Research: Confirm/validate that Security Hub is provided the needed data/format for Marketplace, Runtime & Website

[DannyDTenacious]

Need to confirm that current data points and formats are meeting the needs for Marketplace, Runtime & Website to consume. Below are the top level items that will be surfaced on the page (but a full detailed view will still be surfaced in the drawer view).

For the Cluster: Top Level:

Total number of Critical Issues Total number of High Issues Average time it takes to 'resolve' an issue Table:

Build Date Package Name Package Version Author CVE Count (total for this package) Critical CVEs (default view is ordered by this data alphabetically) High CVEs Images w/Package (total number of images with this package) For "By Image" Tab

Image ID [Image Sha] Component App Name App Version Author Vulnerability ID Severity (CVE Level) (default view is ordered by this data alphabetically) [Critical, High, Medium, Low, Negligible] Reporter Vex Status [Affected, Under Investigation, Not Affected] Describe alternatives you've considered Justification Status [Completed, Needed, Pending, Not Needed] Describe alternatives you've considered (optional) A clear and concise description of any alternative solutions or features you've considered.

Figma Design for Runtime Security Pages: https://www.figma.com/design/zmKcJ9Xin7ChzyGy6RCFLe/UDS-Runtime-(UI%2FCLI)?node-id=2869-4943&node-type=canvas&t=xDwxkkPdtvVjEiUZ-0

[benjaminwilcox]

I believe Jeff confirmed that both marketplace and runtime should be consuming the db directly and not via an API.