From e6ded31f98d51fdb7a2920eb293e9a1ca6f40277 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Tue, 19 May 2026 19:04:14 +0200
Subject: [PATCH 01/11] feat(heureka): add Mitigate Manually action to
 vulnerability rows

Add a new "Mitigate Manually" popup action to both the active and
remediated vulnerability tabs. Opens a modal (same shape as False
Positive) that creates a remediation with type=mitigation. Revert
works automatically via the existing RemediationHistoryPanel flow.

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../IssuesDataRows/IssuesDataRow/index.tsx    |  57 +++++
 .../IssuesDataRows/IssuesDataRows.test.tsx    |   3 +
 .../ImageIssuesList/IssuesDataRows/index.tsx  |   3 +
 .../RemediatedIssueDataRow/index.tsx          |  12 +
 .../ImageDetails/ImageIssuesList/index.tsx    |  16 +-
 .../MitigateManuallyModal/index.tsx           | 227 ++++++++++++++++++
 6 files changed, 317 insertions(+), 1 deletion(-)
 create mode 100644 apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx

diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx
index 8284cc2df7..4a5556edbc 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx
@@ -20,6 +20,7 @@ import { ImageVulnerability } from "../../../../../Services/utils"
 import { getSeverityColor, useTextOverflow } from "../../../../../../utils"
 import { FalsePositiveModal } from "../../../FalsePositiveModal"
 import { RiskAcceptanceModal } from "../../../RiskAcceptanceModal"
+import { MitigateManuallyModal } from "../../../MitigateManuallyModal"
 import { useRouteContext } from "@tanstack/react-router"
 import { createRemediation } from "../../../../../../api/createRemediation"
 import { RemediationInput } from "../../../../../../generated/graphql"
@@ -42,6 +43,7 @@ type IssuesDataRowProps = {
   showFalsePositiveAction?: boolean
   onFalsePositiveSuccess?: (cveNumber: string) => void | Promise<void>
   onRiskAcceptanceSuccess?: (cveNumber: string) => void | Promise<void>
+  onMitigateManuallySuccess?: (cveNumber: string) => void | Promise<void>
 }
 
 export const IssuesDataRow = ({
@@ -51,10 +53,12 @@ export const IssuesDataRow = ({
   showFalsePositiveAction = true,
   onFalsePositiveSuccess,
   onRiskAcceptanceSuccess,
+  onMitigateManuallySuccess,
 }: IssuesDataRowProps) => {
   const [isExpanded, setIsExpanded] = useState(false)
   const [isModalOpen, setIsModalOpen] = useState(false)
   const [isRiskAcceptanceModalOpen, setIsRiskAcceptanceModalOpen] = useState(false)
+  const [isMitigateManuallyModalOpen, setIsMitigateManuallyModalOpen] = useState(false)
   const [isSubmitting, setIsSubmitting] = useState(false)
   const { needsExpansion, textRef } = useTextOverflow(issue?.description || "")
   const { apiClient, queryClient } = useRouteContext({ from: "/services/$service" })
@@ -158,6 +162,49 @@ export const IssuesDataRow = ({
     }
   }
 
+  const handleMitigateManuallyConfirm = async (input: RemediationInput): Promise<{ error: string } | void> => {
+    setIsSubmitting(true)
+    try {
+      const remediation = await createRemediation({ apiClient, input })
+      const cveNumber = issue?.name || "unknown"
+      if (remediation) {
+        queryClient.setQueriesData(
+          {
+            predicate: (query) => {
+              const [key, filter] = query.queryKey as [string, any]
+              if (key !== "remediations") return false
+              if (filter?.service && !filter.service.includes(service)) return false
+              if (filter?.image && !filter.image.includes(image)) return false
+              if (filter?.vulnerability && !filter.vulnerability.includes(cveNumber)) return false
+              return true
+            },
+          },
+          (old: any) => {
+            if (!old?.data?.Remediations) return old
+            const edges = old.data.Remediations.edges ?? []
+            if (edges.some((e: any) => e?.node?.id === remediation.id)) return old
+            return {
+              ...old,
+              data: {
+                ...old.data,
+                Remediations: {
+                  ...old.data.Remediations,
+                  edges: [...edges, { node: remediation }],
+                  totalCount: (old.data.Remediations.totalCount ?? 0) + 1,
+                },
+              },
+            }
+          }
+        )
+      }
+      await onMitigateManuallySuccess?.(cveNumber)
+    } catch (error) {
+      return { error: error instanceof Error ? error.message : "Failed to create remediation" }
+    } finally {
+      setIsSubmitting(false)
+    }
+  }
+
   return (
     <>
       <DataGridRow>
@@ -207,6 +254,7 @@ export const IssuesDataRow = ({
                 <PopupMenuOptions>
                   <PopupMenuItem label="Mark False Positive" onClick={() => setIsModalOpen(true)} />
                   <PopupMenuItem label="Accept Risk" onClick={() => setIsRiskAcceptanceModalOpen(true)} />
+                  <PopupMenuItem label="Mitigate Manually" onClick={() => setIsMitigateManuallyModalOpen(true)} />
                 </PopupMenuOptions>
               </PopupMenu>
             )}
@@ -233,6 +281,15 @@ export const IssuesDataRow = ({
             service={service}
             image={image}
           />
+          <MitigateManuallyModal
+            open={isMitigateManuallyModalOpen}
+            onClose={() => setIsMitigateManuallyModalOpen(false)}
+            onConfirm={handleMitigateManuallyConfirm}
+            vulnerability={issue.name}
+            severity={issue.severity}
+            service={service}
+            image={image}
+          />
         </>
       )}
     </>
diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx
index 9e31ca3543..f0cd9ec481 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx
@@ -123,6 +123,7 @@ function renderWithRouter(
           image="repo/image"
           onFalsePositiveSuccess={() => {}}
           onRiskAcceptanceSuccess={() => {}}
+          onMitigateManuallySuccess={() => {}}
         />
       </Suspense>
     ),
@@ -169,6 +170,7 @@ describe("IssuesDataRows — active/remediated split", () => {
             image="repo/image"
             onFalsePositiveSuccess={() => {}}
             onRiskAcceptanceSuccess={() => {}}
+          onMitigateManuallySuccess={() => {}}
           />
         </Suspense>
       )
@@ -209,6 +211,7 @@ describe("IssuesDataRows — active/remediated split", () => {
             image="repo/image"
             onFalsePositiveSuccess={() => {}}
             onRiskAcceptanceSuccess={() => {}}
+          onMitigateManuallySuccess={() => {}}
           />
         </Suspense>
       )
diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/index.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/index.tsx
index 4e60492bc2..2d741e4b3e 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/index.tsx
@@ -17,6 +17,7 @@ type IssuesDataRowsProps = {
   image: string
   onFalsePositiveSuccess: (cveNumber: string) => void | Promise<void>
   onRiskAcceptanceSuccess: (cveNumber: string) => void | Promise<void>
+  onMitigateManuallySuccess: (cveNumber: string) => void | Promise<void>
 }
 
 export const IssuesDataRows = ({
@@ -26,6 +27,7 @@ export const IssuesDataRows = ({
   image,
   onFalsePositiveSuccess,
   onRiskAcceptanceSuccess,
+  onMitigateManuallySuccess,
 }: IssuesDataRowsProps) => {
   const { error, data } = use(issuesPromise)
   const remediationsResult = use(remediationsPromise)
@@ -55,6 +57,7 @@ export const IssuesDataRows = ({
       image={image}
       onFalsePositiveSuccess={onFalsePositiveSuccess}
       onRiskAcceptanceSuccess={onRiskAcceptanceSuccess}
+      onMitigateManuallySuccess={onMitigateManuallySuccess}
     />
   ))
 }
diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediatedIssuesDataRows/RemediatedIssueDataRow/index.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediatedIssuesDataRows/RemediatedIssueDataRow/index.tsx
index a889f81068..f128af43c1 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediatedIssuesDataRows/RemediatedIssueDataRow/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediatedIssuesDataRows/RemediatedIssueDataRow/index.tsx
@@ -20,6 +20,7 @@ import { ImageVulnerability } from "../../../../../Services/utils"
 import { getSeverityColor, useTextOverflow } from "../../../../../../utils"
 import { FalsePositiveModal } from "../../../FalsePositiveModal"
 import { RiskAcceptanceModal } from "../../../RiskAcceptanceModal"
+import { MitigateManuallyModal } from "../../../MitigateManuallyModal"
 import { useRouteContext } from "@tanstack/react-router"
 import { createRemediation } from "../../../../../../api/createRemediation"
 import { RemediationInput, RemediationTypeValues } from "../../../../../../generated/graphql"
@@ -54,6 +55,7 @@ export const RemediatedIssueDataRow = ({
   const [isExpanded, setIsExpanded] = useState(false)
   const [isFalsePositiveModalOpen, setIsFalsePositiveModalOpen] = useState(false)
   const [isRiskAcceptanceModalOpen, setIsRiskAcceptanceModalOpen] = useState(false)
+  const [isMitigateManuallyModalOpen, setIsMitigateManuallyModalOpen] = useState(false)
   const [isSubmitting, setIsSubmitting] = useState(false)
   const { needsExpansion, textRef } = useTextOverflow(issue?.description || "")
   const { apiClient, queryClient } = useRouteContext({ from: "/services/$service" })
@@ -179,6 +181,7 @@ export const RemediatedIssueDataRow = ({
               <PopupMenuOptions>
                 <PopupMenuItem label="Mark False Positive" onClick={() => setIsFalsePositiveModalOpen(true)} />
                 <PopupMenuItem label="Accept Risk" onClick={() => setIsRiskAcceptanceModalOpen(true)} />
+                <PopupMenuItem label="Mitigate Manually" onClick={() => setIsMitigateManuallyModalOpen(true)} />
               </PopupMenuOptions>
             </PopupMenu>
           )}
@@ -202,6 +205,15 @@ export const RemediatedIssueDataRow = ({
         service={service}
         image={image}
       />
+      <MitigateManuallyModal
+        open={isMitigateManuallyModalOpen}
+        onClose={() => setIsMitigateManuallyModalOpen(false)}
+        onConfirm={handleRemediationConfirm}
+        vulnerability={issue.name}
+        severity={issue.severity}
+        service={service}
+        image={image}
+      />
     </>
   )
 }
diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/index.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/index.tsx
index 52dac08d93..4f8dbfa36c 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/index.tsx
@@ -54,6 +54,7 @@ const VulnerabilitiesTabContent = ({
   successMessage,
   onFalsePositiveSuccess,
   onRiskAcceptanceSuccess,
+  onMitigateManuallySuccess,
 }: {
   service: string
   image: ServiceImage
@@ -64,6 +65,7 @@ const VulnerabilitiesTabContent = ({
   successMessage: string | null
   onFalsePositiveSuccess: (cveNumber: string) => void | Promise<void>
   onRiskAcceptanceSuccess: (cveNumber: string) => void | Promise<void>
+  onMitigateManuallySuccess: (cveNumber: string) => void | Promise<void>
 }) => {
   return (
     <>
@@ -107,6 +109,7 @@ const VulnerabilitiesTabContent = ({
                 image={image.repository}
                 onFalsePositiveSuccess={onFalsePositiveSuccess}
                 onRiskAcceptanceSuccess={onRiskAcceptanceSuccess}
+                onMitigateManuallySuccess={onMitigateManuallySuccess}
               />
             </Suspense>
           </ErrorBoundary>
@@ -349,10 +352,20 @@ export const ImageIssuesList = ({
     )
   }, [])
 
+  const handleMitigateManuallySuccess = useCallback((cveNumber: string) => {
+    setVulnerabilitiesSuccessMessage(
+      `Vulnerability ${cveNumber} has been manually mitigated and moved to the Remediated list.`
+    )
+  }, [])
+
   const handleRemediatedTabRemediationSuccess = useCallback(
     (cveNumber: string, remediationType: RemediationTypeValues) => {
       const remediationTypeLabel =
-        remediationType === RemediationTypeValues.FalsePositive ? "a false positive" : "a risk acceptance"
+        remediationType === RemediationTypeValues.FalsePositive
+          ? "a false positive"
+          : remediationType === RemediationTypeValues.Mitigation
+            ? "manually mitigated"
+            : "a risk acceptance"
       const text = `Vulnerability ${cveNumber} has been marked as ${remediationTypeLabel}.`
       setRemediatedSuccessMessage(text)
     },
@@ -377,6 +390,7 @@ export const ImageIssuesList = ({
             successMessage={vulnerabilitiesSuccessMessage}
             onFalsePositiveSuccess={handleFalsePositiveSuccess}
             onRiskAcceptanceSuccess={handleRiskAcceptanceSuccess}
+            onMitigateManuallySuccess={handleMitigateManuallySuccess}
           />
         </TabPanel>
         <TabPanel>
diff --git a/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx
new file mode 100644
index 0000000000..2a647afbda
--- /dev/null
+++ b/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx
@@ -0,0 +1,227 @@
+/*
+ * SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Juno contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React, { useState, useRef, useEffect } from "react"
+import {
+  Modal,
+  ModalFooter,
+  Button,
+  Stack,
+  Textarea,
+  TextInput,
+  DateTimePicker,
+  Message,
+} from "@cloudoperators/juno-ui-components"
+import { RemediationInput, RemediationTypeValues, SeverityValues } from "../../../../generated/graphql"
+import { useAuth } from "@cloudoperators/greenhouse-auth-provider"
+
+type MitigateManuallyModalProps = {
+  open: boolean
+  onClose: () => void
+  onConfirm: (input: RemediationInput) => Promise<{ error: string } | void>
+  vulnerability: string
+  severity?: string
+  service: string
+  image: string
+}
+
+const CONFIRM_LABEL = "Mitigate Manually"
+const CANCEL_LABEL = "Cancel"
+
+const toSeverityValue = (severity: string): SeverityValues | undefined => {
+  if (!severity) return undefined
+  const normalized = severity.charAt(0).toUpperCase() + severity.slice(1).toLowerCase()
+  const value = normalized as SeverityValues
+  return Object.values(SeverityValues).includes(value) ? value : undefined
+}
+
+export const MitigateManuallyModal: React.FC<MitigateManuallyModalProps> = ({
+  open,
+  onClose,
+  onConfirm,
+  vulnerability,
+  severity,
+  service,
+  image,
+}) => {
+  const auth = useAuth()
+  const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
+  const [description, setDescription] = useState<string>("")
+  const [manualUserId, setManualUserId] = useState<string>("")
+  const [expirationDate, setExpirationDate] = useState<Date | null>(null)
+  const [isSubmitting, setIsSubmitting] = useState(false)
+  const [descriptionError, setDescriptionError] = useState<string>("")
+  const [userIdError, setUserIdError] = useState<string>("")
+  const [expirationDateError, setExpirationDateError] = useState<string>("")
+  const [apiError, setApiError] = useState<string | null>(null)
+  const isMountedRef = useRef(true)
+
+  const manualUserIdTrimmed = manualUserId.trim()
+  const remediatedBy = authUserId ?? (manualUserIdTrimmed || undefined)
+  const isUserIdValid = !!remediatedBy
+
+  useEffect(() => {
+    isMountedRef.current = true
+    return () => {
+      isMountedRef.current = false
+    }
+  }, [])
+
+  useEffect(() => {
+    if (!open) {
+      setDescription("")
+      setManualUserId("")
+      setExpirationDate(null)
+      setDescriptionError("")
+      setUserIdError("")
+      setExpirationDateError("")
+      setApiError(null)
+    }
+  }, [open])
+
+  const descriptionTrimmed = description.trim()
+
+  const handleConfirm = async () => {
+    if (!descriptionTrimmed) {
+      setDescriptionError("Description is required")
+      return
+    }
+    if (!remediatedBy) {
+      setUserIdError("User ID is required")
+      return
+    }
+    if (!expirationDate) {
+      setExpirationDateError("Expiration date is required")
+      return
+    }
+
+    setDescriptionError("")
+    setUserIdError("")
+    setExpirationDateError("")
+    setIsSubmitting(true)
+    try {
+      const severityValue = severity ? toSeverityValue(severity) : undefined
+      const input: RemediationInput = {
+        type: RemediationTypeValues.Mitigation,
+        vulnerability,
+        service,
+        image,
+        description: descriptionTrimmed,
+        ...(remediatedBy && { remediatedBy }),
+        ...(severityValue !== undefined && { severity: severityValue }),
+        expirationDate: expirationDate.toISOString(),
+      }
+      const result = await onConfirm(input)
+      if (result?.error) {
+        setApiError(result.error)
+      } else if (isMountedRef.current) {
+        setDescription("")
+        setManualUserId("")
+        setExpirationDate(null)
+        onClose()
+      }
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Failed to create remediation"
+      setApiError(message)
+    } finally {
+      setIsSubmitting(false)
+    }
+  }
+
+  const handleClose = () => {
+    setDescription("")
+    setManualUserId("")
+    setExpirationDate(null)
+    setDescriptionError("")
+    setUserIdError("")
+    setExpirationDateError("")
+    setApiError(null)
+    onClose()
+  }
+
+  const handleDescriptionChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
+    setDescription(e.target.value)
+    if (descriptionError) {
+      setDescriptionError("")
+    }
+  }
+
+  return (
+    <Modal
+      title="Mitigate Manually"
+      open={open}
+      onCancel={handleClose}
+      modalFooter={
+        <ModalFooter>
+          <Stack direction="horizontal" gap="2" distribution="end" className="w-full">
+            <Button onClick={handleClose} label={CANCEL_LABEL} disabled={isSubmitting} />
+            <Button
+              onClick={handleConfirm}
+              label={CONFIRM_LABEL}
+              variant="primary"
+              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate}
+            />
+          </Stack>
+        </ModalFooter>
+      }
+    >
+      <Stack gap="4" direction="vertical">
+        {apiError && <Message text={apiError} variant="error" />}
+        <div>
+          <strong>Vulnerability:</strong> {vulnerability}
+        </div>
+        <div>
+          <strong>Service:</strong> {service}
+        </div>
+        <div>
+          <strong>Image:</strong> {image}
+        </div>
+        <div>
+          <TextInput
+            label="User ID"
+            value={authUserId ?? manualUserId}
+            onChange={(e) => {
+              setManualUserId(e.target.value)
+              if (userIdError) setUserIdError("")
+            }}
+            disabled={!!authUserId}
+            required
+            invalid={!!userIdError}
+            errortext={userIdError}
+            placeholder={authUserId ? undefined : "Enter your user ID"}
+            helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
+          />
+        </div>
+        <div>
+          <DateTimePicker
+            label="Expiration Date"
+            value={expirationDate ?? undefined}
+            onChange={(dates) => {
+              setExpirationDate(dates?.[0] ?? null)
+              if (expirationDateError) setExpirationDateError("")
+            }}
+            minDate="today"
+            required
+            invalid={!!expirationDateError}
+            errortext={expirationDateError}
+            helptext="When this mitigation should no longer be considered valid."
+          />
+        </div>
+        <div>
+          <Textarea
+            label="Description"
+            placeholder="Add a description explaining the manual mitigation applied..."
+            value={description}
+            onChange={handleDescriptionChange}
+            rows={14}
+            required
+            invalid={!!descriptionError}
+            errortext={descriptionError || ""}
+          />
+        </div>
+      </Stack>
+    </Modal>
+  )
+}

From 3b8eda57ebf04c8640e30e71ff8dd67eb4b406fa Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Tue, 19 May 2026 19:06:39 +0200
Subject: [PATCH 02/11] style(heureka): fix indentation in
 IssuesDataRows.test.tsx

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx
index f0cd9ec481..a60423c129 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRows.test.tsx
@@ -170,7 +170,7 @@ describe("IssuesDataRows — active/remediated split", () => {
             image="repo/image"
             onFalsePositiveSuccess={() => {}}
             onRiskAcceptanceSuccess={() => {}}
-          onMitigateManuallySuccess={() => {}}
+            onMitigateManuallySuccess={() => {}}
           />
         </Suspense>
       )
@@ -211,7 +211,7 @@ describe("IssuesDataRows — active/remediated split", () => {
             image="repo/image"
             onFalsePositiveSuccess={() => {}}
             onRiskAcceptanceSuccess={() => {}}
-          onMitigateManuallySuccess={() => {}}
+            onMitigateManuallySuccess={() => {}}
           />
         </Suspense>
       )

From 4ab4279f9dca994232992105f2d6a36abfbc983d Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Tue, 19 May 2026 19:11:31 +0200
Subject: [PATCH 03/11] chore: add changeset for heureka Mitigate Manually
 feature

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .changeset/heureka-mitigate-manually.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/heureka-mitigate-manually.md

diff --git a/.changeset/heureka-mitigate-manually.md b/.changeset/heureka-mitigate-manually.md
new file mode 100644
index 0000000000..1141dd4961
--- /dev/null
+++ b/.changeset/heureka-mitigate-manually.md
@@ -0,0 +1,5 @@
+---
+"@cloudoperators/juno-app-heureka": minor
+---
+
+Add Mitigate Manually action to vulnerability rows. Users can now mark a CVE as manually mitigated from the popup menu in both the Active and Remediated vulnerability tabs. The CVE moves to the Remediated tab immediately and can be reverted via the Remediation History Panel.

From cc77b330a8ffc66cd3a2869b1a61bb846956db54 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 09:08:49 +0200
Subject: [PATCH 04/11] refactor(heureka): consolidate duplicate remediation
 handlers into single factory

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../IssuesDataRows/IssuesDataRow/index.tsx    | 170 +++++-------------
 1 file changed, 41 insertions(+), 129 deletions(-)

diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx
index 4a5556edbc..fffe41093c 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/IssuesDataRows/IssuesDataRow/index.tsx
@@ -72,138 +72,50 @@ export const IssuesDataRow = ({
     setIsExpanded(!isExpanded)
   }
 
-  const handleModalConfirm = async (input: RemediationInput): Promise<{ error: string } | void> => {
-    setIsSubmitting(true)
-    try {
-      const remediation = await createRemediation({ apiClient, input })
-      const cveNumber = issue?.name || "unknown"
-      if (remediation) {
-        queryClient.setQueriesData(
-          {
-            predicate: (query) => {
-              const [key, filter] = query.queryKey as [string, any]
-              if (key !== "remediations") return false
-              if (filter?.service && !filter.service.includes(service)) return false
-              if (filter?.image && !filter.image.includes(image)) return false
-              if (filter?.vulnerability && !filter.vulnerability.includes(cveNumber)) return false
-              return true
-            },
-          },
-
-          (old: any) => {
-            if (!old?.data?.Remediations) return old
-            const edges = old.data.Remediations.edges ?? []
-
-            if (edges.some((e: any) => e?.node?.id === remediation.id)) return old
-            return {
-              ...old,
-              data: {
-                ...old.data,
-                Remediations: {
-                  ...old.data.Remediations,
-                  edges: [...edges, { node: remediation }],
-                  totalCount: (old.data.Remediations.totalCount ?? 0) + 1,
-                },
+  const makeRemediationHandler =
+    (onSuccess?: (cveNumber: string) => void | Promise<void>) =>
+    async (input: RemediationInput): Promise<{ error: string } | void> => {
+      setIsSubmitting(true)
+      try {
+        const remediation = await createRemediation({ apiClient, input })
+        const cveNumber = issue?.name || "unknown"
+        if (remediation) {
+          queryClient.setQueriesData(
+            {
+              predicate: (query) => {
+                const [key, filter] = query.queryKey as [string, any]
+                if (key !== "remediations") return false
+                if (filter?.service && !filter.service.includes(service)) return false
+                if (filter?.image && !filter.image.includes(image)) return false
+                if (filter?.vulnerability && !filter.vulnerability.includes(cveNumber)) return false
+                return true
               },
-            }
-          }
-        )
-      }
-      await onFalsePositiveSuccess?.(cveNumber)
-    } catch (error) {
-      return { error: error instanceof Error ? error.message : "Failed to create remediation" }
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  const handleRiskAcceptanceConfirm = async (input: RemediationInput): Promise<{ error: string } | void> => {
-    setIsSubmitting(true)
-    try {
-      const remediation = await createRemediation({ apiClient, input })
-      const cveNumber = issue?.name || "unknown"
-      if (remediation) {
-        queryClient.setQueriesData(
-          {
-            predicate: (query) => {
-              const [key, filter] = query.queryKey as [string, any]
-              if (key !== "remediations") return false
-              if (filter?.service && !filter.service.includes(service)) return false
-              if (filter?.image && !filter.image.includes(image)) return false
-              if (filter?.vulnerability && !filter.vulnerability.includes(cveNumber)) return false
-              return true
             },
-          },
-
-          (old: any) => {
-            if (!old?.data?.Remediations) return old
-            const edges = old.data.Remediations.edges ?? []
-
-            if (edges.some((e: any) => e?.node?.id === remediation.id)) return old
-            return {
-              ...old,
-              data: {
-                ...old.data,
-                Remediations: {
-                  ...old.data.Remediations,
-                  edges: [...edges, { node: remediation }],
-                  totalCount: (old.data.Remediations.totalCount ?? 0) + 1,
+            (old: any) => {
+              if (!old?.data?.Remediations) return old
+              const edges = old.data.Remediations.edges ?? []
+              if (edges.some((e: any) => e?.node?.id === remediation.id)) return old
+              return {
+                ...old,
+                data: {
+                  ...old.data,
+                  Remediations: {
+                    ...old.data.Remediations,
+                    edges: [...edges, { node: remediation }],
+                    totalCount: (old.data.Remediations.totalCount ?? 0) + 1,
+                  },
                 },
-              },
-            }
-          }
-        )
-      }
-      await onRiskAcceptanceSuccess?.(cveNumber)
-    } catch (error) {
-      return { error: error instanceof Error ? error.message : "Failed to create remediation" }
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  const handleMitigateManuallyConfirm = async (input: RemediationInput): Promise<{ error: string } | void> => {
-    setIsSubmitting(true)
-    try {
-      const remediation = await createRemediation({ apiClient, input })
-      const cveNumber = issue?.name || "unknown"
-      if (remediation) {
-        queryClient.setQueriesData(
-          {
-            predicate: (query) => {
-              const [key, filter] = query.queryKey as [string, any]
-              if (key !== "remediations") return false
-              if (filter?.service && !filter.service.includes(service)) return false
-              if (filter?.image && !filter.image.includes(image)) return false
-              if (filter?.vulnerability && !filter.vulnerability.includes(cveNumber)) return false
-              return true
-            },
-          },
-          (old: any) => {
-            if (!old?.data?.Remediations) return old
-            const edges = old.data.Remediations.edges ?? []
-            if (edges.some((e: any) => e?.node?.id === remediation.id)) return old
-            return {
-              ...old,
-              data: {
-                ...old.data,
-                Remediations: {
-                  ...old.data.Remediations,
-                  edges: [...edges, { node: remediation }],
-                  totalCount: (old.data.Remediations.totalCount ?? 0) + 1,
-                },
-              },
+              }
             }
-          }
-        )
+          )
+        }
+        await onSuccess?.(cveNumber)
+      } catch (error) {
+        return { error: error instanceof Error ? error.message : "Failed to create remediation" }
+      } finally {
+        setIsSubmitting(false)
       }
-      await onMitigateManuallySuccess?.(cveNumber)
-    } catch (error) {
-      return { error: error instanceof Error ? error.message : "Failed to create remediation" }
-    } finally {
-      setIsSubmitting(false)
     }
-  }
 
   return (
     <>
@@ -266,7 +178,7 @@ export const IssuesDataRow = ({
           <FalsePositiveModal
             open={isModalOpen}
             onClose={() => setIsModalOpen(false)}
-            onConfirm={handleModalConfirm}
+            onConfirm={makeRemediationHandler(onFalsePositiveSuccess)}
             vulnerability={issue.name}
             severity={issue.severity}
             service={service}
@@ -275,7 +187,7 @@ export const IssuesDataRow = ({
           <RiskAcceptanceModal
             open={isRiskAcceptanceModalOpen}
             onClose={() => setIsRiskAcceptanceModalOpen(false)}
-            onConfirm={handleRiskAcceptanceConfirm}
+            onConfirm={makeRemediationHandler(onRiskAcceptanceSuccess)}
             vulnerability={issue.name}
             severity={issue.severity}
             service={service}
@@ -284,7 +196,7 @@ export const IssuesDataRow = ({
           <MitigateManuallyModal
             open={isMitigateManuallyModalOpen}
             onClose={() => setIsMitigateManuallyModalOpen(false)}
-            onConfirm={handleMitigateManuallyConfirm}
+            onConfirm={makeRemediationHandler(onMitigateManuallySuccess)}
             vulnerability={issue.name}
             severity={issue.severity}
             service={service}

From 137879451fd37a529d24099398191594e1bd2764 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 09:18:58 +0200
Subject: [PATCH 05/11] chore(heureka): downgrade changeset from minor to patch

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .changeset/heureka-mitigate-manually.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.changeset/heureka-mitigate-manually.md b/.changeset/heureka-mitigate-manually.md
index 1141dd4961..215e7dcfd2 100644
--- a/.changeset/heureka-mitigate-manually.md
+++ b/.changeset/heureka-mitigate-manually.md
@@ -1,5 +1,5 @@
 ---
-"@cloudoperators/juno-app-heureka": minor
+"@cloudoperators/juno-app-heureka": patch
 ---
 
 Add Mitigate Manually action to vulnerability rows. Users can now mark a CVE as manually mitigated from the popup menu in both the Active and Remediated vulnerability tabs. The CVE moves to the Remediated tab immediately and can be reverted via the Remediation History Panel.

From 95af0f09dc8a7524da8948f1d9684950dad771f7 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 09:23:59 +0200
Subject: [PATCH 06/11] refactor(heureka): extract shared RemediationModal to
 eliminate triplicated modal code

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../ImageDetails/FalsePositiveModal/index.tsx | 225 +--------------
 .../MitigateManuallyModal/index.tsx           | 224 +--------------
 .../ImageDetails/RemediationModal/index.tsx   | 259 ++++++++++++++++++
 .../RiskAcceptanceModal/index.tsx             | 246 +----------------
 4 files changed, 299 insertions(+), 655 deletions(-)
 create mode 100644 apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx

diff --git a/apps/heureka/src/components/Service/ImageDetails/FalsePositiveModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/FalsePositiveModal/index.tsx
index 788f1b6d76..42c6e1b211 100644
--- a/apps/heureka/src/components/Service/ImageDetails/FalsePositiveModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/FalsePositiveModal/index.tsx
@@ -3,19 +3,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import React, { useState, useRef, useEffect } from "react"
-import {
-  Modal,
-  ModalFooter,
-  Button,
-  Stack,
-  Textarea,
-  TextInput,
-  DateTimePicker,
-  Message,
-} from "@cloudoperators/juno-ui-components"
-import { RemediationInput, RemediationTypeValues, SeverityValues } from "../../../../generated/graphql"
-import { useAuth } from "@cloudoperators/greenhouse-auth-provider"
+import React from "react"
+import { RemediationInput, RemediationTypeValues } from "../../../../generated/graphql"
+import { RemediationModal } from "../RemediationModal"
 
 type FalsePositiveModalProps = {
   open: boolean
@@ -27,202 +17,13 @@ type FalsePositiveModalProps = {
   image: string
 }
 
-const CONFIRM_LABEL = "Mark as False Positive"
-const CANCEL_LABEL = "Cancel"
-
-const toSeverityValue = (severity: string): SeverityValues | undefined => {
-  if (!severity) return undefined
-  const normalized = severity.charAt(0).toUpperCase() + severity.slice(1).toLowerCase()
-  const value = normalized as SeverityValues
-  return Object.values(SeverityValues).includes(value) ? value : undefined
-}
-
-export const FalsePositiveModal: React.FC<FalsePositiveModalProps> = ({
-  open,
-  onClose,
-  onConfirm,
-  vulnerability,
-  severity,
-  service,
-  image,
-}) => {
-  const auth = useAuth()
-  const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
-  const [description, setDescription] = useState<string>("")
-  const [manualUserId, setManualUserId] = useState<string>("")
-  const [expirationDate, setExpirationDate] = useState<Date | null>(null)
-  const [isSubmitting, setIsSubmitting] = useState(false)
-  const [descriptionError, setDescriptionError] = useState<string>("")
-  const [userIdError, setUserIdError] = useState<string>("")
-  const [expirationDateError, setExpirationDateError] = useState<string>("")
-  const [apiError, setApiError] = useState<string | null>(null)
-  const isMountedRef = useRef(true)
-
-  const manualUserIdTrimmed = manualUserId.trim()
-  const remediatedBy = authUserId ?? (manualUserIdTrimmed || undefined)
-  const isUserIdValid = !!remediatedBy
-
-  useEffect(() => {
-    isMountedRef.current = true
-    return () => {
-      isMountedRef.current = false
-    }
-  }, [])
-
-  useEffect(() => {
-    if (!open) {
-      setDescription("")
-      setManualUserId("")
-      setExpirationDate(null)
-      setDescriptionError("")
-      setUserIdError("")
-      setExpirationDateError("")
-      setApiError(null)
-    }
-  }, [open])
-
-  const descriptionTrimmed = description.trim()
-
-  const handleConfirm = async () => {
-    if (!descriptionTrimmed) {
-      setDescriptionError("Description is required")
-      return
-    }
-    if (!remediatedBy) {
-      setUserIdError("User ID is required")
-      return
-    }
-    if (!expirationDate) {
-      setExpirationDateError("Expiration date is required")
-      return
-    }
-
-    setDescriptionError("")
-    setUserIdError("")
-    setExpirationDateError("")
-    setIsSubmitting(true)
-    try {
-      const severityValue = severity ? toSeverityValue(severity) : undefined
-      const input: RemediationInput = {
-        type: RemediationTypeValues.FalsePositive,
-        vulnerability,
-        service,
-        image,
-        description: descriptionTrimmed,
-        ...(remediatedBy && { remediatedBy }),
-        ...(severityValue !== undefined && { severity: severityValue }),
-        expirationDate: expirationDate.toISOString(),
-      }
-      const result = await onConfirm(input)
-      if (result?.error) {
-        setApiError(result.error)
-      } else if (isMountedRef.current) {
-        setDescription("")
-        setManualUserId("")
-        setExpirationDate(null)
-        onClose()
-      }
-    } catch (error) {
-      const message = error instanceof Error ? error.message : "Failed to create remediation"
-      setApiError(message)
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  const handleClose = () => {
-    setDescription("")
-    setManualUserId("")
-    setExpirationDate(null)
-    setDescriptionError("")
-    setUserIdError("")
-    setExpirationDateError("")
-    setApiError(null)
-    onClose()
-  }
-
-  const handleDescriptionChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
-    setDescription(e.target.value)
-    // Clear error when user starts typing
-    if (descriptionError) {
-      setDescriptionError("")
-    }
-  }
-
-  return (
-    <Modal
-      title="Mark as False Positive"
-      open={open}
-      onCancel={handleClose}
-      modalFooter={
-        <ModalFooter>
-          <Stack direction="horizontal" gap="2" distribution="end" className="w-full">
-            <Button onClick={handleClose} label={CANCEL_LABEL} disabled={isSubmitting} />
-            <Button
-              onClick={handleConfirm}
-              label={CONFIRM_LABEL}
-              variant="primary"
-              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate}
-            />
-          </Stack>
-        </ModalFooter>
-      }
-    >
-      <Stack gap="4" direction="vertical">
-        {apiError && <Message text={apiError} variant="error" />}
-        <div>
-          <strong>Vulnerability:</strong> {vulnerability}
-        </div>
-        <div>
-          <strong>Service:</strong> {service}
-        </div>
-        <div>
-          <strong>Image:</strong> {image}
-        </div>
-        <div>
-          <TextInput
-            label="User ID"
-            value={authUserId ?? manualUserId}
-            onChange={(e) => {
-              setManualUserId(e.target.value)
-              if (userIdError) setUserIdError("")
-            }}
-            disabled={!!authUserId}
-            required
-            invalid={!!userIdError}
-            errortext={userIdError}
-            placeholder={authUserId ? undefined : "Enter your user ID"}
-            helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
-          />
-        </div>
-        <div>
-          <DateTimePicker
-            label="Expiration Date"
-            value={expirationDate ?? undefined}
-            onChange={(dates) => {
-              setExpirationDate(dates?.[0] ?? null)
-              if (expirationDateError) setExpirationDateError("")
-            }}
-            minDate="today"
-            required
-            invalid={!!expirationDateError}
-            errortext={expirationDateError}
-            helptext="When this false positive should no longer be considered valid."
-          />
-        </div>
-        <div>
-          <Textarea
-            label="Description"
-            placeholder="Add a description explaining why this is a false positive..."
-            value={description}
-            onChange={handleDescriptionChange}
-            rows={14}
-            required
-            invalid={!!descriptionError}
-            errortext={descriptionError || ""}
-          />
-        </div>
-      </Stack>
-    </Modal>
-  )
-}
+export const FalsePositiveModal: React.FC<FalsePositiveModalProps> = (props) => (
+  <RemediationModal
+    {...props}
+    title="Mark as False Positive"
+    confirmLabel="Mark as False Positive"
+    remediationType={RemediationTypeValues.FalsePositive}
+    descriptionPlaceholder="Add a description explaining why this is a false positive..."
+    expirationHelptext="When this false positive should no longer be considered valid."
+  />
+)
diff --git a/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx
index 2a647afbda..29d49da9dc 100644
--- a/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/MitigateManuallyModal/index.tsx
@@ -3,19 +3,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import React, { useState, useRef, useEffect } from "react"
-import {
-  Modal,
-  ModalFooter,
-  Button,
-  Stack,
-  Textarea,
-  TextInput,
-  DateTimePicker,
-  Message,
-} from "@cloudoperators/juno-ui-components"
-import { RemediationInput, RemediationTypeValues, SeverityValues } from "../../../../generated/graphql"
-import { useAuth } from "@cloudoperators/greenhouse-auth-provider"
+import React from "react"
+import { RemediationInput, RemediationTypeValues } from "../../../../generated/graphql"
+import { RemediationModal } from "../RemediationModal"
 
 type MitigateManuallyModalProps = {
   open: boolean
@@ -27,201 +17,13 @@ type MitigateManuallyModalProps = {
   image: string
 }
 
-const CONFIRM_LABEL = "Mitigate Manually"
-const CANCEL_LABEL = "Cancel"
-
-const toSeverityValue = (severity: string): SeverityValues | undefined => {
-  if (!severity) return undefined
-  const normalized = severity.charAt(0).toUpperCase() + severity.slice(1).toLowerCase()
-  const value = normalized as SeverityValues
-  return Object.values(SeverityValues).includes(value) ? value : undefined
-}
-
-export const MitigateManuallyModal: React.FC<MitigateManuallyModalProps> = ({
-  open,
-  onClose,
-  onConfirm,
-  vulnerability,
-  severity,
-  service,
-  image,
-}) => {
-  const auth = useAuth()
-  const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
-  const [description, setDescription] = useState<string>("")
-  const [manualUserId, setManualUserId] = useState<string>("")
-  const [expirationDate, setExpirationDate] = useState<Date | null>(null)
-  const [isSubmitting, setIsSubmitting] = useState(false)
-  const [descriptionError, setDescriptionError] = useState<string>("")
-  const [userIdError, setUserIdError] = useState<string>("")
-  const [expirationDateError, setExpirationDateError] = useState<string>("")
-  const [apiError, setApiError] = useState<string | null>(null)
-  const isMountedRef = useRef(true)
-
-  const manualUserIdTrimmed = manualUserId.trim()
-  const remediatedBy = authUserId ?? (manualUserIdTrimmed || undefined)
-  const isUserIdValid = !!remediatedBy
-
-  useEffect(() => {
-    isMountedRef.current = true
-    return () => {
-      isMountedRef.current = false
-    }
-  }, [])
-
-  useEffect(() => {
-    if (!open) {
-      setDescription("")
-      setManualUserId("")
-      setExpirationDate(null)
-      setDescriptionError("")
-      setUserIdError("")
-      setExpirationDateError("")
-      setApiError(null)
-    }
-  }, [open])
-
-  const descriptionTrimmed = description.trim()
-
-  const handleConfirm = async () => {
-    if (!descriptionTrimmed) {
-      setDescriptionError("Description is required")
-      return
-    }
-    if (!remediatedBy) {
-      setUserIdError("User ID is required")
-      return
-    }
-    if (!expirationDate) {
-      setExpirationDateError("Expiration date is required")
-      return
-    }
-
-    setDescriptionError("")
-    setUserIdError("")
-    setExpirationDateError("")
-    setIsSubmitting(true)
-    try {
-      const severityValue = severity ? toSeverityValue(severity) : undefined
-      const input: RemediationInput = {
-        type: RemediationTypeValues.Mitigation,
-        vulnerability,
-        service,
-        image,
-        description: descriptionTrimmed,
-        ...(remediatedBy && { remediatedBy }),
-        ...(severityValue !== undefined && { severity: severityValue }),
-        expirationDate: expirationDate.toISOString(),
-      }
-      const result = await onConfirm(input)
-      if (result?.error) {
-        setApiError(result.error)
-      } else if (isMountedRef.current) {
-        setDescription("")
-        setManualUserId("")
-        setExpirationDate(null)
-        onClose()
-      }
-    } catch (error) {
-      const message = error instanceof Error ? error.message : "Failed to create remediation"
-      setApiError(message)
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  const handleClose = () => {
-    setDescription("")
-    setManualUserId("")
-    setExpirationDate(null)
-    setDescriptionError("")
-    setUserIdError("")
-    setExpirationDateError("")
-    setApiError(null)
-    onClose()
-  }
-
-  const handleDescriptionChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
-    setDescription(e.target.value)
-    if (descriptionError) {
-      setDescriptionError("")
-    }
-  }
-
-  return (
-    <Modal
-      title="Mitigate Manually"
-      open={open}
-      onCancel={handleClose}
-      modalFooter={
-        <ModalFooter>
-          <Stack direction="horizontal" gap="2" distribution="end" className="w-full">
-            <Button onClick={handleClose} label={CANCEL_LABEL} disabled={isSubmitting} />
-            <Button
-              onClick={handleConfirm}
-              label={CONFIRM_LABEL}
-              variant="primary"
-              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate}
-            />
-          </Stack>
-        </ModalFooter>
-      }
-    >
-      <Stack gap="4" direction="vertical">
-        {apiError && <Message text={apiError} variant="error" />}
-        <div>
-          <strong>Vulnerability:</strong> {vulnerability}
-        </div>
-        <div>
-          <strong>Service:</strong> {service}
-        </div>
-        <div>
-          <strong>Image:</strong> {image}
-        </div>
-        <div>
-          <TextInput
-            label="User ID"
-            value={authUserId ?? manualUserId}
-            onChange={(e) => {
-              setManualUserId(e.target.value)
-              if (userIdError) setUserIdError("")
-            }}
-            disabled={!!authUserId}
-            required
-            invalid={!!userIdError}
-            errortext={userIdError}
-            placeholder={authUserId ? undefined : "Enter your user ID"}
-            helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
-          />
-        </div>
-        <div>
-          <DateTimePicker
-            label="Expiration Date"
-            value={expirationDate ?? undefined}
-            onChange={(dates) => {
-              setExpirationDate(dates?.[0] ?? null)
-              if (expirationDateError) setExpirationDateError("")
-            }}
-            minDate="today"
-            required
-            invalid={!!expirationDateError}
-            errortext={expirationDateError}
-            helptext="When this mitigation should no longer be considered valid."
-          />
-        </div>
-        <div>
-          <Textarea
-            label="Description"
-            placeholder="Add a description explaining the manual mitigation applied..."
-            value={description}
-            onChange={handleDescriptionChange}
-            rows={14}
-            required
-            invalid={!!descriptionError}
-            errortext={descriptionError || ""}
-          />
-        </div>
-      </Stack>
-    </Modal>
-  )
-}
+export const MitigateManuallyModal: React.FC<MitigateManuallyModalProps> = (props) => (
+  <RemediationModal
+    {...props}
+    title="Mitigate Manually"
+    confirmLabel="Mitigate Manually"
+    remediationType={RemediationTypeValues.Mitigation}
+    descriptionPlaceholder="Add a description explaining the manual mitigation applied..."
+    expirationHelptext="When this mitigation should no longer be considered valid."
+  />
+)
diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
new file mode 100644
index 0000000000..d5233c7d99
--- /dev/null
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
@@ -0,0 +1,259 @@
+/*
+ * SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Juno contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React, { useState, useRef, useEffect } from "react"
+import {
+  Modal,
+  ModalFooter,
+  Button,
+  Stack,
+  Textarea,
+  TextInput,
+  DateTimePicker,
+  Message,
+} from "@cloudoperators/juno-ui-components"
+import { RemediationInput, RemediationTypeValues, SeverityValues } from "../../../../generated/graphql"
+import { useAuth } from "@cloudoperators/greenhouse-auth-provider"
+
+type RemediationModalProps = {
+  open: boolean
+  onClose: () => void
+  onConfirm: (input: RemediationInput) => Promise<{ error: string } | void>
+  vulnerability: string
+  severity?: string
+  service: string
+  image: string
+  title: string
+  confirmLabel: string
+  remediationType: RemediationTypeValues
+  descriptionPlaceholder: string
+  expirationHelptext: string
+  showSourceTicket?: boolean
+}
+
+const toSeverityValue = (severity: string): SeverityValues | undefined => {
+  if (!severity) return undefined
+  const normalized = severity.charAt(0).toUpperCase() + severity.slice(1).toLowerCase()
+  const value = normalized as SeverityValues
+  return Object.values(SeverityValues).includes(value) ? value : undefined
+}
+
+export const RemediationModal: React.FC<RemediationModalProps> = ({
+  open,
+  onClose,
+  onConfirm,
+  vulnerability,
+  severity,
+  service,
+  image,
+  title,
+  confirmLabel,
+  remediationType,
+  descriptionPlaceholder,
+  expirationHelptext,
+  showSourceTicket = false,
+}) => {
+  const auth = useAuth()
+  const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
+  const [description, setDescription] = useState<string>("")
+  const [manualUserId, setManualUserId] = useState<string>("")
+  const [sourceTicket, setSourceTicket] = useState<string>("")
+  const [expirationDate, setExpirationDate] = useState<Date | null>(null)
+  const [isSubmitting, setIsSubmitting] = useState(false)
+  const [descriptionError, setDescriptionError] = useState<string>("")
+  const [userIdError, setUserIdError] = useState<string>("")
+  const [expirationDateError, setExpirationDateError] = useState<string>("")
+  const [apiError, setApiError] = useState<string | null>(null)
+  const isMountedRef = useRef(true)
+
+  const manualUserIdTrimmed = manualUserId.trim()
+  const remediatedBy = authUserId ?? (manualUserIdTrimmed || undefined)
+  const isUserIdValid = !!remediatedBy
+
+  useEffect(() => {
+    isMountedRef.current = true
+    return () => {
+      isMountedRef.current = false
+    }
+  }, [])
+
+  useEffect(() => {
+    if (!open) {
+      setDescription("")
+      setManualUserId("")
+      setSourceTicket("")
+      setExpirationDate(null)
+      setDescriptionError("")
+      setUserIdError("")
+      setExpirationDateError("")
+      setApiError(null)
+    }
+  }, [open])
+
+  const descriptionTrimmed = description.trim()
+  const sourceTicketTrimmed = sourceTicket.trim()
+
+  const buildDescription = () => {
+    if (showSourceTicket && sourceTicketTrimmed) {
+      return `Source Ticket: ${sourceTicketTrimmed}\n\n${descriptionTrimmed}`
+    }
+    return descriptionTrimmed
+  }
+
+  const handleConfirm = async () => {
+    if (!descriptionTrimmed) {
+      setDescriptionError("Description is required")
+      return
+    }
+    if (!remediatedBy) {
+      setUserIdError("User ID is required")
+      return
+    }
+    if (!expirationDate) {
+      setExpirationDateError("Expiration date is required")
+      return
+    }
+
+    setDescriptionError("")
+    setUserIdError("")
+    setExpirationDateError("")
+    setIsSubmitting(true)
+    try {
+      const severityValue = severity ? toSeverityValue(severity) : undefined
+      const input: RemediationInput = {
+        type: remediationType,
+        vulnerability,
+        service,
+        image,
+        description: buildDescription(),
+        ...(remediatedBy && { remediatedBy }),
+        ...(severityValue !== undefined && { severity: severityValue }),
+        expirationDate: expirationDate.toISOString(),
+      }
+      const result = await onConfirm(input)
+      if (result?.error) {
+        setApiError(result.error)
+      } else if (isMountedRef.current) {
+        setDescription("")
+        setManualUserId("")
+        setSourceTicket("")
+        setExpirationDate(null)
+        onClose()
+      }
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Failed to create remediation"
+      setApiError(message)
+    } finally {
+      setIsSubmitting(false)
+    }
+  }
+
+  const handleClose = () => {
+    setDescription("")
+    setManualUserId("")
+    setSourceTicket("")
+    setExpirationDate(null)
+    setDescriptionError("")
+    setUserIdError("")
+    setExpirationDateError("")
+    setApiError(null)
+    onClose()
+  }
+
+  const handleDescriptionChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
+    setDescription(e.target.value)
+    if (descriptionError) {
+      setDescriptionError("")
+    }
+  }
+
+  return (
+    <Modal
+      title={title}
+      open={open}
+      onCancel={handleClose}
+      modalFooter={
+        <ModalFooter>
+          <Stack direction="horizontal" gap="2" distribution="end" className="w-full">
+            <Button onClick={handleClose} label="Cancel" disabled={isSubmitting} />
+            <Button
+              onClick={handleConfirm}
+              label={confirmLabel}
+              variant="primary"
+              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate}
+            />
+          </Stack>
+        </ModalFooter>
+      }
+    >
+      <Stack gap="4" direction="vertical">
+        {apiError && <Message text={apiError} variant="error" />}
+        <div>
+          <strong>Vulnerability:</strong> {vulnerability}
+        </div>
+        <div>
+          <strong>Service:</strong> {service}
+        </div>
+        <div>
+          <strong>Image:</strong> {image}
+        </div>
+        <div>
+          <TextInput
+            label="User ID"
+            value={authUserId ?? manualUserId}
+            onChange={(e) => {
+              setManualUserId(e.target.value)
+              if (userIdError) setUserIdError("")
+            }}
+            disabled={!!authUserId}
+            required
+            invalid={!!userIdError}
+            errortext={userIdError}
+            placeholder={authUserId ? undefined : "Enter your user ID"}
+            helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
+          />
+        </div>
+        {showSourceTicket && (
+          <div>
+            <TextInput
+              label="Jira Ticket / Risk Acceptance Source Ticket"
+              value={sourceTicket}
+              onChange={(e) => setSourceTicket(e.target.value)}
+              placeholder="e.g. JIRA-1234"
+              helptext="Optional. Reference ticket for this risk acceptance decision."
+            />
+          </div>
+        )}
+        <div>
+          <DateTimePicker
+            label="Expiration Date"
+            value={expirationDate ?? undefined}
+            onChange={(dates) => {
+              setExpirationDate(dates?.[0] ?? null)
+              if (expirationDateError) setExpirationDateError("")
+            }}
+            minDate="today"
+            required
+            invalid={!!expirationDateError}
+            errortext={expirationDateError}
+            helptext={expirationHelptext}
+          />
+        </div>
+        <div>
+          <Textarea
+            label="Description"
+            placeholder={descriptionPlaceholder}
+            value={description}
+            onChange={handleDescriptionChange}
+            rows={14}
+            required
+            invalid={!!descriptionError}
+            errortext={descriptionError || ""}
+          />
+        </div>
+      </Stack>
+    </Modal>
+  )
+}
diff --git a/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx
index ab7e56ee56..e466f59a0b 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx
@@ -3,19 +3,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import React, { useState, useRef, useEffect } from "react"
-import {
-  Modal,
-  ModalFooter,
-  Button,
-  Stack,
-  Textarea,
-  TextInput,
-  DateTimePicker,
-  Message,
-} from "@cloudoperators/juno-ui-components"
-import { RemediationInput, RemediationTypeValues, SeverityValues } from "../../../../generated/graphql"
-import { useAuth } from "@cloudoperators/greenhouse-auth-provider"
+import React from "react"
+import { RemediationInput, RemediationTypeValues } from "../../../../generated/graphql"
+import { RemediationModal } from "../RemediationModal"
 
 type RiskAcceptanceModalProps = {
   open: boolean
@@ -27,222 +17,14 @@ type RiskAcceptanceModalProps = {
   image: string
 }
 
-const CONFIRM_LABEL = "Accept Risk"
-const CANCEL_LABEL = "Cancel"
-
-const toSeverityValue = (severity: string): SeverityValues | undefined => {
-  if (!severity) return undefined
-  const normalized = severity.charAt(0).toUpperCase() + severity.slice(1).toLowerCase()
-  const value = normalized as SeverityValues
-  return Object.values(SeverityValues).includes(value) ? value : undefined
-}
-
-export const RiskAcceptanceModal: React.FC<RiskAcceptanceModalProps> = ({
-  open,
-  onClose,
-  onConfirm,
-  vulnerability,
-  severity,
-  service,
-  image,
-}) => {
-  const auth = useAuth()
-  const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
-  const [description, setDescription] = useState<string>("")
-  const [manualUserId, setManualUserId] = useState<string>("")
-  const [sourceTicket, setSourceTicket] = useState<string>("")
-  const [expirationDate, setExpirationDate] = useState<Date | null>(null)
-  const [isSubmitting, setIsSubmitting] = useState(false)
-  const [descriptionError, setDescriptionError] = useState<string>("")
-  const [userIdError, setUserIdError] = useState<string>("")
-  const [expirationDateError, setExpirationDateError] = useState<string>("")
-  const [apiError, setApiError] = useState<string | null>(null)
-  const isMountedRef = useRef(true)
-
-  const manualUserIdTrimmed = manualUserId.trim()
-  const remediatedBy = authUserId ?? (manualUserIdTrimmed || undefined)
-  const isUserIdValid = !!remediatedBy
-
-  useEffect(() => {
-    isMountedRef.current = true
-    return () => {
-      isMountedRef.current = false
-    }
-  }, [])
-
-  useEffect(() => {
-    if (!open) {
-      setDescription("")
-      setManualUserId("")
-      setSourceTicket("")
-      setExpirationDate(null)
-      setDescriptionError("")
-      setUserIdError("")
-      setExpirationDateError("")
-      setApiError(null)
-    }
-  }, [open])
-
-  const descriptionTrimmed = description.trim()
-  const sourceTicketTrimmed = sourceTicket.trim()
-
-  const buildDescription = () => {
-    if (sourceTicketTrimmed) {
-      return `Source Ticket: ${sourceTicketTrimmed}\n\n${descriptionTrimmed}`
-    }
-    return descriptionTrimmed
-  }
-
-  const handleConfirm = async () => {
-    if (!descriptionTrimmed) {
-      setDescriptionError("Description is required")
-      return
-    }
-    if (!remediatedBy) {
-      setUserIdError("User ID is required")
-      return
-    }
-    if (!expirationDate) {
-      setExpirationDateError("Expiration date is required")
-      return
-    }
-
-    setDescriptionError("")
-    setUserIdError("")
-    setExpirationDateError("")
-    setIsSubmitting(true)
-    try {
-      const severityValue = severity ? toSeverityValue(severity) : undefined
-      const input: RemediationInput = {
-        type: RemediationTypeValues.RiskAccepted,
-        vulnerability,
-        service,
-        image,
-        description: buildDescription(),
-        ...(remediatedBy && { remediatedBy }),
-        ...(severityValue !== undefined && { severity: severityValue }),
-        expirationDate: expirationDate.toISOString(),
-      }
-      const result = await onConfirm(input)
-      if (result?.error) {
-        setApiError(result.error)
-      } else if (isMountedRef.current) {
-        setDescription("")
-        setManualUserId("")
-        setSourceTicket("")
-        setExpirationDate(null)
-        onClose()
-      }
-    } catch (error) {
-      const message = error instanceof Error ? error.message : "Failed to create remediation"
-      setApiError(message)
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  const handleClose = () => {
-    setDescription("")
-    setManualUserId("")
-    setSourceTicket("")
-    setExpirationDate(null)
-    setDescriptionError("")
-    setUserIdError("")
-    setExpirationDateError("")
-    setApiError(null)
-    onClose()
-  }
-
-  const handleDescriptionChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
-    setDescription(e.target.value)
-    if (descriptionError) {
-      setDescriptionError("")
-    }
-  }
-
-  return (
-    <Modal
-      title="Accept Risk"
-      open={open}
-      onCancel={handleClose}
-      modalFooter={
-        <ModalFooter>
-          <Stack direction="horizontal" gap="2" distribution="end" className="w-full">
-            <Button onClick={handleClose} label={CANCEL_LABEL} disabled={isSubmitting} />
-            <Button
-              onClick={handleConfirm}
-              label={CONFIRM_LABEL}
-              variant="primary"
-              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate}
-            />
-          </Stack>
-        </ModalFooter>
-      }
-    >
-      <Stack gap="4" direction="vertical">
-        {apiError && <Message text={apiError} variant="error" />}
-        <div>
-          <strong>Vulnerability:</strong> {vulnerability}
-        </div>
-        <div>
-          <strong>Service:</strong> {service}
-        </div>
-        <div>
-          <strong>Image:</strong> {image}
-        </div>
-        <div>
-          <TextInput
-            label="User ID"
-            value={authUserId ?? manualUserId}
-            onChange={(e) => {
-              setManualUserId(e.target.value)
-              if (userIdError) setUserIdError("")
-            }}
-            disabled={!!authUserId}
-            required
-            invalid={!!userIdError}
-            errortext={userIdError}
-            placeholder={authUserId ? undefined : "Enter your user ID"}
-            helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
-          />
-        </div>
-        <div>
-          <TextInput
-            label="Jira Ticket / Risk Acceptance Source Ticket"
-            value={sourceTicket}
-            onChange={(e) => setSourceTicket(e.target.value)}
-            placeholder="e.g. JIRA-1234"
-            helptext="Optional. Reference ticket for this risk acceptance decision."
-          />
-        </div>
-        <div>
-          <DateTimePicker
-            label="Expiration Date"
-            value={expirationDate ?? undefined}
-            onChange={(dates) => {
-              setExpirationDate(dates?.[0] ?? null)
-              if (expirationDateError) setExpirationDateError("")
-            }}
-            minDate="today"
-            required
-            invalid={!!expirationDateError}
-            errortext={expirationDateError}
-            helptext="When this risk acceptance should no longer be considered valid."
-          />
-        </div>
-        <div>
-          <Textarea
-            label="Description"
-            placeholder="Add a description explaining the reason for accepting this risk..."
-            value={description}
-            onChange={handleDescriptionChange}
-            rows={14}
-            required
-            invalid={!!descriptionError}
-            errortext={descriptionError || ""}
-          />
-        </div>
-      </Stack>
-    </Modal>
-  )
-}
+export const RiskAcceptanceModal: React.FC<RiskAcceptanceModalProps> = (props) => (
+  <RemediationModal
+    {...props}
+    title="Accept Risk"
+    confirmLabel="Accept Risk"
+    remediationType={RemediationTypeValues.RiskAccepted}
+    descriptionPlaceholder="Add a description explaining the reason for accepting this risk..."
+    expirationHelptext="When this risk acceptance should no longer be considered valid."
+    showSourceTicket
+  />
+)

From 7268279c8363b6e0c942d8229c0a1667499736c6 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 14:11:55 +0200
Subject: [PATCH 07/11] test(heureka): add RemediationModal shared component
 tests

Cover rendering, validation, interactions, source-ticket behaviour, and
smoke-test all three wrapper components (FalsePositiveModal,
RiskAcceptanceModal, MitigateManuallyModal).

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../RemediationModal.test.tsx                 | 318 ++++++++++++++++++
 1 file changed, 318 insertions(+)
 create mode 100644 apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx

diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
new file mode 100644
index 0000000000..72e6372e8a
--- /dev/null
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
@@ -0,0 +1,318 @@
+/*
+ * SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Juno contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React from "react"
+import { render, screen, fireEvent } from "@testing-library/react"
+import userEvent from "@testing-library/user-event"
+import { PortalProvider } from "@cloudoperators/juno-ui-components"
+import { AuthProvider } from "@cloudoperators/greenhouse-auth-provider"
+import { RemediationModal } from "./index"
+import { FalsePositiveModal } from "../FalsePositiveModal"
+import { RiskAcceptanceModal } from "../RiskAcceptanceModal"
+import { MitigateManuallyModal } from "../MitigateManuallyModal"
+import { RemediationTypeValues } from "../../../../generated/graphql"
+
+// Mock DateTimePicker so tests can set dates without flatpickr DOM interaction
+vi.mock("@cloudoperators/juno-ui-components", async (importActual) => {
+  const actual = await importActual<typeof import("@cloudoperators/juno-ui-components")>()
+  return {
+    ...actual,
+    DateTimePicker: ({ label, onChange, required, invalid, errortext }: any) => (
+      <div>
+        <label htmlFor="mock-date-input">
+          {label}
+          {required ? " *" : ""}
+        </label>
+        <input
+          id="mock-date-input"
+          aria-label={label as string}
+          type="date"
+          onChange={(e) => (onChange as Function)?.(e.target.value ? [new Date(e.target.value)] : [])}
+        />
+        {invalid && errortext ? <span>{errortext as string}</span> : null}
+      </div>
+    ),
+  }
+})
+
+const mockAuth = { getSnapshot: () => ({ status: "anonymous" as const }) }
+
+const defaultProps = {
+  open: true,
+  onClose: vi.fn(),
+  onConfirm: vi.fn().mockResolvedValue(undefined),
+  vulnerability: "CVE-2024-1234",
+  service: "my-service",
+  image: "my-image",
+  title: "Test Action",
+  confirmLabel: "Confirm Test",
+  remediationType: RemediationTypeValues.FalsePositive,
+  descriptionPlaceholder: "Describe why...",
+  expirationHelptext: "When this should expire.",
+}
+
+const renderModal = (props: Partial<typeof defaultProps> & Record<string, unknown> = {}) =>
+  render(
+    <AuthProvider embedded auth={mockAuth}>
+      <PortalProvider>
+        <RemediationModal {...defaultProps} {...props} />
+      </PortalProvider>
+    </AuthProvider>
+  )
+
+// ---------------------------------------------------------------------------
+// RemediationModal — shared behaviour
+// ---------------------------------------------------------------------------
+
+describe("RemediationModal", () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  describe("rendering", () => {
+    it("renders title and vulnerability details when open", () => {
+      renderModal()
+      expect(screen.getByRole("heading", { name: "Test Action" })).toBeInTheDocument()
+      expect(screen.getByText(/Vulnerability:/)).toBeInTheDocument()
+      expect(screen.getByText("CVE-2024-1234")).toBeInTheDocument()
+      expect(screen.getByText(/Service:/)).toBeInTheDocument()
+      expect(screen.getByText("my-service")).toBeInTheDocument()
+      expect(screen.getByText(/Image:/)).toBeInTheDocument()
+      expect(screen.getByText("my-image")).toBeInTheDocument()
+    })
+
+    it("renders Cancel and confirm buttons with correct labels", () => {
+      renderModal()
+      expect(screen.getByRole("button", { name: "Cancel" })).toBeInTheDocument()
+      expect(screen.getByRole("button", { name: "Confirm Test" })).toBeInTheDocument()
+    })
+
+    it("renders the description textarea with the provided placeholder", () => {
+      renderModal()
+      expect(screen.getByPlaceholderText("Describe why...")).toBeInTheDocument()
+    })
+
+    it("confirm button is disabled when all required fields are empty", () => {
+      renderModal()
+      expect(screen.getByRole("button", { name: "Confirm Test" })).toBeDisabled()
+    })
+
+    it("does not render source ticket field by default", () => {
+      renderModal()
+      expect(screen.queryByPlaceholderText("e.g. JIRA-1234")).not.toBeInTheDocument()
+    })
+
+    it("renders source ticket field when showSourceTicket is true", () => {
+      renderModal({ showSourceTicket: true })
+      expect(screen.getByPlaceholderText("e.g. JIRA-1234")).toBeInTheDocument()
+    })
+  })
+
+  describe("validation", () => {
+    it("confirm button becomes enabled only when all required fields are filled", async () => {
+      const user = userEvent.setup()
+      renderModal()
+      const confirmButton = screen.getByRole("button", { name: "Confirm Test" })
+
+      expect(confirmButton).toBeDisabled()
+
+      await user.type(screen.getByPlaceholderText("Describe why..."), "Some reason")
+      expect(confirmButton).toBeDisabled()
+
+      await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+      expect(confirmButton).toBeDisabled()
+
+      fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+      expect(confirmButton).not.toBeDisabled()
+    })
+
+    it("does not call onConfirm when confirm button is disabled", () => {
+      const onConfirm = vi.fn()
+      renderModal({ onConfirm })
+      fireEvent.click(screen.getByRole("button", { name: "Confirm Test" }))
+      expect(onConfirm).not.toHaveBeenCalled()
+    })
+  })
+
+  describe("interactions", () => {
+    it("calls onClose when Cancel is clicked", async () => {
+      const onClose = vi.fn()
+      const user = userEvent.setup()
+      renderModal({ onClose })
+      await user.click(screen.getByRole("button", { name: "Cancel" }))
+      expect(onClose).toHaveBeenCalledTimes(1)
+    })
+
+    it("calls onConfirm with correct input when all required fields are filled", async () => {
+      const onConfirm = vi.fn().mockResolvedValue(undefined)
+      const user = userEvent.setup()
+      renderModal({ onConfirm, remediationType: RemediationTypeValues.FalsePositive })
+
+      await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+      await user.type(screen.getByPlaceholderText("Describe why..."), "It's not real")
+      fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+      await user.click(screen.getByRole("button", { name: "Confirm Test" }))
+
+      expect(onConfirm).toHaveBeenCalledWith(
+        expect.objectContaining({
+          type: RemediationTypeValues.FalsePositive,
+          vulnerability: "CVE-2024-1234",
+          service: "my-service",
+          image: "my-image",
+          remediatedBy: "user-123",
+          description: "It's not real",
+        })
+      )
+    })
+
+    it("shows an error message when onConfirm returns an error", async () => {
+      const onConfirm = vi.fn().mockResolvedValue({ error: "Server error occurred" })
+      const user = userEvent.setup()
+      renderModal({ onConfirm })
+
+      await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+      await user.type(screen.getByPlaceholderText("Describe why..."), "Some reason")
+      fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+      await user.click(screen.getByRole("button", { name: "Confirm Test" }))
+
+      expect(await screen.findByText("Server error occurred")).toBeInTheDocument()
+    })
+
+    it("clears error message and resets fields when Cancel is clicked after an error", async () => {
+      const onConfirm = vi.fn().mockResolvedValue({ error: "Server error occurred" })
+      const onClose = vi.fn()
+      const user = userEvent.setup()
+      renderModal({ onConfirm, onClose })
+
+      await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+      await user.type(screen.getByPlaceholderText("Describe why..."), "Some reason")
+      fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+      await user.click(screen.getByRole("button", { name: "Confirm Test" }))
+      expect(await screen.findByText("Server error occurred")).toBeInTheDocument()
+
+      await user.click(screen.getByRole("button", { name: "Cancel" }))
+      expect(onClose).toHaveBeenCalledTimes(1)
+    })
+  })
+
+  describe("source ticket (showSourceTicket=true)", () => {
+    it("prepends source ticket to description when provided", async () => {
+      const onConfirm = vi.fn().mockResolvedValue(undefined)
+      const user = userEvent.setup()
+      renderModal({ onConfirm, showSourceTicket: true, remediationType: RemediationTypeValues.RiskAccepted })
+
+      await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+      await user.type(screen.getByPlaceholderText("e.g. JIRA-1234"), "JIRA-9999")
+      await user.type(screen.getByPlaceholderText("Describe why..."), "Low risk")
+      fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+      await user.click(screen.getByRole("button", { name: "Confirm Test" }))
+
+      expect(onConfirm).toHaveBeenCalledWith(
+        expect.objectContaining({
+          description: "Source Ticket: JIRA-9999\n\nLow risk",
+        })
+      )
+    })
+
+    it("does not prepend source ticket prefix when source ticket field is empty", async () => {
+      const onConfirm = vi.fn().mockResolvedValue(undefined)
+      const user = userEvent.setup()
+      renderModal({ onConfirm, showSourceTicket: true, remediationType: RemediationTypeValues.RiskAccepted })
+
+      await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+      await user.type(screen.getByPlaceholderText("Describe why..."), "Low risk")
+      fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+      await user.click(screen.getByRole("button", { name: "Confirm Test" }))
+
+      expect(onConfirm).toHaveBeenCalledWith(
+        expect.objectContaining({ description: "Low risk" })
+      )
+    })
+  })
+})
+
+// ---------------------------------------------------------------------------
+// Wrapper smoke tests — verify each wrapper passes the right type and title
+// ---------------------------------------------------------------------------
+
+const wrapperProps = {
+  open: true,
+  onClose: vi.fn(),
+  onConfirm: vi.fn().mockResolvedValue(undefined),
+  vulnerability: "CVE-2024-1234",
+  service: "my-service",
+  image: "my-image",
+}
+
+const renderWrapper = (ui: React.ReactElement) =>
+  render(
+    <AuthProvider embedded auth={mockAuth}>
+      <PortalProvider>{ui}</PortalProvider>
+    </AuthProvider>
+  )
+
+describe("FalsePositiveModal wrapper", () => {
+  it("renders with correct title and confirm label", () => {
+    renderWrapper(<FalsePositiveModal {...wrapperProps} />)
+    expect(screen.getByRole("heading", { name: "Mark as False Positive" })).toBeInTheDocument()
+    expect(screen.getByRole("button", { name: "Mark as False Positive" })).toBeInTheDocument()
+  })
+
+  it("submits with FalsePositive remediation type", async () => {
+    const onConfirm = vi.fn().mockResolvedValue(undefined)
+    const user = userEvent.setup()
+    renderWrapper(<FalsePositiveModal {...wrapperProps} onConfirm={onConfirm} />)
+
+    await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+    await user.type(screen.getByPlaceholderText(/false positive/i), "Not affected")
+    fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+    await user.click(screen.getByRole("button", { name: "Mark as False Positive" }))
+
+    expect(onConfirm).toHaveBeenCalledWith(expect.objectContaining({ type: RemediationTypeValues.FalsePositive }))
+  })
+})
+
+describe("RiskAcceptanceModal wrapper", () => {
+  it("renders with correct title, confirm label, and source ticket field", () => {
+    renderWrapper(<RiskAcceptanceModal {...wrapperProps} />)
+    expect(screen.getByRole("heading", { name: "Accept Risk" })).toBeInTheDocument()
+    expect(screen.getByRole("button", { name: "Accept Risk" })).toBeInTheDocument()
+    expect(screen.getByPlaceholderText("e.g. JIRA-1234")).toBeInTheDocument()
+  })
+
+  it("submits with RiskAccepted remediation type", async () => {
+    const onConfirm = vi.fn().mockResolvedValue(undefined)
+    const user = userEvent.setup()
+    renderWrapper(<RiskAcceptanceModal {...wrapperProps} onConfirm={onConfirm} />)
+
+    await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+    await user.type(screen.getByPlaceholderText(/accepting this risk/i), "Accepted")
+    fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+    await user.click(screen.getByRole("button", { name: "Accept Risk" }))
+
+    expect(onConfirm).toHaveBeenCalledWith(expect.objectContaining({ type: RemediationTypeValues.RiskAccepted }))
+  })
+})
+
+describe("MitigateManuallyModal wrapper", () => {
+  it("renders with correct title and confirm label", () => {
+    renderWrapper(<MitigateManuallyModal {...wrapperProps} />)
+    expect(screen.getByRole("heading", { name: "Mitigate Manually" })).toBeInTheDocument()
+    expect(screen.getByRole("button", { name: "Mitigate Manually" })).toBeInTheDocument()
+  })
+
+  it("submits with Mitigation remediation type", async () => {
+    const onConfirm = vi.fn().mockResolvedValue(undefined)
+    const user = userEvent.setup()
+    renderWrapper(<MitigateManuallyModal {...wrapperProps} onConfirm={onConfirm} />)
+
+    await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+    await user.type(screen.getByPlaceholderText(/manual mitigation/i), "Patched internally")
+    fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
+    await user.click(screen.getByRole("button", { name: "Mitigate Manually" }))
+
+    expect(onConfirm).toHaveBeenCalledWith(expect.objectContaining({ type: RemediationTypeValues.Mitigation }))
+  })
+})

From b89dc36370ad76c0e1fa7fd35381b1ae2e7152c9 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 14:13:39 +0200
Subject: [PATCH 08/11] fix(heureka): use panel cache to patch broad cache
 after revert

Replace queryClient.fetchQuery (network round-trip) with
queryClient.getQueryData (synchronous read). The panel already holds a
fresh cache entry (staleTime: 0 on open), so we read it directly to
find any remediations created in other sessions and patch the broad
cache. This ensures the CVE stays in the Remediated tab when other
remediations still exist, while avoiding the prior regression where
the deleted entry briefly reappeared due to stale server responses.

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../RemediationHistoryPanel/index.tsx         | 48 +++++++++++++++++++
 .../RemediationModal.test.tsx                 |  4 +-
 2 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediationHistoryPanel/index.tsx b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediationHistoryPanel/index.tsx
index 7f4a2663bf..680a9f3f17 100644
--- a/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediationHistoryPanel/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/ImageIssuesList/RemediationHistoryPanel/index.tsx
@@ -175,6 +175,54 @@ export const RemediationHistoryPanel = ({
           }
         }
       )
+
+      // The panel fetched its data fresh when it opened (staleTime: 0). Read that
+      // cache synchronously — no network request needed — to patch the broad cache
+      // with any remediations that were created in other sessions and are therefore
+      // missing from it. Without this, a CVE could wrongly move to Active even
+      // though other remediations still exist.
+      if (vulnerability) {
+        const panelFilter = { service: [service], image: [image], vulnerability: [vulnerability] }
+        const panelCache = queryClient.getQueryData<any>(["remediations", panelFilter])
+        const remainingEdges = (panelCache?.data?.Remediations?.edges ?? []).filter(
+          (e: any) => e?.node?.id !== remediation.remediationId
+        )
+
+        if (remainingEdges.length > 0) {
+          queryClient.setQueriesData(
+            {
+              predicate: (query) => {
+                const [key, filter] = query.queryKey as [string, any]
+                if (key !== "remediations") return false
+                if (filter?.service && !filter.service.includes(service)) return false
+                if (filter?.image && !filter.image.includes(image)) return false
+                if (filter?.vulnerability) return false // broad cache only
+                return true
+              },
+            },
+            (old: any) => {
+              if (!old?.data?.Remediations) return old
+              const edges: any[] = old.data.Remediations.edges ?? []
+              const existingIds = new Set(edges.map((e: any) => e?.node?.id).filter(Boolean))
+              const missingEdges = remainingEdges.filter((e: any) => e?.node?.id && !existingIds.has(e.node.id))
+              if (missingEdges.length === 0) return old
+              const newEdges = [...edges, ...missingEdges]
+              return {
+                ...old,
+                data: {
+                  ...old.data,
+                  Remediations: {
+                    ...old.data.Remediations,
+                    edges: newEdges,
+                    totalCount: (old.data.Remediations.totalCount ?? 0) + missingEdges.length,
+                  },
+                },
+              }
+            }
+          )
+        }
+      }
+
       const typeLabel = remediation.type ?? "remediation"
       const dateLabel = remediation.remediationDate ? ` from ${formatDateTime(remediation.remediationDate)}` : ""
       const text = `The ${typeLabel}${dateLabel} for ${vulnerability ?? "unknown"} has been reverted.`
diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
index 72e6372e8a..ae6bb39e53 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
@@ -226,9 +226,7 @@ describe("RemediationModal", () => {
       fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
       await user.click(screen.getByRole("button", { name: "Confirm Test" }))
 
-      expect(onConfirm).toHaveBeenCalledWith(
-        expect.objectContaining({ description: "Low risk" })
-      )
+      expect(onConfirm).toHaveBeenCalledWith(expect.objectContaining({ description: "Low risk" }))
     })
   })
 })

From b40f2fd21f841ea82c8a89322c04a36c133f9c32 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 15:53:24 +0200
Subject: [PATCH 09/11] feat(heureka): make Jira ticket mandatory in
 RiskAcceptanceModal, send as url field

Add `sourceTicketRequired` prop to RemediationModal that:
- Shows the source ticket field as required
- Blocks confirm button until the field is filled
- Validates on submit with an inline error message
- Sends the ticket as the `url` field in RemediationInput (not embedded
  in description, which is the existing optional-ticket behaviour)

RiskAcceptanceModal switches from `showSourceTicket` to
`sourceTicketRequired` so the Jira ticket is treated the same as the
other required fields (description, user ID, expiration date).

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../RemediationModal.test.tsx                 | 11 +++++--
 .../ImageDetails/RemediationModal/index.tsx   | 31 ++++++++++++++++---
 .../RiskAcceptanceModal/index.tsx             |  2 +-
 3 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
index ae6bb39e53..147dc63e47 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/RemediationModal.test.tsx
@@ -280,17 +280,24 @@ describe("RiskAcceptanceModal wrapper", () => {
     expect(screen.getByPlaceholderText("e.g. JIRA-1234")).toBeInTheDocument()
   })
 
-  it("submits with RiskAccepted remediation type", async () => {
+  it("submits with RiskAccepted remediation type, url field, and plain description", async () => {
     const onConfirm = vi.fn().mockResolvedValue(undefined)
     const user = userEvent.setup()
     renderWrapper(<RiskAcceptanceModal {...wrapperProps} onConfirm={onConfirm} />)
 
     await user.type(screen.getByPlaceholderText(/Enter your user ID/i), "user-123")
+    await user.type(screen.getByPlaceholderText("e.g. JIRA-1234"), "JIRA-9999")
     await user.type(screen.getByPlaceholderText(/accepting this risk/i), "Accepted")
     fireEvent.change(screen.getByLabelText("Expiration Date"), { target: { value: "2026-12-31" } })
     await user.click(screen.getByRole("button", { name: "Accept Risk" }))
 
-    expect(onConfirm).toHaveBeenCalledWith(expect.objectContaining({ type: RemediationTypeValues.RiskAccepted }))
+    expect(onConfirm).toHaveBeenCalledWith(
+      expect.objectContaining({
+        type: RemediationTypeValues.RiskAccepted,
+        url: "JIRA-9999",
+        description: "Accepted",
+      })
+    )
   })
 })
 
diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
index d5233c7d99..fb63b1f375 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
@@ -31,6 +31,8 @@ type RemediationModalProps = {
   descriptionPlaceholder: string
   expirationHelptext: string
   showSourceTicket?: boolean
+  /** When true: source ticket field is shown as required, validated, and sent as the `url` field (not embedded in description). */
+  sourceTicketRequired?: boolean
 }
 
 const toSeverityValue = (severity: string): SeverityValues | undefined => {
@@ -54,6 +56,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
   descriptionPlaceholder,
   expirationHelptext,
   showSourceTicket = false,
+  sourceTicketRequired = false,
 }) => {
   const auth = useAuth()
   const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
@@ -64,6 +67,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
   const [isSubmitting, setIsSubmitting] = useState(false)
   const [descriptionError, setDescriptionError] = useState<string>("")
   const [userIdError, setUserIdError] = useState<string>("")
+  const [sourceTicketError, setSourceTicketError] = useState<string>("")
   const [expirationDateError, setExpirationDateError] = useState<string>("")
   const [apiError, setApiError] = useState<string | null>(null)
   const isMountedRef = useRef(true)
@@ -87,6 +91,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
       setExpirationDate(null)
       setDescriptionError("")
       setUserIdError("")
+      setSourceTicketError("")
       setExpirationDateError("")
       setApiError(null)
     }
@@ -96,7 +101,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
   const sourceTicketTrimmed = sourceTicket.trim()
 
   const buildDescription = () => {
-    if (showSourceTicket && sourceTicketTrimmed) {
+    if (showSourceTicket && !sourceTicketRequired && sourceTicketTrimmed) {
       return `Source Ticket: ${sourceTicketTrimmed}\n\n${descriptionTrimmed}`
     }
     return descriptionTrimmed
@@ -111,6 +116,10 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
       setUserIdError("User ID is required")
       return
     }
+    if (sourceTicketRequired && !sourceTicketTrimmed) {
+      setSourceTicketError("Jira ticket is required")
+      return
+    }
     if (!expirationDate) {
       setExpirationDateError("Expiration date is required")
       return
@@ -118,6 +127,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
 
     setDescriptionError("")
     setUserIdError("")
+    setSourceTicketError("")
     setExpirationDateError("")
     setIsSubmitting(true)
     try {
@@ -131,6 +141,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
         ...(remediatedBy && { remediatedBy }),
         ...(severityValue !== undefined && { severity: severityValue }),
         expirationDate: expirationDate.toISOString(),
+        ...(sourceTicketRequired && sourceTicketTrimmed ? { url: sourceTicketTrimmed } : {}),
       }
       const result = await onConfirm(input)
       if (result?.error) {
@@ -182,7 +193,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
               onClick={handleConfirm}
               label={confirmLabel}
               variant="primary"
-              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate}
+              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate || (sourceTicketRequired && !sourceTicketTrimmed)}
             />
           </Stack>
         </ModalFooter>
@@ -215,14 +226,24 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
             helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
           />
         </div>
-        {showSourceTicket && (
+        {(showSourceTicket || sourceTicketRequired) && (
           <div>
             <TextInput
               label="Jira Ticket / Risk Acceptance Source Ticket"
               value={sourceTicket}
-              onChange={(e) => setSourceTicket(e.target.value)}
+              onChange={(e) => {
+                setSourceTicket(e.target.value)
+                if (sourceTicketError) setSourceTicketError("")
+              }}
               placeholder="e.g. JIRA-1234"
-              helptext="Optional. Reference ticket for this risk acceptance decision."
+              required={sourceTicketRequired}
+              invalid={!!sourceTicketError}
+              errortext={sourceTicketError}
+              helptext={
+                sourceTicketRequired
+                  ? "Reference ticket for this risk acceptance decision."
+                  : "Optional. Reference ticket for this risk acceptance decision."
+              }
             />
           </div>
         )}
diff --git a/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx
index e466f59a0b..73c31ca71f 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RiskAcceptanceModal/index.tsx
@@ -25,6 +25,6 @@ export const RiskAcceptanceModal: React.FC<RiskAcceptanceModalProps> = (props) =
     remediationType={RemediationTypeValues.RiskAccepted}
     descriptionPlaceholder="Add a description explaining the reason for accepting this risk..."
     expirationHelptext="When this risk acceptance should no longer be considered valid."
-    showSourceTicket
+    sourceTicketRequired
   />
 )

From 0b916e14b82ff798e571422f113b91fa8cfb337e Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Wed, 20 May 2026 15:55:11 +0200
Subject: [PATCH 10/11] fix(heureka): reset sourceTicketError in handleClose of
 RemediationModal

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../Service/ImageDetails/RemediationModal/index.tsx      | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
index fb63b1f375..8bc03f14ca 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
@@ -168,6 +168,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
     setExpirationDate(null)
     setDescriptionError("")
     setUserIdError("")
+    setSourceTicketError("")
     setExpirationDateError("")
     setApiError(null)
     onClose()
@@ -193,7 +194,13 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
               onClick={handleConfirm}
               label={confirmLabel}
               variant="primary"
-              disabled={isSubmitting || !descriptionTrimmed || !isUserIdValid || !expirationDate || (sourceTicketRequired && !sourceTicketTrimmed)}
+              disabled={
+                isSubmitting ||
+                !descriptionTrimmed ||
+                !isUserIdValid ||
+                !expirationDate ||
+                (sourceTicketRequired && !sourceTicketTrimmed)
+              }
             />
           </Stack>
         </ModalFooter>

From 0d8f757d334f397c1d7ea0b54964080e160e1948 Mon Sep 17 00:00:00 2001
From: Hoda Noori <hoda.noori@sap.com>
Date: Thu, 21 May 2026 08:53:55 +0200
Subject: [PATCH 11/11] refactor(heureka): group form and error states in
 RemediationModal

Signed-off-by: Hoda Noori <hoda.noori@sap.com>
---
 .../ImageDetails/RemediationModal/index.tsx   | 111 +++++++-----------
 1 file changed, 43 insertions(+), 68 deletions(-)

diff --git a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
index 8bc03f14ca..8feef34083 100644
--- a/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
+++ b/apps/heureka/src/components/Service/ImageDetails/RemediationModal/index.tsx
@@ -35,6 +35,9 @@ type RemediationModalProps = {
   sourceTicketRequired?: boolean
 }
 
+const EMPTY_FORM = { description: "", manualUserId: "", sourceTicket: "", expirationDate: null as Date | null }
+const EMPTY_ERRORS = { description: "", userId: "", sourceTicket: "", expirationDate: "" }
+
 const toSeverityValue = (severity: string): SeverityValues | undefined => {
   if (!severity) return undefined
   const normalized = severity.charAt(0).toUpperCase() + severity.slice(1).toLowerCase()
@@ -60,19 +63,13 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
 }) => {
   const auth = useAuth()
   const authUserId = auth.status === "authenticated" ? auth.userId || auth.userName : null
-  const [description, setDescription] = useState<string>("")
-  const [manualUserId, setManualUserId] = useState<string>("")
-  const [sourceTicket, setSourceTicket] = useState<string>("")
-  const [expirationDate, setExpirationDate] = useState<Date | null>(null)
+  const [form, setForm] = useState(EMPTY_FORM)
+  const [errors, setErrors] = useState(EMPTY_ERRORS)
   const [isSubmitting, setIsSubmitting] = useState(false)
-  const [descriptionError, setDescriptionError] = useState<string>("")
-  const [userIdError, setUserIdError] = useState<string>("")
-  const [sourceTicketError, setSourceTicketError] = useState<string>("")
-  const [expirationDateError, setExpirationDateError] = useState<string>("")
   const [apiError, setApiError] = useState<string | null>(null)
   const isMountedRef = useRef(true)
 
-  const manualUserIdTrimmed = manualUserId.trim()
+  const manualUserIdTrimmed = form.manualUserId.trim()
   const remediatedBy = authUserId ?? (manualUserIdTrimmed || undefined)
   const isUserIdValid = !!remediatedBy
 
@@ -85,20 +82,14 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
 
   useEffect(() => {
     if (!open) {
-      setDescription("")
-      setManualUserId("")
-      setSourceTicket("")
-      setExpirationDate(null)
-      setDescriptionError("")
-      setUserIdError("")
-      setSourceTicketError("")
-      setExpirationDateError("")
+      setForm(EMPTY_FORM)
+      setErrors(EMPTY_ERRORS)
       setApiError(null)
     }
   }, [open])
 
-  const descriptionTrimmed = description.trim()
-  const sourceTicketTrimmed = sourceTicket.trim()
+  const descriptionTrimmed = form.description.trim()
+  const sourceTicketTrimmed = form.sourceTicket.trim()
 
   const buildDescription = () => {
     if (showSourceTicket && !sourceTicketRequired && sourceTicketTrimmed) {
@@ -109,26 +100,23 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
 
   const handleConfirm = async () => {
     if (!descriptionTrimmed) {
-      setDescriptionError("Description is required")
+      setErrors((prev) => ({ ...prev, description: "Description is required" }))
       return
     }
     if (!remediatedBy) {
-      setUserIdError("User ID is required")
+      setErrors((prev) => ({ ...prev, userId: "User ID is required" }))
       return
     }
     if (sourceTicketRequired && !sourceTicketTrimmed) {
-      setSourceTicketError("Jira ticket is required")
+      setErrors((prev) => ({ ...prev, sourceTicket: "Jira ticket is required" }))
       return
     }
-    if (!expirationDate) {
-      setExpirationDateError("Expiration date is required")
+    if (!form.expirationDate) {
+      setErrors((prev) => ({ ...prev, expirationDate: "Expiration date is required" }))
       return
     }
 
-    setDescriptionError("")
-    setUserIdError("")
-    setSourceTicketError("")
-    setExpirationDateError("")
+    setErrors(EMPTY_ERRORS)
     setIsSubmitting(true)
     try {
       const severityValue = severity ? toSeverityValue(severity) : undefined
@@ -140,17 +128,14 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
         description: buildDescription(),
         ...(remediatedBy && { remediatedBy }),
         ...(severityValue !== undefined && { severity: severityValue }),
-        expirationDate: expirationDate.toISOString(),
+        expirationDate: form.expirationDate.toISOString(),
         ...(sourceTicketRequired && sourceTicketTrimmed ? { url: sourceTicketTrimmed } : {}),
       }
       const result = await onConfirm(input)
       if (result?.error) {
         setApiError(result.error)
       } else if (isMountedRef.current) {
-        setDescription("")
-        setManualUserId("")
-        setSourceTicket("")
-        setExpirationDate(null)
+        setForm(EMPTY_FORM)
         onClose()
       }
     } catch (error) {
@@ -162,25 +147,12 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
   }
 
   const handleClose = () => {
-    setDescription("")
-    setManualUserId("")
-    setSourceTicket("")
-    setExpirationDate(null)
-    setDescriptionError("")
-    setUserIdError("")
-    setSourceTicketError("")
-    setExpirationDateError("")
+    setForm(EMPTY_FORM)
+    setErrors(EMPTY_ERRORS)
     setApiError(null)
     onClose()
   }
 
-  const handleDescriptionChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
-    setDescription(e.target.value)
-    if (descriptionError) {
-      setDescriptionError("")
-    }
-  }
-
   return (
     <Modal
       title={title}
@@ -198,7 +170,7 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
                 isSubmitting ||
                 !descriptionTrimmed ||
                 !isUserIdValid ||
-                !expirationDate ||
+                !form.expirationDate ||
                 (sourceTicketRequired && !sourceTicketTrimmed)
               }
             />
@@ -220,15 +192,15 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
         <div>
           <TextInput
             label="User ID"
-            value={authUserId ?? manualUserId}
+            value={authUserId ?? form.manualUserId}
             onChange={(e) => {
-              setManualUserId(e.target.value)
-              if (userIdError) setUserIdError("")
+              setForm((prev) => ({ ...prev, manualUserId: e.target.value }))
+              if (errors.userId) setErrors((prev) => ({ ...prev, userId: "" }))
             }}
             disabled={!!authUserId}
             required
-            invalid={!!userIdError}
-            errortext={userIdError}
+            invalid={!!errors.userId}
+            errortext={errors.userId}
             placeholder={authUserId ? undefined : "Enter your user ID"}
             helptext={authUserId ? "User ID from current session (read-only)." : "Enter your user ID."}
           />
@@ -237,15 +209,15 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
           <div>
             <TextInput
               label="Jira Ticket / Risk Acceptance Source Ticket"
-              value={sourceTicket}
+              value={form.sourceTicket}
               onChange={(e) => {
-                setSourceTicket(e.target.value)
-                if (sourceTicketError) setSourceTicketError("")
+                setForm((prev) => ({ ...prev, sourceTicket: e.target.value }))
+                if (errors.sourceTicket) setErrors((prev) => ({ ...prev, sourceTicket: "" }))
               }}
               placeholder="e.g. JIRA-1234"
               required={sourceTicketRequired}
-              invalid={!!sourceTicketError}
-              errortext={sourceTicketError}
+              invalid={!!errors.sourceTicket}
+              errortext={errors.sourceTicket}
               helptext={
                 sourceTicketRequired
                   ? "Reference ticket for this risk acceptance decision."
@@ -257,15 +229,15 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
         <div>
           <DateTimePicker
             label="Expiration Date"
-            value={expirationDate ?? undefined}
+            value={form.expirationDate ?? undefined}
             onChange={(dates) => {
-              setExpirationDate(dates?.[0] ?? null)
-              if (expirationDateError) setExpirationDateError("")
+              setForm((prev) => ({ ...prev, expirationDate: dates?.[0] ?? null }))
+              if (errors.expirationDate) setErrors((prev) => ({ ...prev, expirationDate: "" }))
             }}
             minDate="today"
             required
-            invalid={!!expirationDateError}
-            errortext={expirationDateError}
+            invalid={!!errors.expirationDate}
+            errortext={errors.expirationDate}
             helptext={expirationHelptext}
           />
         </div>
@@ -273,12 +245,15 @@ export const RemediationModal: React.FC<RemediationModalProps> = ({
           <Textarea
             label="Description"
             placeholder={descriptionPlaceholder}
-            value={description}
-            onChange={handleDescriptionChange}
+            value={form.description}
+            onChange={(e) => {
+              setForm((prev) => ({ ...prev, description: e.target.value }))
+              if (errors.description) setErrors((prev) => ({ ...prev, description: "" }))
+            }}
             rows={14}
             required
-            invalid={!!descriptionError}
-            errortext={descriptionError || ""}
+            invalid={!!errors.description}
+            errortext={errors.description || ""}
           />
         </div>
       </Stack>