: {'uuid': row.uuid, affectedComponent: row.affectedComponentUuids[0], - vulnerability:this.vulnerability}}).href; + params: {'uuid': row.uuid, vulnerability:this.vulnerability}}).href; let html = `${xssFilters.inHTMLData(value)}`; if(row.dependencyGraphAvailable) { From 2cab0c4f74c67043bc4057af4bdd6a9dfd19e0a3 Mon Sep 17 00:00:00 2001 From: Ralf King Date: Sun, 10 Dec 2023 20:05:58 +0100 Subject: [PATCH 087/165] Fix unnecessary codestyle issue Signed-off-by: Ralf King --- src/views/portfolio/vulnerabilities/AffectedProjects.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index 1e782f97c..9e36900ce 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -26,7 +26,7 @@ title: this.$t('message.name'), field: "name", sortable: true, - formatter: (value, row, index) => { + formatter: (value, row) => { const url = this.$router.resolve({name: 'Project Finding Lookup', params: {'uuid': row.uuid, vulnerability:this.vulnerability}}).href; From d08bfa2baae917071fdc6736878beb62fbdc35d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 01:30:26 +0000 Subject: [PATCH 088/165] build(deps): bump aquasecurity/trivy-action from 0.15.0 to 0.16.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.15.0 to 0.16.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.15.0...0.16.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 8a60a3952..74879802d 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -116,7 +116,7 @@ jobs: - name: Run Trivy Vulnerability Scanner if: ${{ inputs.publish-container }} - uses: aquasecurity/trivy-action@0.15.0 + uses: aquasecurity/trivy-action@0.16.0 with: image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }} format: 'sarif' From c675bf6c6d206af65fd0cb6d8755a3abae449267 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 01:50:07 +0000 Subject: [PATCH 089/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `f084834` to `1e29add`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 7883c2276..cee07c544 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:f0848346a29a96f7e4dfe828ece3ae53675607b4048d5bc5f2375f1eb31966c4 +FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:1e29add3cbd3c5684200a9e2b1cc6a02f34285c3dbae20c4f242ff04099f9bbc # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 8f79763c1357dfd7fb609a709ed85488c6df58c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 01:27:05 +0000 Subject: [PATCH 090/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `1e29add` to `fa82525`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index cee07c544..60bc55ee6 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:1e29add3cbd3c5684200a9e2b1cc6a02f34285c3dbae20c4f242ff04099f9bbc +FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:fa82525b9e33387b17d560ea9a40b1bdcb1816df55af7a7597ebfb55f2a8c56b # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 9c890f5302c5fbf5d6c0dcd1589f7f8f236d66ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 01:58:37 +0000 Subject: [PATCH 091/165] build(deps): bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 74879802d..9660f45e2 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -126,6 +126,6 @@ jobs: - name: Upload Trivy Scan Results to GitHub Security Tab if: ${{ inputs.publish-container }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 1d7bfea7c..1433cf3af 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -30,7 +30,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -41,7 +41,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -55,4 +55,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 017f1a7c8dc2e9439174808cd0cfcfa2251a8f14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 01:41:46 +0000 Subject: [PATCH 092/165] build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3.1.3...v4.0.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 74879802d..2030a0f8d 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -54,7 +54,7 @@ jobs: npm run build --if-present - name: Upload Artifacts - uses: actions/upload-artifact@v3.1.3 + uses: actions/upload-artifact@v4.0.0 with: name: assembled-frontend-node${{ matrix.node-version }} path: |- From a543dcb7682c9006eade642a800b35e823f508f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 02:02:52 +0000 Subject: [PATCH 093/165] build(deps): bump actions/download-artifact from 3.0.2 to 4.1.0 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.2 to 4.1.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3.0.2...v4.1.0) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/ci-publish.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 74879802d..479c9e7ef 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -71,7 +71,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Download Artifacts - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@v4.1.0 with: name: assembled-frontend-node${{ inputs.node-version-package }} diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index 217762d09..2f1585902 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Download Artifacts - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@v4.1.0 with: name: assembled-frontend-node18 From b20a1c6df7b9b54380fbc6e81922bd7544107e0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 02:02:57 +0000 Subject: [PATCH 094/165] build(deps): bump actions/setup-node from 4.0.0 to 4.0.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/ci-release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index 74879802d..5adcb9570 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Set up NodeJs - uses: actions/setup-node@v4.0.0 + uses: actions/setup-node@v4.0.1 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index 6cbd1c14b..1904f64d7 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Set up NodeJs - uses: actions/setup-node@v4.0.0 + uses: actions/setup-node@v4.0.1 with: node-version: '18' cache: 'npm' From 14381438e8dfc6e15d5fd883ed85d4aa36cd9689 Mon Sep 17 00:00:00 2001 From: mykter Date: Tue, 19 Dec 2023 16:43:58 +0000 Subject: [PATCH 095/165] Use VUE_APP_SERVER_URL Signed-off-by: mykter --- vue.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vue.config.js b/vue.config.js index 709799afb..9cf4b618f 100644 --- a/vue.config.js +++ b/vue.config.js @@ -8,7 +8,7 @@ module.exports = { // Relative paths cannot be supported. Research by @nscur0 - https://owasp.slack.com/archives/CTC03GX9S/p1608400149085400 publicPath: "/", devServer: { - proxy: { "/api": { target: "http://localhost:8080" } } + proxy: { "/api": { target: process.env.VUE_APP_SERVER_URL} } }, configureWebpack: { plugins: [ From 62d5bc8a6c82302010b5d7e6f918ddbcf01f4cc5 Mon Sep 17 00:00:00 2001 From: mykter Date: Tue, 19 Dec 2023 17:33:45 +0000 Subject: [PATCH 096/165] Show component count in project list Signed-off-by: mykter --- src/views/portfolio/projects/ProjectList.vue | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/views/portfolio/projects/ProjectList.vue b/src/views/portfolio/projects/ProjectList.vue index da1eccd2d..2f475eee3 100644 --- a/src/views/portfolio/projects/ProjectList.vue +++ b/src/views/portfolio/projects/ProjectList.vue @@ -244,6 +244,12 @@ import ProjectCreateProjectModal from "./ProjectCreateProjectModal"; align: "center", sortable: true }, + { + title: this.$t('message.components'), + field: "metrics.components", + sortable: true, + visible: false + }, { title: this.$t('message.policy_violations'), field: "metrics", From 2d5defbabe8f6236582ca72088ccc784053eb5be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 01:49:22 +0000 Subject: [PATCH 097/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `fa82525` to `4426351`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 60bc55ee6..0b78a286e 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:fa82525b9e33387b17d560ea9a40b1bdcb1816df55af7a7597ebfb55f2a8c56b +FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:44263514674d812097d902b2192ffb76f651e48ef886e1be38069a74e246c56e # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 970c04ab68c0949395cb0f331be6ac0e188c9aa8 Mon Sep 17 00:00:00 2001 From: mykter Date: Thu, 21 Dec 2023 16:13:46 +0000 Subject: [PATCH 098/165] use unique fields for metrics columns Signed-off-by: mykter --- src/views/portfolio/projects/ProjectList.vue | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/views/portfolio/projects/ProjectList.vue b/src/views/portfolio/projects/ProjectList.vue index 2f475eee3..70d0d8b86 100644 --- a/src/views/portfolio/projects/ProjectList.vue +++ b/src/views/portfolio/projects/ProjectList.vue @@ -252,8 +252,9 @@ import ProjectCreateProjectModal from "./ProjectCreateProjectModal"; }, { title: this.$t('message.policy_violations'), - field: "metrics", - formatter: function (metrics) { + field: "metrics.policyViolationsTotal", // this column uses other fields, but the field id must be unique + formatter: function (_, row) { + let metrics = row.metrics if (typeof metrics === "undefined") { return "-"; // No vulnerability info available } @@ -270,9 +271,10 @@ import ProjectCreateProjectModal from "./ProjectCreateProjectModal"; }, { title: this.$t('message.vulnerabilities'), - field: "metrics", + field: "metrics.vulnerabilities", // this column uses other fields, but the field id must be unique sortable: false, - formatter(metrics, row, index) { + formatter(_, row) { + let metrics = row.metrics if (typeof metrics === "undefined") { return "-"; // No vulnerability info available } From f17ea058673c35e96e71aaa80fb1499f9f1a7292 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Dec 2023 01:55:29 +0000 Subject: [PATCH 099/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `4426351` to `afc98ea`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 0b78a286e..c5777f5b1 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:44263514674d812097d902b2192ffb76f651e48ef886e1be38069a74e246c56e +FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:afc98ead1169e850354e9793e0c8dbd886b0861e7fdabbc33b1fbecad4e86b86 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 74dbc9f002c41f543ae42f55a4e049a72c3f1cf8 Mon Sep 17 00:00:00 2001 From: mykter Date: Tue, 26 Dec 2023 18:35:02 +0000 Subject: [PATCH 100/165] Refactor finding audit detail to SFC Signed-off-by: mykter --- src/views/portfolio/projects/FindingAudit.vue | 246 ++++++++++++++++++ .../portfolio/projects/ProjectFindings.vue | 224 +--------------- vue.config.js | 1 + 3 files changed, 260 insertions(+), 211 deletions(-) create mode 100644 src/views/portfolio/projects/FindingAudit.vue diff --git a/src/views/portfolio/projects/FindingAudit.vue b/src/views/portfolio/projects/FindingAudit.vue new file mode 100644 index 000000000..b3038f944 --- /dev/null +++ b/src/views/portfolio/projects/FindingAudit.vue @@ -0,0 +1,246 @@ + + + \ No newline at end of file diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue index 6f342ea17..de0cbe9fe 100644 --- a/src/views/portfolio/projects/ProjectFindings.vue +++ b/src/views/portfolio/projects/ProjectFindings.vue @@ -59,16 +59,17 @@ From 7a5558a307defa3af9aac59e9bda7a049f6217df Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sun, 28 Jan 2024 11:27:58 -0500 Subject: [PATCH 126/165] refactor(dashboard): use consistent color for suppressed Signed-off-by: Adam Setch --- src/views/Dashboard.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 8bdb5ed5b..82b7bb657 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -171,7 +171,7 @@ - + {{ $t('message.suppressed') }}
{{suppressed}} From dd14a61ed1c8e59cace989e9991c469493512caf Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sun, 28 Jan 2024 11:40:52 -0500 Subject: [PATCH 127/165] refactor(dashboard): set progress colors via scss Signed-off-by: Adam Setch --- src/assets/scss/_custom.scss | 22 ++++++++++++-- src/views/Dashboard.vue | 56 +++++++++--------------------------- 2 files changed, 33 insertions(+), 45 deletions(-) diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss index 4d2ceb832..c145337ce 100644 --- a/src/assets/scss/_custom.scss +++ b/src/assets/scss/_custom.scss @@ -11,21 +11,39 @@ html { } .severity-critical, .status-failed { color: $severity-critical; + .progress-bar { + background-color: $severity-critical; + } } .severity-high { color:$severity-high; + .progress-bar { + background-color: $severity-high; + } } .severity-medium, .status-warning { color: $severity-medium; + .progress-bar { + background-color: $severity-medium; + } } .severity-low, .status-passed { color: $severity-low; + .progress-bar { + background-color: $severity-low; + } } -.severity-info { +.severity-info, .status-info { color: $severity-info; + .progress-bar { + background-color: $severity-info; + } } .severity-unassigned { color: $severity-unassigned; + .progress-bar { + background-color: $severity-unassigned; + } } // Fixes the width for the bootstrap progress bar in tables .table-progress { @@ -469,4 +487,4 @@ td a.detail-icon { .keep-together { display: inline; white-space: nowrap; -} \ No newline at end of file +} diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 8bdb5ed5b..f37b1d3cf 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -18,22 +18,22 @@
{{ $t('message.vulnerable_projects') }}
{{vulnerableProjects}} ({{vulnerableProjectPercent}}%) - +
{{ $t('message.violations_audited') }}
{{auditedViolations}} ({{auditedViolationsPercent}}%) - +
{{ $t('message.vulnerable_components') }}
{{vulnerableComponents}} ({{vulnerableComponentPercent}}%) - +
{{ $t('message.findings_audited') }}
{{auditedFindings}} ({{auditedFindingPercent}}%) - + @@ -53,49 +53,19 @@
-
- {{ $t("policy_violation.fails") }} -
- {{ failViolations }} ({{ failViolationsPercent }}%) - +
{{ $t("policy_violation.fails") }}
+ {{ failViolations }} ({{ failViolationsPercent }}%) + -
- {{ $t("policy_violation.warns") }} -
- {{ warnViolations }} ({{ warnViolationsPercent }}%) - +
{{ $t("policy_violation.warns") }}
+ {{ warnViolations }} ({{ warnViolationsPercent }}%) + -
- {{ $t("policy_violation.infos") }} -
- {{ infoViolations }} ({{ infoViolationsPercent }}%) - +
{{ $t("policy_violation.infos") }}
+ {{ infoViolations }} ({{ infoViolationsPercent }}%) +
From 00088b6a7b5989543b3c808f5b2684e0ea08c26c Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sun, 28 Jan 2024 17:12:55 -0500 Subject: [PATCH 128/165] refactor(statistics): update portfolio statistics Signed-off-by: Adam Setch --- src/i18n/locales/en.json | 1 + src/views/Dashboard.vue | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index d7d0fafac..40b3df999 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -42,6 +42,7 @@ "inherited_risk_score": "Inherited Risk Score", "risk_score": "Risk Score", "vulnerable_projects": "Vulnerable Projects", + "findings": "Findings", "total_findings": "Total Findings", "findings_audited": "Findings Audited", "auditing_progress": "Auditing Progress", diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index e89263840..c58af8678 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -146,7 +146,7 @@ - + @@ -162,14 +162,30 @@ - + + + + {{ $t('message.portfolio_vulnerabilities') }}
+ {{vulnerabilities}} + + {{ $t('message.policy_violations') }}
{{totalViolations}} + + + + + + + {{ $t('message.findings') }}
+ {{totalFindings}} + + {{ $t('message.suppressed') }}
From 272c65d158b852cc540267ffd46b16ac3f18e3d0 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sun, 28 Jan 2024 17:28:08 -0500 Subject: [PATCH 129/165] refactor(statistics): update portfolio statistics Signed-off-by: Adam Setch --- src/views/Dashboard.vue | 52 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index e32a25e5d..907bf2842 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -124,12 +124,28 @@ {{totalProjects}} + + + {{ $t('message.vulnerable_projects') }}
+ {{vulnerableProjects}} + + + + + + {{ $t('message.components') }}
{{totalComponents}} + + + {{ $t('message.vulnerable_components') }}
+ {{vulnerableComponents}} + + @@ -141,25 +157,43 @@ - + + {{ $t('message.suppressed') }}
+ {{suppressed}} + + + + + + + + + + {{ $t('message.policy_violations') }}
{{totalViolations}} + + + {{ $t('policy_violation.license') }}
+ {{licenseViolations}} + + - {{ $t('message.findings') }}
- {{totalFindings}} + {{ $t('policy_violation.operational') }}
+ {{operationalViolations}} - - {{ $t('message.suppressed') }}
- {{suppressed}} + + {{ $t('policy_violation.security') }}
+ {{securityViolations}} @@ -218,6 +252,9 @@ warnViolationsPercent: 0, infoViolations: 0, infoViolationsPercent: 0, + licenseViolations: 0, + operationalViolations: 0, + securityViolations: 0, vulnerabilities: 0, suppressed: 0, @@ -251,6 +288,9 @@ this.warnViolationsPercent = common.calcProgressPercent(this.totalViolations, this.warnViolations); this.infoViolations = common.valueWithDefault(metric.policyViolationsInfo, "0"); this.infoViolationsPercent = common.calcProgressPercent(this.totalViolations, this.infoViolations); + this.licenseViolations = common.valueWithDefault(metric.policyViolationsLicenseTotal,"0"); + this.operationalViolations = common.valueWithDefault(metric.policyViolationsOperationalTotal,"0"); + this.securityViolations = common.valueWithDefault(metric.policyViolationsSecurityTotal,"0"); this.vulnerabilities = common.valueWithDefault(metric.vulnerabilities, "0"); this.suppressed = common.valueWithDefault(metric.suppressed, "0"); From 5ff3870538f14a9138e4fd09e016d4c098041028 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sun, 28 Jan 2024 17:31:31 -0500 Subject: [PATCH 130/165] refactor(statistics): update portfolio statistics Signed-off-by: Adam Setch --- src/i18n/locales/en.json | 1 - 1 file changed, 1 deletion(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index 40b3df999..d7d0fafac 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -42,7 +42,6 @@ "inherited_risk_score": "Inherited Risk Score", "risk_score": "Risk Score", "vulnerable_projects": "Vulnerable Projects", - "findings": "Findings", "total_findings": "Total Findings", "findings_audited": "Findings Audited", "auditing_progress": "Auditing Progress", From 23c0719dbaf077a94684b812e925a491fa45c52f Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Mon, 29 Jan 2024 07:59:15 -0500 Subject: [PATCH 131/165] feat(dashboard): add vuln / non-vuln footer to projects and components cards Signed-off-by: Adam Setch --- src/assets/scss/_variables.scss | 2 + src/i18n/locales/en.json | 1 + src/views/Dashboard.vue | 44 +++++++++++++++++-- .../ChartComponentVulnerabilities.vue | 4 +- .../dashboard/ChartProjectVulnerabilities.vue | 4 +- 5 files changed, 47 insertions(+), 8 deletions(-) diff --git a/src/assets/scss/_variables.scss b/src/assets/scss/_variables.scss index 2aab8f266..8b06e4f53 100644 --- a/src/assets/scss/_variables.scss +++ b/src/assets/scss/_variables.scss @@ -41,6 +41,7 @@ $severity-label-bg: $grey-900 !default; $notification-fail: $red; $notification-warn: $yellow; $notification-info: $blue; +$notification-note: #777777; // Components // @@ -231,6 +232,7 @@ $recessed: $grey-850; --notification-fail: #{$notification-fail}; --notification-warn: #{$notification-warn}; --notification-info: #{$notification-info}; + --notification-note: #{$notification-note}; --component-active-color: #{$component-active-color}; diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index d7d0fafac..5175f8fa0 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -69,6 +69,7 @@ "fsf_libre": "FSF Libre", "total": "Total", "vulnerable": "Vulnerable", + "non_vulnerable": "Non Vulnerable", "portfolio_statistics": "Portfolio Statistics", "suppress": "Suppress", "suppressed": "Suppressed", diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 06383f12e..7fbe4b107 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -96,6 +96,20 @@ +
+ + +
{{ $t("message.non_vulnerable") }}
+ {{ nonVulnerableProjects }} ({{ nonVulnerableProjectsPercent }}%) + + + +
{{ $t("message.vulnerable") }}
+ {{ vulnerableProjects }} ({{ vulnerableProjectsPercent }}%) + + + +
@@ -108,6 +122,20 @@ +
+ + +
{{ $t("message.non_vulnerable") }}
+ {{ nonVulnerableComponents }} ({{ nonVulnerableComponentsPercent }}%) + + + +
{{ $t("message.vulnerable") }}
+ {{ vulnerableComponents }} ({{ vulnerableComponentsPercent }}%) + + + +
@@ -183,11 +211,15 @@ return { totalProjects: 0, vulnerableProjects: 0, - vulnerableProjectPercent: 0, + vulnerableProjectsPercent: 0, + nonVulnerableProjects: 0, + nonVulnerableProjectsPercent: 0, totalComponents: 0, vulnerableComponents: 0, - vulnerableComponentPercent: 0, + vulnerableComponentsPercent: 0, + nonVulnerableComponents: 0, + nonVulnerableComponentsPercent: 0, totalFindings: 0, auditedFindings: 0, @@ -216,11 +248,15 @@ let metric = metrics[metrics.length - 1]; //Use the most recent metric this.totalProjects = common.valueWithDefault(metric.projects, "0"); this.vulnerableProjects = common.valueWithDefault(metric.vulnerableProjects, "0"); - this.vulnerableProjectPercent = common.calcProgressPercent(this.totalProjects, this.vulnerableProjects); + this.vulnerableProjectsPercent = common.calcProgressPercent(this.totalProjects, this.vulnerableProjects); + this.nonVulnerableProjects = this.totalProjects - this.vulnerableProjects; + this.nonVulnerableProjectsPercent = common.calcProgressPercent(this.totalProjects, this.nonVulnerableProjects); this.totalComponents = common.valueWithDefault(metric.components, "0"); this.vulnerableComponents = common.valueWithDefault(metric.vulnerableComponents, "0"); - this.vulnerableComponentPercent = common.calcProgressPercent(this.totalComponents, this.vulnerableComponents); + this.vulnerableComponentsPercent = common.calcProgressPercent(this.totalComponents, this.vulnerableComponents); + this.nonVulnerableComponents = this.totalComponents - this.vulnerableComponents; + this.nonVulnerableComponentsPercent = common.calcProgressPercent(this.totalComponents, this.nonVulnerableComponents); this.totalFindings = common.valueWithDefault(metric.findingsTotal, "0"); this.auditedFindings = common.valueWithDefault(metric.findingsAudited, "0"); diff --git a/src/views/dashboard/ChartComponentVulnerabilities.vue b/src/views/dashboard/ChartComponentVulnerabilities.vue index dc74be4c5..1ee5727be 100644 --- a/src/views/dashboard/ChartComponentVulnerabilities.vue +++ b/src/views/dashboard/ChartComponentVulnerabilities.vue @@ -11,8 +11,8 @@ }, methods: { render: function(metrics) { - const totalStyle = getStyle('--severity-unassigned'); - const affectedStyle = getStyle('--severity-info'); + const totalStyle = getStyle('--notification-note'); + const affectedStyle = getStyle('--notification-warn'); let labels = []; let totalData = []; diff --git a/src/views/dashboard/ChartProjectVulnerabilities.vue b/src/views/dashboard/ChartProjectVulnerabilities.vue index f56ac6ed1..102a48099 100644 --- a/src/views/dashboard/ChartProjectVulnerabilities.vue +++ b/src/views/dashboard/ChartProjectVulnerabilities.vue @@ -11,8 +11,8 @@ }, methods: { render: function(metrics) { - const totalStyle = getStyle('--severity-unassigned'); - const affectedStyle = getStyle('--severity-info'); + const totalStyle = getStyle('--notification-note'); + const affectedStyle = getStyle('--notification-warn'); let labels = []; let totalData = []; From 2b4b4f2c4e805943132bf17d3a4a8bd7908d3507 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Mon, 29 Jan 2024 08:14:49 -0500 Subject: [PATCH 132/165] feat(dashboard): add vuln / non-vuln footer to projects and components cards Signed-off-by: Adam Setch --- src/assets/scss/_variables.scss | 2 ++ src/views/Dashboard.vue | 8 ++++---- src/views/dashboard/ChartComponentVulnerabilities.vue | 11 +++++++++++ src/views/dashboard/ChartProjectVulnerabilities.vue | 11 +++++++++++ 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/assets/scss/_variables.scss b/src/assets/scss/_variables.scss index 8b06e4f53..f56286ba9 100644 --- a/src/assets/scss/_variables.scss +++ b/src/assets/scss/_variables.scss @@ -41,6 +41,7 @@ $severity-label-bg: $grey-900 !default; $notification-fail: $red; $notification-warn: $yellow; $notification-info: $blue; +$notification-pass: $green; $notification-note: #777777; // Components @@ -232,6 +233,7 @@ $recessed: $grey-850; --notification-fail: #{$notification-fail}; --notification-warn: #{$notification-warn}; --notification-info: #{$notification-info}; + --notification-pass: #{$notification-pass}; --notification-note: #{$notification-note}; --component-active-color: #{$component-active-color}; diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 7fbe4b107..b78ffcb1d 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -17,8 +17,8 @@
{{ $t('message.vulnerable_projects') }}
- {{vulnerableProjects}} ({{vulnerableProjectPercent}}%) - + {{vulnerableProjects}} ({{vulnerableProjectsPercent}}%) +
{{ $t('message.violations_audited') }}
@@ -27,8 +27,8 @@
{{ $t('message.vulnerable_components') }}
- {{vulnerableComponents}} ({{vulnerableComponentPercent}}%) - + {{vulnerableComponents}} ({{vulnerableComponentsPercent}}%) +
{{ $t('message.findings_audited') }}
diff --git a/src/views/dashboard/ChartComponentVulnerabilities.vue b/src/views/dashboard/ChartComponentVulnerabilities.vue index 1ee5727be..fbe6a4b99 100644 --- a/src/views/dashboard/ChartComponentVulnerabilities.vue +++ b/src/views/dashboard/ChartComponentVulnerabilities.vue @@ -13,20 +13,24 @@ render: function(metrics) { const totalStyle = getStyle('--notification-note'); const affectedStyle = getStyle('--notification-warn'); + const nonAffectedStyle = getStyle('--notification-pass'); let labels = []; let totalData = []; let affectedData = []; + let nonAffectedData = []; for (let i = 0; i < metrics.length; i++) { labels.push(common.formatTimestamp(metrics[i].firstOccurrence)); totalData.push(metrics[i].components); affectedData.push(metrics[i].vulnerableComponents); + nonAffectedData.push(metrics[i].components - metrics[i].vulnerableComponents) if (i === metrics.length - 1) { labels.push(common.formatTimestamp(metrics[i].lastOccurrence)); totalData.push(metrics[i].components); affectedData.push(metrics[i].vulnerableComponents); + nonAffectedData.push(metrics[i].components - metrics[i].vulnerableComponents) } } @@ -40,6 +44,13 @@ pointHoverBackgroundColor: '#fff', data: totalData }, + { + label: this.$t('message.non_vulnerable'), + backgroundColor: hexToRgba(nonAffectedStyle, 10), + borderColor: nonAffectedStyle, + pointHoverBackgroundColor: '#fff', + data: nonAffectedData + }, { label: this.$t('message.vulnerable'), backgroundColor: hexToRgba(affectedStyle, 10), diff --git a/src/views/dashboard/ChartProjectVulnerabilities.vue b/src/views/dashboard/ChartProjectVulnerabilities.vue index 102a48099..dffc4d938 100644 --- a/src/views/dashboard/ChartProjectVulnerabilities.vue +++ b/src/views/dashboard/ChartProjectVulnerabilities.vue @@ -13,20 +13,24 @@ render: function(metrics) { const totalStyle = getStyle('--notification-note'); const affectedStyle = getStyle('--notification-warn'); + const nonAffectedStyle = getStyle('--notification-pass'); let labels = []; let totalData = []; let affectedData = []; + let nonAffectedData = []; for (let i = 0; i < metrics.length; i++) { labels.push(common.formatTimestamp(metrics[i].firstOccurrence)); totalData.push(metrics[i].projects); affectedData.push(metrics[i].vulnerableProjects); + nonAffectedData.push(metrics[i].projects - metrics[i].vulnerableProjects) if (i === metrics.length - 1) { labels.push(common.formatTimestamp(metrics[i].lastOccurrence)); totalData.push(metrics[i].projects); affectedData.push(metrics[i].vulnerableProjects); + nonAffectedData.push(metrics[i].projects - metrics[i].vulnerableProjects) } } @@ -40,6 +44,13 @@ pointHoverBackgroundColor: '#fff', data: totalData }, + { + label: this.$t('message.non_vulnerable'), + backgroundColor: hexToRgba(nonAffectedStyle, 10), + borderColor: nonAffectedStyle, + pointHoverBackgroundColor: '#fff', + data: nonAffectedData + }, { label: this.$t('message.vulnerable'), backgroundColor: hexToRgba(affectedStyle, 10), From 675116a51d3f595245ee0ffbad28ba1777836cb5 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Mon, 29 Jan 2024 09:16:07 -0500 Subject: [PATCH 133/165] feat(dashboard): add auditing cards for findings and policy violations Signed-off-by: Adam Setch --- src/i18n/locales/en.json | 3 + src/views/Dashboard.vue | 74 +++++++++++-- ....vue => ChartAuditingFindingsProgress.vue} | 0 .../ChartAuditingViolationsProgress.vue | 100 ++++++++++++++++++ .../portfolio/projects/ComponentDashboard.vue | 10 -- .../portfolio/projects/ProjectDashboard.vue | 16 +-- .../portfolio/projects/ServiceDashboard.vue | 10 -- 7 files changed, 172 insertions(+), 41 deletions(-) rename src/views/dashboard/{ChartAuditingProgress.vue => ChartAuditingFindingsProgress.vue} (100%) create mode 100644 src/views/dashboard/ChartAuditingViolationsProgress.vue diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index d7d0fafac..f296a9d2a 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -42,8 +42,10 @@ "inherited_risk_score": "Inherited Risk Score", "risk_score": "Risk Score", "vulnerable_projects": "Vulnerable Projects", + "findings": "Findings", "total_findings": "Total Findings", "findings_audited": "Findings Audited", + "findings_unaudited": "Findings Unaudited", "auditing_progress": "Auditing Progress", "show_suppressed_findings": "Show suppressed findings", "show_suppressed_violations": "Show suppressed violations", @@ -84,6 +86,7 @@ "license_risk": "License Risk", "operational_risk": "Operational Risk", "violations_audited": "Violations Audited", + "violations_unaudited": "Violations Unaudited", "attributed_on": "Attributed On", "view_details": "View Details", "project_details": "Project Details", diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 06383f12e..3aa18cc13 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -32,8 +32,8 @@
{{ $t('message.findings_audited') }}
- {{auditedFindings}} ({{auditedFindingPercent}}%) - + {{auditedFindings}} ({{auditedFindingsPercent}}%) + @@ -71,16 +71,61 @@ + + + -

{{ $t('message.auditing_progress') }}

+

{{ $t('message.auditing_progress') }}

+
{{ $t('message.findings') }}
 - + +
+ + +
{{ $t("message.findings_unaudited") }}
+ {{ unauditedFindings }} ({{ unauditedFindingsPercent }}%) + + + +
{{ $t("message.findings_audited") }}
+ {{ auditedFindings }} ({{ auditedFindingsPercent }}%) + + + +
+ + + + + + +

{{ $t('message.auditing_progress') }}

+
{{$t('message.policy_violations')}}
+ + + + + +
+ + +
{{ $t('message.violations_unaudited') }}
+ {{unauditedViolations}} ({{unauditedViolationsPercent}}%) + + + +
{{ $t('message.violations_audited') }}
+ {{auditedViolations}} ({{auditedViolationsPercent}}%) + + + +
@@ -161,7 +206,8 @@ import PortfolioWidgetRow from './dashboard/PortfolioWidgetRow' import ChartPortfolioVulnerabilities from './dashboard/ChartPortfolioVulnerabilities' import ChartProjectVulnerabilities from "./dashboard/ChartProjectVulnerabilities"; - import ChartAuditedProgress from "./dashboard/ChartAuditingProgress"; + import ChartAuditingFindingsProgress from "./dashboard/ChartAuditingFindingsProgress"; + import ChartAuditingViolationsProgress from "./dashboard/ChartAuditingViolationsProgress"; import ChartPolicyViolations from "./dashboard/ChartPolicyViolations"; import ChartComponentVulnerabilities from "./dashboard/ChartComponentVulnerabilities"; import { Callout } from '@coreui/vue' @@ -175,7 +221,8 @@ PortfolioWidgetRow, ChartPortfolioVulnerabilities, ChartProjectVulnerabilities, - ChartAuditedProgress, + ChartAuditingFindingsProgress, + ChartAuditingViolationsProgress, ChartPolicyViolations, ChartComponentVulnerabilities }, @@ -191,11 +238,15 @@ totalFindings: 0, auditedFindings: 0, - auditedFindingPercent: 0, + auditedFindingsPercent: 0, + unauditedFindings: 0, + unauditedFindingsPercent: 0, totalViolations: 0, auditedViolations: 0, auditedViolationsPercent: 0, + unauditedViolations: 0, + unauditedViolationsPercent: 0, failViolations: 0, failViolationsPercent: 0, warnViolations: 0, @@ -224,11 +275,15 @@ this.totalFindings = common.valueWithDefault(metric.findingsTotal, "0"); this.auditedFindings = common.valueWithDefault(metric.findingsAudited, "0"); - this.auditedFindingPercent = common.calcProgressPercent(this.totalFindings, this.auditedFindings); + this.auditedFindingsPercent = common.calcProgressPercent(this.totalFindings, this.auditedFindings); + this.unauditedFindings = common.valueWithDefault(metric.findingsUnaudited, "0"); + this.unauditedFindingsPercent = common.calcProgressPercent(this.totalFindings, this.unauditedFindings); this.totalViolations = common.valueWithDefault(metric.policyViolationsTotal, "0"); this.auditedViolations = common.valueWithDefault(metric.policyViolationsAudited, "0"); this.auditedViolationsPercent = common.calcProgressPercent(this.totalViolations, this.auditedViolations); + this.unauditedViolations = this.totalViolations - this.auditedViolations; + this.unauditedViolationsPercent = common.calcProgressPercent(this.totalViolations, this.unauditedViolations); this.failViolations = common.valueWithDefault(metric.policyViolationsFail, "0"); this.failViolationsPercent = common.calcProgressPercent(this.totalViolations, this.failViolations); this.warnViolations = common.valueWithDefault(metric.policyViolationsWarn, "0"); @@ -255,7 +310,8 @@ this.$refs.portfolioWidgetRow.render(response.data) this.$refs.chartPortfolioVulnerabilities.render(response.data); this.$refs.chartProjectVulnerabilities.render(response.data); - this.$refs.chartAuditedProgress.render(response.data); + this.$refs.chartAuditingFindingsProgress.render(response.data); + this.$refs.chartAuditingViolationsProgress.render(response.data); this.$refs.chartPolicyViolations.render(response.data); this.$refs.chartComponentVulnerabilities.render(response.data); this.extractStats(response.data); diff --git a/src/views/dashboard/ChartAuditingProgress.vue b/src/views/dashboard/ChartAuditingFindingsProgress.vue similarity index 100% rename from src/views/dashboard/ChartAuditingProgress.vue rename to src/views/dashboard/ChartAuditingFindingsProgress.vue diff --git a/src/views/dashboard/ChartAuditingViolationsProgress.vue b/src/views/dashboard/ChartAuditingViolationsProgress.vue new file mode 100644 index 000000000..3f9a1eaf0 --- /dev/null +++ b/src/views/dashboard/ChartAuditingViolationsProgress.vue @@ -0,0 +1,100 @@ + diff --git a/src/views/portfolio/projects/ComponentDashboard.vue b/src/views/portfolio/projects/ComponentDashboard.vue index 2641a9b63..bd2d07e5d 100644 --- a/src/views/portfolio/projects/ComponentDashboard.vue +++ b/src/views/portfolio/projects/ComponentDashboard.vue @@ -103,7 +103,6 @@ diff --git a/src/views/dashboard/ChartPolicyViolations.vue b/src/views/dashboard/ChartPolicyViolationsState.vue similarity index 100% rename from src/views/dashboard/ChartPolicyViolations.vue rename to src/views/dashboard/ChartPolicyViolationsState.vue diff --git a/src/views/portfolio/projects/ComponentDashboard.vue b/src/views/portfolio/projects/ComponentDashboard.vue index 2641a9b63..5d5f2f531 100644 --- a/src/views/portfolio/projects/ComponentDashboard.vue +++ b/src/views/portfolio/projects/ComponentDashboard.vue @@ -78,7 +78,7 @@ - + @@ -106,7 +106,7 @@ import ChartAuditingProgress from "../../dashboard/ChartAuditingProgress"; import ChartComponentVulnerabilities from "../../dashboard/ChartComponentVulnerabilities"; import ChartPortfolioVulnerabilities from '../../dashboard/ChartPortfolioVulnerabilities'; - import ChartPolicyViolations from "@/views/dashboard/ChartPolicyViolations"; + import ChartPolicyViolationsState from "@/views/dashboard/ChartPolicyViolationsState"; import ChartPolicyViolationBreakdown from '@/views/dashboard/ChartPolicyViolationBreakdown'; export default { @@ -115,7 +115,7 @@ ChartAuditingProgress, ChartComponentVulnerabilities, ChartPortfolioVulnerabilities, - ChartPolicyViolations, + ChartPolicyViolationsState, ChartPolicyViolationBreakdown, Callout, @@ -181,7 +181,7 @@ let url = `${this.$api.BASE_URL}/${this.$api.URL_METRICS}/component/${uuid}/days/${daysBack}`; this.axios.get(url).then((response) => { this.$refs.chartComponentVulnerabilities.render(response.data); - this.$refs.chartPolicyViolations.render(response.data); + this.$refs.chartPolicyViolationsState.render(response.data); this.$refs.chartPolicyViolationBreakdown.render(response.data); this.extractStats(response.data); }); diff --git a/src/views/portfolio/projects/ProjectDashboard.vue b/src/views/portfolio/projects/ProjectDashboard.vue index f0e611f84..09d622b58 100644 --- a/src/views/portfolio/projects/ProjectDashboard.vue +++ b/src/views/portfolio/projects/ProjectDashboard.vue @@ -90,7 +90,7 @@ - + @@ -144,13 +144,13 @@ import ChartAuditingProgress from "../../dashboard/ChartAuditingProgress"; import ChartComponentVulnerabilities from "../../dashboard/ChartComponentVulnerabilities"; import ChartPortfolioVulnerabilities from '../../dashboard/ChartPortfolioVulnerabilities' - import ChartPolicyViolations from "@/views/dashboard/ChartPolicyViolations"; + import ChartPolicyViolationsState from "@/views/dashboard/ChartPolicyViolationsState"; import ChartPolicyViolationBreakdown from '@/views/dashboard/ChartPolicyViolationBreakdown'; export default { name: 'project-dashboard', components: { - ChartPolicyViolations, + ChartPolicyViolationsState, ChartPolicyViolationBreakdown, ChartAuditingProgress, ChartComponentVulnerabilities, @@ -221,7 +221,7 @@ let url = `${this.$api.BASE_URL}/${this.$api.URL_METRICS}/project/${this.uuid}/days/${daysBack}`; this.axios.get(url).then((response) => { this.$refs.chartProjectVulnerabilities.render(response.data); - this.$refs.chartPolicyViolations.render(response.data); + this.$refs.chartPolicyViolationsState.render(response.data); this.$refs.chartPolicyViolationBreakdown.render(response.data); this.$refs.chartAuditedProgress.render(response.data); this.$refs.chartComponentVulnerabilities.render(response.data); diff --git a/src/views/portfolio/projects/ServiceDashboard.vue b/src/views/portfolio/projects/ServiceDashboard.vue index 69257a63f..c1f5c57f1 100644 --- a/src/views/portfolio/projects/ServiceDashboard.vue +++ b/src/views/portfolio/projects/ServiceDashboard.vue @@ -78,7 +78,7 @@ - + @@ -106,7 +106,7 @@ import { Callout } from '@coreui/vue' import ChartAuditingProgress from "../../dashboard/ChartAuditingProgress"; import ChartComponentVulnerabilities from "../../dashboard/ChartComponentVulnerabilities"; import ChartPortfolioVulnerabilities from '../../dashboard/ChartPortfolioVulnerabilities'; -import ChartPolicyViolations from "@/views/dashboard/ChartPolicyViolations"; +import ChartPolicyViolationsState from "@/views/dashboard/ChartPolicyViolationsState"; import ChartPolicyViolationBreakdown from '@/views/dashboard/ChartPolicyViolationBreakdown'; export default { @@ -115,7 +115,7 @@ export default { ChartAuditingProgress, ChartComponentVulnerabilities, ChartPortfolioVulnerabilities, - ChartPolicyViolations, + ChartPolicyViolationsState, ChartPolicyViolationBreakdown, Callout, @@ -184,7 +184,7 @@ export default { let url = `${this.$api.BASE_URL}/${this.$api.URL_METRICS}/service/${uuid}/days/${daysBack}`; this.axios.get(url).then((response) => { this.$refs.chartServiceVulnerabilities.render(response.data); - this.$refs.chartPolicyViolations.render(response.data); + this.$refs.chartPolicyViolationsState.render(response.data); this.$refs.chartPolicyViolationBreakdown.render(response.data); this.extractStats(response.data); }); From 362896c52f661307bbe428ea70afff0333db935e Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 30 Jan 2024 07:12:56 -0500 Subject: [PATCH 136/165] feat(dashboard): add policy violations by state and classification cards Signed-off-by: Adam Setch --- src/views/dashboard/ChartPolicyViolationsClassification.vue | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/views/dashboard/ChartPolicyViolationsClassification.vue b/src/views/dashboard/ChartPolicyViolationsClassification.vue index 340521287..3ccc0f4a2 100644 --- a/src/views/dashboard/ChartPolicyViolationsClassification.vue +++ b/src/views/dashboard/ChartPolicyViolationsClassification.vue @@ -19,9 +19,9 @@ export default { let licenseData = []; for (let i = 0; i < metrics.length; i++) { labels.push(common.formatTimestamp(metrics[i].firstOccurrence)); - securityData.push(metrics[i].policyViolationsFail); - operationalData.push(metrics[i].policyViolationsWarn); - licenseData.push(metrics[i].policyViolationsInfo); + securityData.push(metrics[i].policyViolationsSecurityTotal); + operationalData.push(metrics[i].policyViolationsOperationalTotal); + licenseData.push(metrics[i].policyViolationsLicenseTotal); if (i === metrics.length - 1) { labels.push(common.formatTimestamp(metrics[i].lastOccurrence)); securityData.push(metrics[i].policyViolationsSecurityTotal); From f41c943f628756ee57945738e50bbfb4cd003038 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 30 Jan 2024 07:20:15 -0500 Subject: [PATCH 137/165] refactor(dashboard): show portfolio vulnerabilities severity in footer Signed-off-by: Adam Setch --- src/views/Dashboard.vue | 51 ++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 06383f12e..99a806cc8 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -16,24 +16,29 @@
-
{{ $t('message.vulnerable_projects') }}
- {{vulnerableProjects}} ({{vulnerableProjectPercent}}%) - +
{{ $t('severity.critical') }}
+ {{critical}} ({{criticalPercent}}%) + - -
{{ $t('message.violations_audited') }}
- {{auditedViolations}} ({{auditedViolationsPercent}}%) - + +
{{ $t('severity.high') }}
+ {{high}} ({{highPercent}}%) + + + +
{{ $t('severity.medium') }}
+ {{medium}} ({{mediumPercent}}%) + -
{{ $t('message.vulnerable_components') }}
- {{vulnerableComponents}} ({{vulnerableComponentPercent}}%) - +
{{ $t('severity.low') }}
+ {{low}} ({{lowPercent}}%) + -
{{ $t('message.findings_audited') }}
- {{auditedFindings}} ({{auditedFindingPercent}}%) - +
{{ $t('severity.unassigned') }}
+ {{unassigned}} ({{unassignedPercent}}%) +
@@ -205,6 +210,16 @@ vulnerabilities: 0, suppressed: 0, + critical: 0, + criticalPercent: 0, + high: 0, + highPercent: 0, + medium: 0, + mediumPercent: 0, + low: 0, + lowPercent: 0, + unassigned: 0, + unassignedPercent: 0, lastMeasurement: "" } }, @@ -238,6 +253,16 @@ this.vulnerabilities = common.valueWithDefault(metric.vulnerabilities, "0"); this.suppressed = common.valueWithDefault(metric.suppressed, "0"); + this.critical = common.valueWithDefault(metric.critical, "0"); + this.criticalPercent = common.calcProgressPercent(this.vulnerabilities, this.critical); + this.high = common.valueWithDefault(metric.high, "0"); + this.highPercent = common.calcProgressPercent(this.vulnerabilities, this.high); + this.medium = common.valueWithDefault(metric.medium, "0"); + this.mediumPercent = common.calcProgressPercent(this.vulnerabilities, this.medium); + this.low = common.valueWithDefault(metric.low, "0"); + this.lowPercent = common.calcProgressPercent(this.vulnerabilities, this.low); + this.unassigned = common.valueWithDefault(metric.unassigned, "0"); + this.unassignedPercent = common.calcProgressPercent(this.vulnerabilities, this.unassigned); this.lastMeasurement = common.formatTimestamp(metric.lastOccurrence, true); }, refreshMetrics() { From 35d644f3a383197ed3c0a21728995e6a094ef3d0 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 30 Jan 2024 12:54:51 -0500 Subject: [PATCH 138/165] feat(dashboard): add policy violations by state and classification cards Signed-off-by: Adam Setch --- src/views/Dashboard.vue | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 493d08b60..0d1a59f60 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -418,6 +418,12 @@ this.warnViolationsPercent = common.calcProgressPercent(this.totalViolations, this.warnViolations); this.infoViolations = common.valueWithDefault(metric.policyViolationsInfo, "0"); this.infoViolationsPercent = common.calcProgressPercent(this.totalViolations, this.infoViolations); + this.securityViolations = common.valueWithDefault(metric.policyViolationsSecurityTotal, "0"); + this.securityViolationsPercent = common.calcProgressPercent(this.totalViolations, this.securityViolations); + this.operationalViolations = common.valueWithDefault(metric.policyViolationsOperationalTotal, "0"); + this.operationalViolationsPercent = common.calcProgressPercent(this.totalViolations, this.operationalViolations); + this.licenseViolations = common.valueWithDefault(metric.policyViolationsLicenseTotal, "0"); + this.licenseViolationsPercent = common.calcProgressPercent(this.totalViolations, this.licenseViolations); this.vulnerabilities = common.valueWithDefault(metric.vulnerabilities, "0"); this.suppressed = common.valueWithDefault(metric.suppressed, "0"); From b6c9846ad6f90179e0ceccd2da19d78891cceebf Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 30 Jan 2024 12:56:53 -0500 Subject: [PATCH 139/165] feat(dashboard): add policy violations by state and classification cards Signed-off-by: Adam Setch --- src/views/Dashboard.vue | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 0d1a59f60..d7247c91e 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -104,9 +104,6 @@ - - - From e5faf5030b25656d9a0c14ca6acd170a51551b4c Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 30 Jan 2024 13:05:13 -0500 Subject: [PATCH 140/165] refactor(dashboard): show portfolio vulnerabilities severity in footer Signed-off-by: Adam Setch --- src/views/Dashboard.vue | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index 547a28731..036890f91 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -36,9 +36,9 @@ -
{{ $t('message.findings_audited') }}
- {{auditedFindings}} ({{auditedFindingPercent}}%) - +
{{ $t('severity.unassigned') }}
+ {{unassigned}} ({{unassignedPercent}}%) + From 99da9bda734b179b6367718781e8a7c484281bc4 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 30 Jan 2024 16:10:43 -0500 Subject: [PATCH 141/165] refactor: handle edge cases better Signed-off-by: Adam Setch --- src/shared/common.js | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/shared/common.js b/src/shared/common.js index 2f98633f3..0ccddfc76 100644 --- a/src/shared/common.js +++ b/src/shared/common.js @@ -410,19 +410,17 @@ $common.valueWithDefault = function valueWithDefault(variable, defaultValue) { * function will return a percentage rounded to the tenth decimal place. */ $common.calcProgressPercent = function calcProgressPercent(total, completed) { - if (completed >= total) { + if (total == 0 || completed == 0) { + // the absence of work does not imply progress. + return 0; + } else if (completed >= total) { // In something has already been completed (e.g. suppressed) and the completed value // is greater than the total, return 100% return 100; - } else if (total > 0) { - if (completed === 0) { - return 0; - } else { - let percentage = (completed / total) * 100; - return Math.round(percentage * 10) / 10; - } } - return 0; // the absence of work does not imply progress. + + let percentage = (completed / total) * 100; + return Math.round(percentage * 10) / 10; }; /** From 4f46cef92a895ca9e3bd74e0057eb9bfa610f09c Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 31 Jan 2024 10:47:04 -0500 Subject: [PATCH 142/165] refactor(project details): improve UX for active/inactive toggle. Signed-off-by: Adam Setch --- src/views/portfolio/projects/ProjectDetailsModal.vue | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/views/portfolio/projects/ProjectDetailsModal.vue b/src/views/portfolio/projects/ProjectDetailsModal.vue index 0989f6142..9fc5fff68 100644 --- a/src/views/portfolio/projects/ProjectDetailsModal.vue +++ b/src/views/portfolio/projects/ProjectDetailsModal.vue @@ -41,7 +41,7 @@ {{$t('message.active')}} + v-b-tooltip.hover :title="$t('message.inactive_active_children')" @change="syncActiveLabel"/> {{projectActiveLabel}}

Date: Wed, 31 Jan 2024 12:39:27 -0500 Subject: [PATCH 143/165] refactor(project details): improve UX for active/inactive toggle. Signed-off-by: Adam Setch --- src/i18n/locales/en.json | 1 + 1 file changed, 1 insertion(+) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index fc3986e2d..174ab6562 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -58,6 +58,7 @@ "version": "Version", "bom_format": "BOM Format", "active": "Active", + "inactive": "Inactive", "name": "Name", "published": "Published", "cwe": "CWE", From 6eebb1c8e1fcd9b4905c0406ce8ca6ab5229f68c Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 31 Jan 2024 15:19:49 -0500 Subject: [PATCH 144/165] feat(vulnerabilities): enhance Vulnerabilities UI to be able to toggle affected projects by active/inactive Signed-off-by: Adam Setch --- .../vulnerabilities/AffectedProjects.vue | 61 ++++++++++++++++++- .../vulnerabilities/VulnerabilityList.vue | 3 +- 2 files changed, 61 insertions(+), 3 deletions(-) diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index f3f3e9a9e..c0cbcf9cd 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -1,19 +1,33 @@ diff --git a/src/views/portfolio/vulnerabilities/VulnerabilityList.vue b/src/views/portfolio/vulnerabilities/VulnerabilityList.vue index debf1e8b2..eab9ddec2 100644 --- a/src/views/portfolio/vulnerabilities/VulnerabilityList.vue +++ b/src/views/portfolio/vulnerabilities/VulnerabilityList.vue @@ -53,6 +53,7 @@ import VulnerabilityCreateVulnerabilityModal from "./VulnerabilityCreateVulnerab }, data() { return { + showInactiveProjects: this.showInactiveProjects, columns: [ { title: this.$t('message.name'), @@ -111,7 +112,7 @@ import VulnerabilityCreateVulnerabilityModal from "./VulnerabilityCreateVulnerab }, { title: this.$t('message.projects'), - field: "affectedProjectCount", + field: "affectedActiveProjectCount", class: "tight", sortable: false }, From a480d2545e995b2ddb54d5547c8bf17c84035808 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 31 Jan 2024 15:29:55 -0500 Subject: [PATCH 145/165] feat(vulnerabilities): enhance Vulnerabilities UI to be able to toggle affected projects by active/inactive Signed-off-by: Adam Setch --- src/views/portfolio/vulnerabilities/AffectedProjects.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index c0cbcf9cd..890ca55da 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -68,7 +68,7 @@ { title: this.$t('message.active'), field: "active", - formatter(value, row, index) { + formatter(value) { return value === true ? '' : ""; }, align: "center", From 470769461409139947dcbc5713a4988c6bb0b8a7 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 31 Jan 2024 16:04:35 -0500 Subject: [PATCH 146/165] feat(vulnerabilities): enhance Vulnerabilities UI to be able to toggle affected projects by active/inactive Signed-off-by: Adam Setch --- src/views/portfolio/vulnerabilities/AffectedProjects.vue | 1 + 1 file changed, 1 insertion(+) diff --git a/src/views/portfolio/vulnerabilities/AffectedProjects.vue b/src/views/portfolio/vulnerabilities/AffectedProjects.vue index 890ca55da..bc003f738 100644 --- a/src/views/portfolio/vulnerabilities/AffectedProjects.vue +++ b/src/views/portfolio/vulnerabilities/AffectedProjects.vue @@ -86,6 +86,7 @@ queryParamsType: 'pageSize', pageList: '[10, 25, 50, 100]', pageSize: 10, + toolbar: '#projectsToolbar', icons: { refresh: 'fa-refresh' }, From bb31d16f77f48975670fb8f35f97c06ff3874ae9 Mon Sep 17 00:00:00 2001 From: Andres Tito Date: Fri, 2 Feb 2024 13:51:56 +0100 Subject: [PATCH 147/165] NEW SUBJECT PREFIX INPUT BOX Add new Subject Prefix Input box in Configuration>Email Following same code style for adding new input box. Clean undifined value to " " when user choose not to have Subject Prefix Signed-off-by: Andres Tito --- src/i18n/locales/en.json | 1 + src/views/administration/configuration/Email.vue | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index d7d0fafac..b4ffe3a78 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -594,6 +594,7 @@ "enable_bom_spdx": "Enable SPDX", "enable_email": "Enable email", "email_from_address": "From email address", + "email_prefix": "Subject prefix", "email_smtp_server": "SMTP server", "email_smtp_port": "SMTP server port", "email_smtp_username": "SMTP username", diff --git a/src/views/administration/configuration/Email.vue b/src/views/administration/configuration/Email.vue index 3cb3b0827..b75152a0f 100644 --- a/src/views/administration/configuration/Email.vue +++ b/src/views/administration/configuration/Email.vue @@ -11,6 +11,14 @@ v-model="emailFromAddress" lazy="true" /> + Date: Fri, 2 Feb 2024 13:51:56 +0100 Subject: [PATCH 148/165] Change variable smtp.prefix to subject.prefix The prefix is not really tied to the SMTP protocol. If other email delivery methods are added in the future, the prefix might still be valid to use, but should not be called smtp.prefix Signed-off-by: Andres Tito --- src/views/administration/configuration/Email.vue | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/views/administration/configuration/Email.vue b/src/views/administration/configuration/Email.vue index b75152a0f..8bb421151 100644 --- a/src/views/administration/configuration/Email.vue +++ b/src/views/administration/configuration/Email.vue @@ -101,7 +101,7 @@ this.updateConfigProperties([ {groupName: 'email', propertyName: 'smtp.enabled', propertyValue: this.isEmailEnabled}, {groupName: 'email', propertyName: 'smtp.from.address', propertyValue: this.emailFromAddress}, - {groupName: 'email', propertyName: 'smtp.prefix', propertyValue: this.emailPrefix}, + {groupName: 'email', propertyName: 'subject.prefix', propertyValue: this.emailPrefix}, {groupName: 'email', propertyName: 'smtp.server.hostname', propertyValue: this.emailSmtpServer}, {groupName: 'email', propertyName: 'smtp.server.port', propertyValue: this.emailSmtpPort}, {groupName: 'email', propertyName: 'smtp.username', propertyValue: this.emailSmtpUsername}, @@ -112,7 +112,7 @@ this.updateConfigProperty("email", "smtp.password", this.emailSmtpPassword); } if (typeof this.emailPrefix == "undefined") { - this.updateConfigProperty("email","smtp.prefix", " "); + this.updateConfigProperty("email","subject.prefix", " "); } } }, @@ -126,7 +126,7 @@ this.isEmailEnabled = common.toBoolean(item.propertyValue); break; case "smtp.from.address": this.emailFromAddress = item.propertyValue; break; - case "smtp.prefix": + case "subject.prefix": this.emailPrefix = item.propertyValue; break; case "smtp.server.hostname": this.emailSmtpServer = item.propertyValue; break; From 46015fda9560414feabea1797736b6a1489f9824 Mon Sep 17 00:00:00 2001 From: nscuro Date: Sat, 3 Feb 2024 19:22:46 +0100 Subject: [PATCH 149/165] Fix "Outdated Only" button being disabled when dependency graph is not available Fixes https://github.com/DependencyTrack/dependency-track/issues/3404 Signed-off-by: nscuro --- src/views/portfolio/projects/ProjectComponents.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/portfolio/projects/ProjectComponents.vue b/src/views/portfolio/projects/ProjectComponents.vue index dce0f4d12..64011631b 100644 --- a/src/views/portfolio/projects/ProjectComponents.vue +++ b/src/views/portfolio/projects/ProjectComponents.vue @@ -26,7 +26,7 @@ {{ $t('message.inventory_with_vulnerabilities') }} - + {{ $t('message.outdated_only') }} {{ $t('message.only_outdated_tooltip') }} From 67a96f98b044e73907d91c54a8cad52074311dae Mon Sep 17 00:00:00 2001 From: nscuro Date: Sat, 3 Feb 2024 19:36:46 +0100 Subject: [PATCH 150/165] Fix redundant requests to `/api/v1/component` when loading project page `onlyOutdated` and `onlyDirect` were initialized with non-boolean values. Both variables have a watch on them, triggering a refresh of the components table upon change. Both variables are used as model for `c-switch` components, causing their value to transition to `false` immediately, triggering the watches and consequently table refreshes. This behavior could cause requests to be abandoned before their content was fully consumed, resulting in `EofException`s in the API server. Signed-off-by: nscuro --- src/views/portfolio/projects/ProjectComponents.vue | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/views/portfolio/projects/ProjectComponents.vue b/src/views/portfolio/projects/ProjectComponents.vue index dce0f4d12..40cea58b4 100644 --- a/src/views/portfolio/projects/ProjectComponents.vue +++ b/src/views/portfolio/projects/ProjectComponents.vue @@ -80,8 +80,8 @@ import SeverityProgressBar from "../../components/SeverityProgressBar"; dataOn: '\u2713', dataOff: '\u2715' }, - onlyOutdated: this.onlyOutdated, - onlyDirect: this.onlyDirect, + onlyOutdated: false, + onlyDirect: false, columns: [ { field: "state", From ff44ac391dbed9040165c8857d91ddcc146cf7cb Mon Sep 17 00:00:00 2001 From: nscuro Date: Sat, 3 Feb 2024 20:54:09 +0100 Subject: [PATCH 151/165] Fix table column visibility preferences triggering redundant requests When applying user preferences for column visibility, fields of the bootstrap table were accessed directly. Apparently the bootstrap table has watches on those fields, which caused table contents to be loaded at least twice, instead of once. This does not happen when using the "official" `table.showColumn` / `table.hideColumn` methods. Switching to those no longer causes duplicate requests. Signed-off-by: nscuro --- src/shared/utils.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/shared/utils.js b/src/shared/utils.js index c374de013..a5b2c7cfa 100644 --- a/src/shared/utils.js +++ b/src/shared/utils.js @@ -72,8 +72,24 @@ export function getContextPath() { } export function loadUserPreferencesForBootstrapTable(_this, id, columns) { + const table = _this.$refs.table; + if (!table) { + console.error("No table defined in the calling component; Can't apply user preferences"); + return; + } + columns.forEach((column) => { - _this.$set(column, "visible", (localStorage && localStorage.getItem(id + "Show" + common.capitalize(column.field)) !== null) ? (localStorage.getItem(id + "Show" + common.capitalize(column.field)) === "true") : column.visible); + const isVisible = column.visible; + const shouldShow = (localStorage && localStorage.getItem(id + "Show" + common.capitalize(column.field)) !== null) + ? (localStorage.getItem(id + "Show" + common.capitalize(column.field)) === "true") + : isVisible; + if (isVisible !== shouldShow) { + if (shouldShow) { + table.showColumn(column.field); + } else { + table.hideColumn(column.field); + } + } }) } From 5bd0579ee22aa0df81b6ce18dd782d970329f8bd Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Mon, 5 Feb 2024 11:05:36 -0500 Subject: [PATCH 152/165] feat(notifications): show publisher name on expanded row Signed-off-by: Adam Setch --- src/views/administration/notifications/Alerts.vue | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/views/administration/notifications/Alerts.vue b/src/views/administration/notifications/Alerts.vue index b480f3dfa..43b9bc483 100644 --- a/src/views/administration/notifications/Alerts.vue +++ b/src/views/administration/notifications/Alerts.vue @@ -130,6 +130,9 @@ {{ $t('admin.alert_log_successful_publish') }} + + + @@ -221,6 +224,7 @@ enabled: row.enabled, logSuccessfulPublish: row.logSuccessfulPublish, notifyChildren: row.notifyChildren, + publisherName: row.publisher.name, publisherClass: row.publisher.publisherClass, notificationLevel: row.notificationLevel, destination: this.parseDestination(row), From 0836de14ff839b8efcad267956f2bb7e736ce738 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 01:03:32 +0000 Subject: [PATCH 153/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `69bd3c1` to `e0be80a`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 73a67e227..f9929554a 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:69bd3c1d739c28af7e123b69fa4f0e12e679034e71920fdcc402fae39e2af47b +FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:e0be80ac6ac40a050dd48c50499c957dc34aa05ea869122ae23390deb2762674 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 535b1e6b58b578638825ab48b94e42ea1c61d3ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 01:03:50 +0000 Subject: [PATCH 154/165] build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index e0f4afa4b..fef155ce4 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -54,7 +54,7 @@ jobs: npm run build --if-present - name: Upload Artifacts - uses: actions/upload-artifact@v4.3.0 + uses: actions/upload-artifact@v4.3.1 with: name: assembled-frontend-node${{ matrix.node-version }} path: |- From f84e8218bb650316d62e40abf0ecca1714194b53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 01:03:52 +0000 Subject: [PATCH 155/165] build(deps): bump actions/download-artifact from 4.1.1 to 4.1.2 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4.1.1...v4.1.2) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/ci-publish.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index e0f4afa4b..42eaa5814 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -71,7 +71,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Download Artifacts - uses: actions/download-artifact@v4.1.1 + uses: actions/download-artifact@v4.1.2 with: name: assembled-frontend-node${{ inputs.node-version-package }} diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index 22f836a68..70f03c1c7 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Download Artifacts - uses: actions/download-artifact@v4.1.1 + uses: actions/download-artifact@v4.1.2 with: name: assembled-frontend-node18 From 26d84a27bf61466f88f28e58ce7ffd04f0b0d7cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Feb 2024 01:41:25 +0000 Subject: [PATCH 156/165] build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.16.1...0.17.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index e6057bd32..de0f36baa 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -116,7 +116,7 @@ jobs: - name: Run Trivy Vulnerability Scanner if: ${{ inputs.publish-container }} - uses: aquasecurity/trivy-action@0.16.1 + uses: aquasecurity/trivy-action@0.17.0 with: image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }} format: 'sarif' From bbe3155cb59f42d859fd2c76df4b134b46513a98 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 7 Feb 2024 10:39:39 -0500 Subject: [PATCH 157/165] feat: improve tooltip clarity for project vulnerabilities Signed-off-by: Adam Setch --- src/i18n/locales/en.json | 7 +++++++ src/views/portfolio/projects/Project.vue | 10 +++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index 0c9c5bd67..938ba733c 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -854,6 +854,13 @@ "cvss_severity": "CVSS Severity", "owasp_rr_severity": "OWASP Risk Rating Severity" }, + "vulnerability": { + "critical": "Critical Severity Vulnerabilities", + "high": "High Severity Vulnerabilities", + "medium": "Medium Severity Vulnerabilities", + "low": "Low Severity Vulnerabilities", + "unassigned": "Unassigned Vulnerabilities" + }, "validation": { "required": "{_field_} is required", "confirmed": "{_field_} doesn't match", diff --git a/src/views/portfolio/projects/Project.vue b/src/views/portfolio/projects/Project.vue index 0575ebe5e..6d41c604c 100644 --- a/src/views/portfolio/projects/Project.vue +++ b/src/views/portfolio/projects/Project.vue @@ -46,7 +46,7 @@ :percent="100" :size="50" :animate="true" - v-b-tooltip.hover :title="$t('severity.critical')" + v-b-tooltip.hover :title="$t('vulnerability.critical')" >{{ currentCritical }} {{ currentHigh }} {{ currentMedium }} {{ currentLow }} {{ currentUnassigned }} From ada57efc692c9cba1ef2863907c1b5c620ebb7b8 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 7 Feb 2024 11:00:06 -0500 Subject: [PATCH 158/165] build: add @vue/runtime-dom as devDependency Signed-off-by: Adam Setch --- package-lock.json | 85 +++++++++++++++++++++++++++++++++++++++++++++++ package.json | 1 + 2 files changed, 86 insertions(+) diff --git a/package-lock.json b/package-lock.json index 31680360e..03242b615 100644 --- a/package-lock.json +++ b/package-lock.json @@ -59,6 +59,7 @@ "@vue/cli-plugin-babel": "5.0.8", "@vue/cli-plugin-eslint": "3.12.1", "@vue/cli-service": "3.12.1", + "@vue/runtime-dom": "^3.4.15", "copy-webpack-plugin": "5.1.2", "cross-env": "^7.0.3", "growl": "1.10.5", @@ -4152,6 +4153,42 @@ "webpack": ">=4.0.0" } }, + "node_modules/@vue/reactivity": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.15.tgz", + "integrity": "sha512-55yJh2bsff20K5O84MxSvXKPHHt17I2EomHznvFiJCAZpJTNW8IuLj1xZWMLELRhBK3kkFV/1ErZGHJfah7i7w==", + "dev": true, + "dependencies": { + "@vue/shared": "3.4.15" + } + }, + "node_modules/@vue/runtime-core": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.15.tgz", + "integrity": "sha512-6E3by5m6v1AkW0McCeAyhHTw+3y17YCOKG0U0HDKDscV4Hs0kgNT5G+GCHak16jKgcCDHpI9xe5NKb8sdLCLdw==", + "dev": true, + "dependencies": { + "@vue/reactivity": "3.4.15", + "@vue/shared": "3.4.15" + } + }, + "node_modules/@vue/runtime-dom": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.15.tgz", + "integrity": "sha512-EVW8D6vfFVq3V/yDKNPBFkZKGMFSvZrUQmx196o/v2tHKdwWdiZjYUBS+0Ez3+ohRyF8Njwy/6FH5gYJ75liUw==", + "dev": true, + "dependencies": { + "@vue/runtime-core": "3.4.15", + "@vue/shared": "3.4.15", + "csstype": "^3.1.3" + } + }, + "node_modules/@vue/shared": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.15.tgz", + "integrity": "sha512-KzfPTxVaWfB+eGcGdbSf4CWdaXcGDqckoeXUh7SB3fZdEtzPCK2Vq9B/lRRL3yutax/LWITz+SwvgyOxz5V75g==", + "dev": true + }, "node_modules/@vue/web-component-wrapper": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/@vue/web-component-wrapper/-/web-component-wrapper-1.3.0.tgz", @@ -7545,6 +7582,12 @@ "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==", "dev": true }, + "node_modules/csstype": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", + "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==", + "dev": true + }, "node_modules/current-script-polyfill": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/current-script-polyfill/-/current-script-polyfill-1.0.0.tgz", @@ -22476,6 +22519,42 @@ "dev": true, "requires": {} }, + "@vue/reactivity": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.15.tgz", + "integrity": "sha512-55yJh2bsff20K5O84MxSvXKPHHt17I2EomHznvFiJCAZpJTNW8IuLj1xZWMLELRhBK3kkFV/1ErZGHJfah7i7w==", + "dev": true, + "requires": { + "@vue/shared": "3.4.15" + } + }, + "@vue/runtime-core": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.15.tgz", + "integrity": "sha512-6E3by5m6v1AkW0McCeAyhHTw+3y17YCOKG0U0HDKDscV4Hs0kgNT5G+GCHak16jKgcCDHpI9xe5NKb8sdLCLdw==", + "dev": true, + "requires": { + "@vue/reactivity": "3.4.15", + "@vue/shared": "3.4.15" + } + }, + "@vue/runtime-dom": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.15.tgz", + "integrity": "sha512-EVW8D6vfFVq3V/yDKNPBFkZKGMFSvZrUQmx196o/v2tHKdwWdiZjYUBS+0Ez3+ohRyF8Njwy/6FH5gYJ75liUw==", + "dev": true, + "requires": { + "@vue/runtime-core": "3.4.15", + "@vue/shared": "3.4.15", + "csstype": "^3.1.3" + } + }, + "@vue/shared": { + "version": "3.4.15", + "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.15.tgz", + "integrity": "sha512-KzfPTxVaWfB+eGcGdbSf4CWdaXcGDqckoeXUh7SB3fZdEtzPCK2Vq9B/lRRL3yutax/LWITz+SwvgyOxz5V75g==", + "dev": true + }, "@vue/web-component-wrapper": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/@vue/web-component-wrapper/-/web-component-wrapper-1.3.0.tgz", @@ -25202,6 +25281,12 @@ } } }, + "csstype": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", + "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==", + "dev": true + }, "current-script-polyfill": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/current-script-polyfill/-/current-script-polyfill-1.0.0.tgz", diff --git a/package.json b/package.json index 8cb43a9db..3d6268a2e 100644 --- a/package.json +++ b/package.json @@ -68,6 +68,7 @@ "@vue/cli-plugin-babel": "5.0.8", "@vue/cli-plugin-eslint": "3.12.1", "@vue/cli-service": "3.12.1", + "@vue/runtime-dom": "^3.4.15", "copy-webpack-plugin": "5.1.2", "cross-env": "^7.0.3", "growl": "1.10.5", From 79c58a2b49b381fe97afc0110d71ba65e8bbdb74 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 7 Feb 2024 19:25:52 -0500 Subject: [PATCH 159/165] feat(project): finding badges including and excluding aliases Signed-off-by: Adam Setch --- src/assets/scss/_custom.scss | 5 +++++ src/i18n/locales/en.json | 2 ++ src/views/portfolio/projects/Project.vue | 10 ++++++++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss index c145337ce..1ccbfa1ed 100644 --- a/src/assets/scss/_custom.scss +++ b/src/assets/scss/_custom.scss @@ -341,6 +341,11 @@ button:focus { margin-left: 0.6em !important; color: #21D983 !important; } +.badge-tab-info { + border: 1px solid #60768c !important; + background-color: $grey-900 !important; + color: $notification-info !important; +} .badge-tag { color: $primary; background-color: transparent; diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index 0c9c5bd67..7d52034fe 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -44,6 +44,8 @@ "vulnerable_projects": "Vulnerable Projects", "findings": "Findings", "total_findings": "Total Findings", + "total_findings_including_aliases": "Total Findings (including aliases)", + "total_findings_excluding_aliases": "Total Findings (excluding aliases)", "findings_audited": "Findings Audited", "findings_unaudited": "Findings Unaudited", "auditing_progress": "Auditing Progress", diff --git a/src/views/portfolio/projects/Project.vue b/src/views/portfolio/projects/Project.vue index 0575ebe5e..fbed8a363 100644 --- a/src/views/portfolio/projects/Project.vue +++ b/src/views/portfolio/projects/Project.vue @@ -131,8 +131,12 @@ - - + + @@ -222,6 +226,7 @@ totalServices: 0, totalDependencyGraphs: 0, totalFindings: 0, + totalFindingsIncludingAliases: 0, totalEpss: 0, totalViolations: 0, tabIndex: 0 @@ -253,6 +258,7 @@ this.currentLow = common.valueWithDefault(this.project.metrics.low, 0); this.currentUnassigned = common.valueWithDefault(this.project.metrics.unassigned, 0); this.currentRiskScore = common.valueWithDefault(this.project.metrics.inheritedRiskScore, 0); + this.totalFindings = common.valueWithDefault(this.project.metrics.findingsTotal, 0) EventBus.$emit('addCrumb', this.projectLabel); this.$title = this.projectLabel; }); From 2f2fff776ce7fa2d686da6861546589717d59676 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Feb 2024 01:13:32 +0000 Subject: [PATCH 160/165] build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4.0.1...v4.0.2) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/ci-release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index de0f36baa..b76e8e4b0 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Set up NodeJs - uses: actions/setup-node@v4.0.1 + uses: actions/setup-node@v4.0.2 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index 1904f64d7..6b1a71740 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v4.1.1 - name: Set up NodeJs - uses: actions/setup-node@v4.0.1 + uses: actions/setup-node@v4.0.2 with: node-version: '18' cache: 'npm' From 9d2bfb062d872d82d508c442554719d75103cec1 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 7 Feb 2024 22:32:30 -0500 Subject: [PATCH 161/165] feat(project): add tooltip to vuln progress bar Signed-off-by: Adam Setch --- src/views/components/SeverityProgressBar.vue | 40 +++++++++++++++----- src/views/portfolio/projects/ProjectList.vue | 7 ++-- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/src/views/components/SeverityProgressBar.vue b/src/views/components/SeverityProgressBar.vue index 09832fa5c..a2b9af7d3 100644 --- a/src/views/components/SeverityProgressBar.vue +++ b/src/views/components/SeverityProgressBar.vue @@ -5,13 +5,28 @@ - - - - - - - + + + + + + + + + + +
+
{{$t('message.severity')}}
+

+ {{$t('severity.critical')}}: {{ critical }}
+ {{$t('severity.high')}}: {{ high }}
+ {{$t('severity.medium')}}: {{ medium }}
+ {{$t('severity.low')}}: {{ low }}
+ {{$t('severity.unassigned')}}: {{ unassigned }}
+

+ {{$t('message.total')}}: {{ vulnerabilities }} +
+ @@ -23,7 +38,14 @@ high: Number, medium: Number, low: Number, - unassigned: Number - } + unassigned: Number, + $t: Function, + }, + data() { + return { + // Workaround for vue references to the progress-bars. Using the ref targets doesn't seem to work. + hoverId: Math.random().toString(36), + }; + }, } diff --git a/src/views/portfolio/projects/ProjectList.vue b/src/views/portfolio/projects/ProjectList.vue index 70d0d8b86..255ff29a3 100644 --- a/src/views/portfolio/projects/ProjectList.vue +++ b/src/views/portfolio/projects/ProjectList.vue @@ -273,7 +273,7 @@ import ProjectCreateProjectModal from "./ProjectCreateProjectModal"; title: this.$t('message.vulnerabilities'), field: "metrics.vulnerabilities", // this column uses other fields, but the field id must be unique sortable: false, - formatter(_, row) { + formatter: function(_, row) { let metrics = row.metrics if (typeof metrics === "undefined") { return "-"; // No vulnerability info available @@ -288,12 +288,13 @@ import ProjectCreateProjectModal from "./ProjectCreateProjectModal"; high: metrics.high, medium: metrics.medium, low: metrics.low, - unassigned: metrics.unassigned + unassigned: metrics.unassigned, + $t: this.$t.bind(this), } }); progressBar.$mount(); return progressBar.$el.outerHTML; - } + }.bind(this) } ], data: [], From 2f8b3a5bfa7bea63026b12e5a2765cb9baf3e311 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Feb 2024 01:15:19 +0000 Subject: [PATCH 162/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from 1.25.3-alpine to 1.25.4-alpine. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index f9929554a..0bb57c579 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.3-alpine@sha256:e0be80ac6ac40a050dd48c50499c957dc34aa05ea869122ae23390deb2762674 +FROM nginxinc/nginx-unprivileged:1.25.4-alpine@sha256:643fe394a32f08816efb0e5ec2a3779b9b1e04d2be302a6f380be88b6bb48245 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From c0e7e6d62f6d434d19ffc8ffe209eba1509e437a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 01:04:46 +0000 Subject: [PATCH 163/165] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `643fe39` to `ac1db3b`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 0bb57c579..2e401f131 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.4-alpine@sha256:643fe394a32f08816efb0e5ec2a3779b9b1e04d2be302a6f380be88b6bb48245 +FROM nginxinc/nginx-unprivileged:1.25.4-alpine@sha256:ac1db3b263ff319b6756ac552054cd0afe7a159a4687f160d6c573167372e769 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From d5a660f5352658efac6a6dcc588c0ac21d529a90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Feb 2024 19:09:43 +0000 Subject: [PATCH 164/165] build(deps-dev): bump ip from 1.1.8 to 1.1.9 Bumps [ip](https://github.com/indutny/node-ip) from 1.1.8 to 1.1.9. - [Commits](https://github.com/indutny/node-ip/compare/v1.1.8...v1.1.9) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 03242b615..cabdd7d78 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10909,9 +10909,9 @@ } }, "node_modules/ip": { - "version": "1.1.8", - "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz", - "integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg==", + "version": "1.1.9", + "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.9.tgz", + "integrity": "sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ==", "dev": true }, "node_modules/ip-regex": { @@ -27931,9 +27931,9 @@ } }, "ip": { - "version": "1.1.8", - "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz", - "integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg==", + "version": "1.1.9", + "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.9.tgz", + "integrity": "sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ==", "dev": true }, "ip-regex": { From 3bfab6aeca54e0467f56469744a0c159c5326dc8 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Wed, 21 Feb 2024 17:11:37 -0400 Subject: [PATCH 165/165] feat(project): violations badges Signed-off-by: Adam Setch --- src/assets/scss/_custom.scss | 10 ++++++++++ src/i18n/locales/en.json | 1 + src/views/portfolio/projects/Project.vue | 13 ++++++++++++- 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss index 1ccbfa1ed..931cd6a21 100644 --- a/src/assets/scss/_custom.scss +++ b/src/assets/scss/_custom.scss @@ -341,6 +341,16 @@ button:focus { margin-left: 0.6em !important; color: #21D983 !important; } +.badge-tab-fail { + border: 1px solid #60768c !important; + background-color: $grey-900 !important; + color: $notification-fail !important; +} +.badge-tab-warn { + border: 1px solid #60768c !important; + background-color: $grey-900 !important; + color: $notification-warn !important; +} .badge-tab-info { border: 1px solid #60768c !important; background-color: $grey-900 !important; diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index acc5029cd..0c23b7c12 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -835,6 +835,7 @@ "blake3": "BLAKE3" }, "policy_violation": { + "total": "Total Violations", "fails": "Violation Failures", "warns": "Violation Warnings", "infos": "Informational Violations", diff --git a/src/views/portfolio/projects/Project.vue b/src/views/portfolio/projects/Project.vue index d691d1f58..1511e72d7 100644 --- a/src/views/portfolio/projects/Project.vue +++ b/src/views/portfolio/projects/Project.vue @@ -143,7 +143,12 @@ - + @@ -229,6 +234,9 @@ totalFindingsIncludingAliases: 0, totalEpss: 0, totalViolations: 0, + infoViolations: 0, + warnViolations: 0, + failViolations: 0, tabIndex: 0 } }, @@ -259,6 +267,9 @@ this.currentUnassigned = common.valueWithDefault(this.project.metrics.unassigned, 0); this.currentRiskScore = common.valueWithDefault(this.project.metrics.inheritedRiskScore, 0); this.totalFindings = common.valueWithDefault(this.project.metrics.findingsTotal, 0) + this.infoViolations = common.valueWithDefault(this.project.metrics.policyViolationsInfo, 0) + this.warnViolations = common.valueWithDefault(this.project.metrics.policyViolationsWarn, 0) + this.failViolations = common.valueWithDefault(this.project.metrics.policyViolationsFail, 0) EventBus.$emit('addCrumb', this.projectLabel); this.$title = this.projectLabel; });