Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayBackend project contains source code of backend with all plugin integrations writer in Spring Boot.
Currently vulnerability trend chart is generated based on records in VulnHistory table.
This table is generated based on scheduler in GlobalScheduler.createHistoryForVulns()
to be
VulnHistory table to be extended -> to contain information about severities
e.g.: codeVulnHistory to -> codeVulnHistory, codeVulnCriticalHistory, codeVulnHighHistory, codeVulnMediumHistory, codeVulnLowHistory (where codeVulnHistory = codeVulnCriticalHistory+codeVulnHighHistory+codeVulnMediumHistory+codeVulnLowHistory)
note: it is important that the overall (e.g. codeVulnHistory) still exists as it is used in many places by the frontend.
Additional: new API Endpoint that will print history for project with severities has to be created
To do
[ ] Create new columns in VulnHistory table (via changelog)
[ ] Modify createVulnHistoryService.createScheduled(project) to populate new columns
[ ] Create API endpoint in ProjectRestController that show history for project including information about severities
As is
Currently vulnerability trend chart is generated based on records in
VulnHistorytable.This table is generated based on scheduler in
GlobalScheduler.createHistoryForVulns()to be
VulnHistorytable to be extended -> to contain information about severities e.g.: codeVulnHistory to ->codeVulnHistory, codeVulnCriticalHistory, codeVulnHighHistory, codeVulnMediumHistory, codeVulnLowHistory(wherecodeVulnHistory = codeVulnCriticalHistory+codeVulnHighHistory+codeVulnMediumHistory+codeVulnLowHistory)note: it is important that the overall (e.g. codeVulnHistory) still exists as it is used in many places by the frontend.
Additional: new API Endpoint that will print history for project with severities has to be created
To do
VulnHistorytable (via changelog)createVulnHistoryService.createScheduled(project)to populate new columnsProjectRestControllerthat show history for project including information about severities