Feature Request: Highlight apps using deprecated buildpacks

[jimconner]

Detailed Description

An additional 'needs maintenance' status that would be used to indicate when an application is running on a buildpack which is no longer present on the platform.

Context

It is good practice to ensure that applications running on CloudFoundry are running on an up-to-date buildpack. Many platform teams will roll out new buildpacks as they become available to ensure protection against CVE vulnerability threats and will then deprecate the older less-secure buildpacks. This practice of removing older buildpacks ensures that newly-pushed apps will consume the newer buildpack, but unfortunately any apps already running on the platform will be unaffected and may continue to run indefinitely using a potentially vulnerable buildpack. In order to remain protected against vulnerabilities applications need to be re-staged or re-pushed against the new buildpack.

Stratos already shows a number of different status (Online, Updating, Crashed etc) - And additional status type to indicate that an application is using an obsolete buildpack would help app teams to become aware that their app needs a restage or re-push to keep it up to date with newer buildpacks. This would generally enhance security for everyone.

Possible Implementation

Stratos is already reporting buildpack information obtained from the /v2/apps api endpoint using a combination of the 'buildpack' and 'detected_buildpack' fields. If this was tallied up with the buildpack names from the /v2/buildpacks endpoint then it would be possible to identify which apps are reporting using versions which are not listed by the buildpacks endpoint.

[troytop]

There is a version field in the buildpack information returned by the v3 API:

http://v3-apidocs.cloudfoundry.org/version/3.59.0/#get-current-droplet

[kreinecke]

Proposed Implementation should cover #3490