feat(heureka): adds false positive actions and image version details page#1421
feat(heureka): adds false positive actions and image version details page#1421
Conversation
* feat(heureka): adds image details page * chore(heureka): removes image details panel * feat(heureka): navigate from service panel to image details page * chore(heureka): adds changeset * chore(heureka): adjusts tests * chore(heureka): makes navigation checks generic * chore(heureka): makes navigation checks generic * fix(heureka): fixes prettier issue * feat(heureka): improves navigation and url definition * chore(heureka): adjusts test
…pattern for breadcrumb
🦋 Changeset detectedLatest commit: eeddd1f The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
ArtieReus
left a comment
ArtieReus
left a comment
There was a problem hiding this comment.
Great job! this PR is quite lorge 😅. Added some comments
| .pnpm-store/ | ||
|
|
||
| # TanStack Router cache directory | ||
| .tanstack/ |
There was a problem hiding this comment.
Is this really needed? This is the first app ignoring this folder...
| .env.test.local | ||
| .env.production.local | ||
|
|
||
| # TanStack Router cache directory |
There was a problem hiding this comment.
Same here. How is this directory being created?
| "clean:cache": "rm -rf .turbo" | ||
| }, | ||
| "dependencies": { | ||
| "@cloudoperators/juno-messages-provider": "workspace:*", |
There was a problem hiding this comment.
Do you want really to introduce the messages provider dependency? We can talk about this.
There was a problem hiding this comment.
why not? it's because of msgs for remediation actions
|
|
||
| // Invalidate cache first to ensure queryFn is always called (forces network request) | ||
| // Then use ensureQueryData to maintain promise stability (like other fetch functions) | ||
| queryClient.invalidateQueries({ queryKey }) |
There was a problem hiding this comment.
Why are you always fetching from network? Which benefit gives you then using react-query instead of just fetch?
| const { needsExpansion, textRef } = useTextOverflow(remediation.description || "") | ||
|
|
||
| const toggleDescription = (e: React.MouseEvent) => { | ||
| e.preventDefault() |
There was a problem hiding this comment.
you don't need the e.stopPropagation() ? If the row has a click/select handler, clicking "Show more" may still propagate and trigger row-level behavior.
There was a problem hiding this comment.
Here there is no other event behind the row selection like opening a panel, so with only preventDefault(), the link no longer navigates and “Show more” / “Show less” still works and the page doesn’t jump.
| ))} | ||
|
|
||
| <div className="advance-link"> | ||
| <a href="#" rel="noopener noreferrer" onClick={onShowMoreClicked}> |
There was a problem hiding this comment.
unnecessary rel attribute rel="noopener noreferrer" on an internal anchor without target="_blank" is unnecessary
|
|
||
| const { imageVersions } = getNormalizedImageVersionsResponse(data as GetImageVersionsQuery | undefined) | ||
| // Since we're querying for a specific version, we should get exactly one result | ||
| const imageVersion = imageVersions[0] |
There was a problem hiding this comment.
there is a guard if (!imageVersion)
|
|
||
| // Normalization function that returns array of image versions (for compatibility with old panel) | ||
| export const getNormalizedImageVersionsResponse = ( | ||
| data: any // Will be GetImageVersionsQuery after codegen |
There was a problem hiding this comment.
when should this happen?
|
|
||
| const imageVersionNode = data.ImageVersions.edges[0].node | ||
| const vulnerabilitiesEdges = imageVersionNode.vulnerabilities?.edges || [] | ||
| const occurrencesEdges = imageVersionNode.occurences?.edges || [] |
There was a problem hiding this comment.
typo in occurences . I should be occurrences ...
| const vulnerabilitiesPageInfo = imageVersionNode.vulnerabilities?.pageInfo | ||
|
|
||
| const vulnerabilities: ImageVulnerability[] = vulnerabilitiesEdges | ||
| .filter((edge: any) => edge !== null && edge.node !== null) |
ArtieReus
left a comment
ArtieReus
left a comment
There was a problem hiding this comment.
What about to add tests for all of those new components?
2 participants
Summary
Adds false positive remediation to Heureka and introduces an image version details page. Users can mark vulnerabilities as false positive from the image details page, with success/error feedback via the message provider. The image version details page shows occurrences and vulnerabilities for a specific version. SHA256 identifiers are shortened to 7 characters in breadcrumbs and page titles for readabilityin image version details page.
Open Points
The remediated vulnerabilities tab currently does not display
severityinformation, and does not supportsearchorpagination. These features will be implemented once the corresponding API support becomes available.Changes Made
Added False Positive Remediation Action
FalsePositiveModalcomponent with required description fieldImplemented Message Provider for User Feedback
@cloudoperators/juno-messages-providerMessagesProviderwrapper in App.tsxMessagescomponent to root route for global message displayAdded Image Version Details Page
/services/$service/images/$image/versions/$versionfor image version detailsImageVersionDetailscomponent showing version-specific informationImageVersionOccurrencescomponent to display component instances for the versionImageVersionIssuesListcomponent to display vulnerabilities for the specific versionfetchImageVersionsAPI to load version-specific dataEnhanced Image Details Page
**Image Version Details Page: Improved SHA256 Display in Breadcrumb and Page Title **
getShortSha256()to extract first 7 characters after "sha256:"Related Issues
[Task](heureka): Add image version details page #1407
[Task](heureka): Perform false positive action to vulnerabilities in image details page #1408
[Task](heureka): Delete remediated status of vulnerabilities #1409
Screenshots (if applicable)
Testing Instructions
pnpm ipnpm TASKChecklist
PR Manifesto
Review the PR Manifesto for best practises.