Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Advisories details doesn't show affected packages, products, SBOMs #154

Open
ctron opened this issue Sep 16, 2024 · 4 comments
Open

Advisories details doesn't show affected packages, products, SBOMs #154

ctron opened this issue Sep 16, 2024 · 4 comments
Labels
bug Something isn't working V1-UI Parity

Comments

@ctron
Copy link
Contributor

ctron commented Sep 16, 2024

Opening details about an advisory (e.g. http://localhost:8080/advisories/urn:uuid:1f5cedd6-fbcc-40a0-9f3c-56af4fbfc942), I cannot get seem to get any information on which packages, SBOMs, products this advisory affects.
@ctron ctron added the bug Something isn't working label Sep 19, 2024
@ctron ctron added this to Trustify Nov 18, 2024
@ctron ctron moved this to Ready in Trustify Nov 18, 2024
@carlosthe19916
Copy link
Member

@ctron could you explain what you are requesting here?

The following image is a screenshot of the Advisory Details Page in V1. You are asking to render packages, SBOMs, products this advisory affects.

  • I can not find any references to Packages in the image below
  • I can not find any reference of SBOMs in the image below
  • V1 has a section called Product Info represented with a Tree. I'll be happy to implement that Tree. Could you tell me which field of /api/v1/advisory/{id} I can use to replicate the same Tree?

https://trust.rhcloud.com/advisory/content/CVE-2024-1753

image

@ctron
Copy link
Contributor Author

ctron commented Nov 19, 2024

Maybe navigate to the "vulnerabilties" tab?

@carlosthe19916
Copy link
Member

Maybe navigate to the "vulnerabilties" tab?

@ctron Sure. The image below is the "Vulnerabilities" tab.

You are asking to render data about: packages, SBOMs, products this advisory affects.

  • I can not find any references to PACKAGES in the image below
  • I can not find any reference of SBOMs in the image below
  • I do see a section called "PRODUCT STATUS" that lists Products that this Advisory has a relation with. I guess this is what you are asking to implement right? Can you confirm it?
    • If you confirm that is what you are asking, could you help me to understand where to get that data from? If I hit /api/v1/advisory/{id} I can not see any field that relates to "Product statuses".

image

@ctron
Copy link
Contributor Author

ctron commented Nov 19, 2024

SBOMs we sometimes call products. Packages sometimes PURLs.

Taking a look at the left hand side, you'll see the product status. Taking a look at the right hand side tree, detailed information about packages (CSAF world) referencing to packages via PURLs.

So for each vulnerability, I can see how this affects "my products". Which boils down to SBOMs I guess. Or I can find more specific information about packages in the tree.

I believe this information is valuable to the user. Today I don't see whatsoever, as there's not details page. A thing that we have in v1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working V1-UI Parity
Projects
Trustify
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ctron @carlosthe19916