Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
…rity tab (#368) Pre-#368 the per-artifact Security tab only queried sbomApi.getCveHistory and Dependency-Track. A user who triggered a scan via POST /api/v1/security/scan for a specific artifact and whose scan completed with real findings couldn't see those findings on the artifact's own page — they had to navigate to /security/scans and find the right scan ID by artifact name + timestamp. The natural single-pane-of-glass was empty. The SDK method securityApi.listArtifactScans(artifact.id) already existed but had no consumer. Wire it up. src/app/(app)/repositories/_components/security-tab-content.tsx: + new ArtifactScansSection component, exported for testing + queryKey: ["security", "artifact-scans", artifactId] + table: status / type / findings (with crit/high pills) / completed_at / "View findings" link to /security/scans/[id] + empty / loading / error states matching the rest of the tab + mounted in SecurityTabContent above the DT section src/app/(app)/repositories/_components/__tests__/artifact-scans-section.test.tsx (new): + empty / loading / error / row-rendered states + critical & high counts hidden when zero + locks the queryKey shape so a future rename surfaces at typecheck CHANGELOG entry under [Unreleased] / Fixed. Closes #368.
brandonrc
force-pushed
the
feat/368-artifact-security-tab-scan-findings
branch
from
7938c90 to
2802256
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #368. The per-artifact Security tab used to show only SBOM CVE history and Dependency-Track findings — never the native
scan_findingstable. A user who triggered a scan viaPOST /api/v1/security/scanfor a specific artifact had no way to see the resulting findings on the artifact's own page.This wires up
securityApi.listArtifactScans(artifact.id)(which already existed but had no consumer) and renders the recent scan_results rows for the artifact with a "View findings" link to the per-scan page.What's new
ArtifactScansSectioncomponent (exported for testing)SecurityTabContentabove the Dependency-Track section/security/scans/[id]Test plan
npm test— 2088/2088 (6 new inartifact-scans-section.test.tsx)npm run lint— 0 errorsnpm run build— succeeds🤖 Generated with Claude Code