search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.55k stars 543 forks source link

Notifications subjects - add additional information (e.g. Project/Component/Severity) into Subject string #1823

Open JN-CSIRT opened 2 years ago

JN-CSIRT commented 2 years ago

Current Behavior:

The notification email's subject are hard coded right now.

Proposed Behavior:

add the notification subject configuration to the notification template and use same params as there exists for content.

JN-CSIRT commented 1 year ago

Current Behavior:

The notification email's subject are hard coded now and contain the project name (twice) only. E.g.: "New Vulnerability Identified on Project: [[PROJECTID]: [PROJECTID] : [VERSION]]"

Proposed Behavior: add the notification subject configuration to the notification template in order to add all necessary information E.g.: {{ notification.title }}

{% if notification.group == "NEW_VULNERABILITY" %} Email Subject: {{alert.name}}: {{ subject.component.project.name }}: {{ subject.component.project.version }}: {{ subject.component.toString }} {{ subject.component.version.toString }} {{ subject.vulnerability.severity }} Vulnerability ID: {{ subject.vulnerability.vulnId }} Vulnerability URL: {{ baseUrl }}/vulnerability/?source={{ subject.vulnerability.source }}&vulnId={{ subject.vulnerability.vulnId }} Severity: {{ subject.vulnerability.severity }} Source: {{ subject.vulnerability.source }} Component: {{ subject.component.toString }} Component URL: {{ baseUrl }}/component/?uuid={{ subject.component.uuid }} Project: {{ subject.component.project.name }} Version: {{ subject.component.project.version }} Description: {{ subject.component.project.description }} Project URL: {{ baseUrl }}/projects/{{ subject.component.project.uuid }} {% if notification.subject.affectedProjects|length > 1%}

msymons commented 1 year ago

This issue was originally raised in discussion #1811

Customizable Notification Templates were introduced in v4.6 (released October 11 2022, since this enhancement was logged) but support only customization of body... with subject still being hard-coded as of v4.7.1

JN-CSIRT commented 1 year ago

According to syalioune:

My previous answer still apply. While v4.6.0 introduced customization features, it was for the notification body content. The notification title, thus email subject, is unfortunately still hardcoded. Enhancement request #1823 is still valid.

msymons commented 1 year ago

@JN-CSIRT, I know this enhancement request is still valid.. that is why I have assigned it a priority and a milestone.

JN-CSIRT commented 1 year ago

Hi Mark, thanks a lot!

girtsn commented 1 year ago

Would be great to have also possibility to put severity in e-mail subject (well any field really). Subject is very important for mail automation rules as mentioned in the discussions.

nscuro commented 6 months ago

Reopening because the original ask was for supporting templating.