Allow notifications to be filtered using CEL expressions

[nscuro]

Description

Enables users to filter notifications before they're dispatched. A common use case being to filter NEW_VULNERABILITY notifications for vulnerabilities whose severity are below a given threshold (e.g. CRITICAL).

Implementing this using CEL expressions keeps the solution both simple to support, and easy to extend: Users can access all fields in the notification, and we don't need to make any changes when we add new notification fields.

CEL evaluation is fast and safe, so this is a perfect match.

Addressed Issue

Relates to DependencyTrack/dependency-track#3767

Additional Details

ADR PR: DependencyTrack/hyades#2127
Docs PR: DependencyTrack/hyades#2128
Frontend PR: DependencyTrack/hyades-frontend#484

Checklist

• I have read and understand the contributing guidelines
• This PR fixes a defect, and I have provided tests to verify that the fix is effective
• This PR implements an enhancement, and I have provided tests to verify that it works as intended
• This PR introduces changes to the database model, and I have updated the migration changelog accordingly
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 48 complexity

Metric	Results
Complexity	48

View in Codacy

🟢 Coverage 88.82% diff coverage · +0.11% coverage variation

Metric	Results
Coverage variation	✅ +0.11% coverage variation (-1.00%)
Diff coverage	✅ 88.82% diff coverage (70.00%)

View coverage diff in Codacy

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (34813c7)	42891	36106	84.18%
Head commit (2696a44)	43018 (+127)	36259 (+153)	84.29% (+0.11%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#1924)	152	135	88.82%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

_{TIP This summary will be updated as you push new changes. Give us feedback}

[Copilot]

Pull request overview

Adds optional CEL-based filtering to notification rules so notifications can be conditionally routed/dispatch based on notification/subject fields.

Changes:

• Add FILTER_EXPRESSION persistence support for notification rules (migration + model + persistence mapping).
• Compile/validate filter expressions on rule update and evaluate them during routing/dispatch (event + scheduled flows).
• Add API problem details + tests covering valid/invalid/blank/null filter expressions.

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
migration/src/main/resources/migration/changelog-v5.7.0.xml	Adds FILTER_EXPRESSION column to NOTIFICATIONRULE.
apiserver/src/main/java/org/dependencytrack/model/NotificationRule.java	Persists filterExpression on the rule model.
apiserver/src/main/java/org/dependencytrack/resources/v1/vo/UpdateNotificationRuleRequest.java	Accepts filterExpression (size-limited) in update payloads.
apiserver/src/main/java/org/dependencytrack/resources/v1/NotificationRuleResource.java	Compiles/validates filter expressions during rule updates; documents 400 response.
apiserver/src/main/java/org/dependencytrack/notification/NotificationFilterScriptHost.java	Introduces CEL env + compilation cache + evaluation helper for notification filters.
apiserver/src/main/java/org/dependencytrack/notification/InvalidNotificationFilterExpressionException.java	Carries CEL compilation errors (line/column/message).
apiserver/src/main/java/org/dependencytrack/resources/v1/exception/InvalidNotificationFilterExpressionExceptionMapper.java	Maps invalid filter expressions to 400 Problem Details.
apiserver/src/main/java/org/dependencytrack/resources/v1/problems/InvalidNotificationFilterExpressionProblemDetails.java	Problem Details payload including CEL errors.
apiserver/src/main/java/org/dependencytrack/resources/v1/problems/ProblemDetails.java	Registers new Problem Details subtype for OpenAPI schema.
apiserver/src/main/java/org/dependencytrack/notification/NotificationRouter.java	Evaluates filter expressions while routing event notifications.
apiserver/src/main/java/org/dependencytrack/notification/ProcessScheduledNotificationRuleActivity.java	Evaluates filter expressions before dispatching scheduled summary notifications.
apiserver/src/main/java/org/dependencytrack/persistence/NotificationQueryManager.java	Persists filterExpression on update.
apiserver/src/main/java/org/dependencytrack/persistence/jdbi/mapping/NotificationRuleRowMapper.java	Maps FILTER_EXPRESSION from DB rows to NotificationRule.
apiserver/src/main/java/org/dependencytrack/persistence/jdbi/ScheduledNotificationDao.java	Selects FILTER_EXPRESSION for scheduled rule processing.
apiserver/src/test/java/org/dependencytrack/resources/v1/NotificationRuleResourceTest.java	Adds API tests for valid/invalid/null filter expressions.
apiserver/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java	Adds routing tests for filter expressions (true/false/runtime error/blank/order).
apiserver/src/test/java/org/dependencytrack/notification/ProcessScheduledNotificationRuleActivityTest.java	Adds scheduled dispatch tests gated by filter expression outcomes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.