Skip to content

feat: add OWASP analysis fields to FindingAudit component#465

Open
fahedouch wants to merge 1 commit intoDependencyTrack:mainfrom
fahedouch:frontend-rating-source-tracking
Open

feat: add OWASP analysis fields to FindingAudit component#465
fahedouch wants to merge 1 commit intoDependencyTrack:mainfrom
fahedouch:frontend-rating-source-tracking

Conversation

@fahedouch
Copy link
Copy Markdown

@fahedouch fahedouch commented Mar 30, 2026

Description

Add display of new analysis fields (introduced in this PR) in the Finding Audit component:

  • owaspScore - OWASP Risk Rating score
  • owaspSeverity - OWASP Risk Rating severity level
  • source - Analysis ownership source (POLICY, VEX, MANUAL, NVD)

Result:

Capture d’écran 2026-03-30 à 23 57 09

Addressed Issue

Additional Details

Checklist

Copilot AI review requested due to automatic review settings March 30, 2026 23:05
@fahedouch fahedouch mentioned this pull request Mar 30, 2026
Open
5 tasks
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds UI support in the Finding Audit view to display newly introduced OWASP Risk Rating analysis fields returned by the API, along with the analysis ownership source.

Changes:

  • Render new read-only fields: OWASP RR Vector, OWASP RR Score, OWASP RR Severity, and Analysis Source.
  • Extend FindingAudit component state to store these new values.
  • Populate the new fields from the analysis payload in updateAnalysisData().
  • Align package-lock.json dependency spec for @codemirror/lang-jinja with package.json.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/views/portfolio/projects/FindingAudit.vue Adds UI + state plumbing for OWASP RR analysis fields and analysis source.
package-lock.json Updates lockfile dependency entry for @codemirror/lang-jinja to 6.0.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/views/portfolio/projects/FindingAudit.vue
Comment on lines +115 to +162
<b-form-group
v-if="owaspVector"
id="fieldset-owasp-vector"
label="OWASP RR Vector"
label-for="input-owasp-vector"
>
<b-form-input
id="input-owasp-vector"
:value="owaspVector"
class="form-control disabled"
readonly
trim
/>
</b-form-group>
<b-form-group
v-if="owaspScore"
id="fieldset-owasp-score"
label="OWASP RR Score"
label-for="input-owasp-score"
>
<b-form-input
id="input-owasp-score"
:value="owaspScore"
class="form-control disabled"
readonly
trim
/>
</b-form-group>
<b-form-group
v-if="owaspSeverity"
id="fieldset-owasp-severity"
label="OWASP RR Severity"
label-for="input-owasp-severity"
>
<b-form-input
id="input-owasp-severity"
:value="owaspSeverity"
class="form-control disabled"
readonly
trim
/>
</b-form-group>
<b-form-group
v-if="analysisSource"
id="fieldset-analysis-source"
label="Analysis Source"
label-for="input-analysis-source"
>
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new OWASP/analysis labels are hard-coded strings, while nearby fields use i18n via this.$t(...) (e.g., CVSS labels). This prevents localization and will be flagged by vue-i18n-extract. Please add i18n message keys for these labels and use :label="$t('...')" (or this.$t) consistently.

Copilot uses AI. Check for mistakes.
src/views/portfolio/projects/FindingAudit.vue
Comment on lines +129 to +142
<b-form-group
v-if="owaspScore"
id="fieldset-owasp-score"
label="OWASP RR Score"
label-for="input-owasp-score"
>
<b-form-input
id="input-owasp-score"
:value="owaspScore"
class="form-control disabled"
readonly
trim
/>
</b-form-group>
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v-if="owaspScore" will hide the score when it is 0/0.0, even though that may be a valid OWASP RR score. Consider checking for null/undefined instead (e.g., owaspScore !== null && owaspScore !== undefined) so a zero score still renders.

Copilot uses AI. Check for mistakes.
src/views/portfolio/projects/FindingAudit.vue
Comment on lines +496 to +507
if (Object.prototype.hasOwnProperty.call(analysis, 'owaspVector')) {
this.owaspVector = analysis.owaspVector;
}
if (Object.prototype.hasOwnProperty.call(analysis, 'owaspScore')) {
this.owaspScore = analysis.owaspScore;
}
if (Object.prototype.hasOwnProperty.call(analysis, 'owaspSeverity')) {
this.owaspSeverity = analysis.owaspSeverity;
}
if (Object.prototype.hasOwnProperty.call(analysis, 'source')) {
this.analysisSource = analysis.source;
}
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updateAnalysisData() sets the new OWASP/source fields only when the property exists, but never clears them when the backend omits the field. This can leave stale values visible after subsequent updates/refreshes where those properties are not present. Recommend explicitly resetting owaspVector/owaspScore/owaspSeverity/analysisSource to null when the property is missing (or initialize them all to null at the start of the method).

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fahedouch