Open msymons opened 1 year ago
stevespringett
commented
1 year ago We need to decompose:
Provide an integrity report in the Administration page that gives details of any problems, with severity.
into discrete things that need to be checked. Once that list is defined, we need to get consensus on the severity of each.
valentijnscholten
commented
1 year ago I'm curious about the list, if there are common things that can go wrong (and possibly can be improved or made more robust). Another option is to have more feedback in the UI about things that have gone wrong, similar to what defect dojo has. Some kind alert / notification / message box on the top right showing warnings and errors that have occurred.
nscuro
commented
1 year ago +1 for the idea.
The result of those checks should be easily consumable by automated monitoring tools. Relying on an admin user to log in would be sub-optimal, especially in setups that practice least-privilege. Also, there may be some overlap with health checks.
When run in k8s or similar orchestration platforms, failing health checks may be used to pull an instance out of load balancing (readiness). Depending on the severity of the misconfiguration, this may be desired (e.g., no point in accepting new BOM uploads if analysis will always fail).
When categorizing possible misconfigs, the different functions of the platform should be considered. It's nice to know that OSS Index may be misconfigured. but it'd be even more interesting to know when vuln analysis as a whole won't work (e.g. NVD mirroring disabled, OSS Index enabled but API key expired, and no other analyzer enabled).
Current Behavior
Dependency-Track does not provide UI feedback to the administrator to highlght when there might be configuration or other problems. Sometimes DT might not even be checking for problems. DT Logs can be useful... but an admin might even have access to them.
Proposed Behavior
Checklist