search

defenseunicorns / uds-runtime

UDS Runtime API & UI
Apache License 2.0
6 stars 3 forks source link

Security Hub Views in Runtime (SBOM & CVE Data) #281

Open adam-defenseunicorns opened 4 weeks ago

adam-defenseunicorns commented 4 weeks ago

Is your feature request related to a problem? Please describe

As a security professional, I would like to view the current state of SBOMs in my cluster and be able to view SBOMs by image. I would like to be able to sort the table data by each column listed. I would like the ability to export table data in .csv format.

Describe the solution you'd like

As a security professional, I would like to view the following information:

For the Cluster: Top Level:

Table:

For "By Image" Tab

(optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context

Screenshot 2024-09-04 at 12 12 18 PM Screenshot 2024-09-04 at 12 11 27 PM
adam-defenseunicorns commented 1 week ago

Connected to #367

DannyDTenacious commented 2 days ago

This clarification was provided in Slack; pasting in ticket as well. More detail for items: (Cluster Overview) Author: Author or provider of the package (By Image) Image ID (the unique Image sha identifier... can be truncated with "...") Component (an old carry over from previous design, can be removed) App Name (name of software component) Author (Identity of the creator or provider of the component) Reporter (if available, the reporter of the CVE identified) Vex Status (Vulnerability Exploitability eXchange - a security advisory status that gives insight into priority of the CVE) Justified (this is not needed during this current phase of development; eventually, this will contain the justification provided by the Mission Hero for how they have mitigated this particular CVE for ATO requirements)