Re-design Vulnerability details page

cisagov / crossfeed

External monitoring for organization assets

https://docs.crossfeed.cyber.dhs.gov

Creative Commons Zero v1.0 Universal

372 stars 54 forks source link

Re-design Vulnerability details page #2352

Closed ameliav closed 8 months ago

ameliav commented 1 year ago

🗣 Description

Re-design the current Vulnerability details page. Completes issues: #2306, #2307, #2308, #2309

💭 Motivation and context

Change makes for a better user interface for the Vulnerability details page.

🧪 Testing

✅ Pre-approval checklist

[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[x] All future TODOs are captured in issues, which are referenced in code comments.
[x] All relevant type-of-change labels have been added.
[x] I have read the CONTRIBUTING document.
[x] These code changes follow cisagov code standards.
[x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
[ ] Tests have been added and/or modified to cover the changes in this PR.
[ ] All new and existing tests pass.

✅ Pre-merge checklist

[ ] Revert dependencies to default branches.
[ ] Finalize version.

✅ Post-merge checklist

[ ] Create a release.

ameliav commented 9 months ago

The page is mostly complete except for the below.

Todos:

Research where the rest of "Installed Known Products" can be found. I only found Misc in the code in DomainDetails file. [Completed. Will use the same code as DomainDetails. To be tested further in staging.]
Find where the CWE Name is located in the database or add it in. [Out of scope. Confirmed that the API does not bring in this field. Need a discussion to re-design this section.]
Work with team to decide on where "Add Notes" section should be stored in the database. [Out of scope. Needs its own task and to be fleshed out more.]

schmelz21 commented 9 months ago

@ameliav , upon review please remove the CWE Name reference and move forward with merging the Vuln details page in its current state. We will Issue separate tickets to support the notes section and the CWE name. They both require more detailed planning.

Matthew-Grayson commented 9 months ago

Some of the TODO comments in the code are a bit disconcerting (e.g. //TODO: change this to something else??)

Understandable. There are just a few things about the new tables that don't match the rest of the code base. The column names for one thing use snake case instead of camel case. This adds confusion to development when displaying detailed information from API responses. I think we should make these changes before the new tables are deployed to production.

I'll create an issue and link it.

Matthew-Grayson commented 9 months ago

@cduhn17 @rapidray12 TODOs captured here. https://github.com/cisagov/crossfeed/issues/2521 https://github.com/cisagov/crossfeed/issues/2522 https://github.com/cisagov/crossfeed/issues/2523 https://github.com/cisagov/crossfeed/issues/2524