Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Global Audit View: Policy Violations #3544

Merged

Conversation

rbt-mm
Copy link
Contributor

@rbt-mm rbt-mm commented Mar 12, 2024

Description

This PR enhances the /violation API endpoint in the backend to filter the result by ACL and also allow the use of several filters.
This enhancement makes it possible to quickly get all policy violations for one's projects and also to only show relevant violations by filtering them as needed. It can either be used directly via the API or through the new Policy Violations Audit view, which is introduced in the frontend PR.

Addressed Issue

#1770

Additional Details

Requires the VIEW_POLICY_VIOLATIONS permission.

image

image

Checklist

  • I have read and understand the contributing guidelines
    - [ ] This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
    - [ ] This PR introduces changes to the database model, and I have added corresponding update logic
    - [ ] This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

rbt-mm and others added 5 commits March 11, 2024 10:55
Enhances the `getViolations` method in `PolicyViolationResource` to
filter the result by ACL and to also allow the use of additional
filters, so that a user can get more specific results.

Signed-off-by: RBickert <[email protected]>
Adds a new test for `PolicyViolationResource` which tests the filtering
by ACL of the newly enhanced `getViolations` method

Signed-off-by: RBickert <[email protected]>
…tions

Global Audit View: Policy Violations
Copy link

codacy-production bot commented Mar 12, 2024

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.23% (target: -1.00%) 84.54% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (ab9d19d) 21946 17265 78.67%
Head commit (1caf0d4) 22047 (+101) 17395 (+130) 78.90% (+0.23%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#3544) 97 82 84.54%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@rbt-mm
Copy link
Contributor Author

rbt-mm commented Mar 12, 2024

@nscuro Could this feature also be added to the current milestone so that it will be released alongside the other global audit view (#2472)?

@nscuro nscuro added the enhancement New feature or request label Apr 3, 2024
@nscuro nscuro self-requested a review April 3, 2024 09:11
@nscuro nscuro added this to the 4.12 milestone May 9, 2024
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just a minor issue with resource method annotations.

@nscuro nscuro merged commit eada3c4 into DependencyTrack:master Sep 24, 2024
11 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants