Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rating overrides should reflect in findings #966

Open
nscuro opened this issue Dec 13, 2023 · 0 comments · May be fixed by DependencyTrack/hyades-apiserver#489
Open

Rating overrides should reflect in findings #966

nscuro opened this issue Dec 13, 2023 · 0 comments · May be fixed by DependencyTrack/hyades-apiserver#489
Assignees
Labels
component/api-server defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort

Comments

@nscuro
Copy link
Member

nscuro commented Dec 13, 2023

The Findings query must be updated to reflect any applied rating overrides:

https://github.com/DependencyTrack/hyades-apiserver/blob/34884c9f395676b513374b3e3c0bf22ac4ccee78/src/main/java/org/dependencytrack/model/Finding.java#L56-L90

Currently, findings will report the original rating, despite them having been overwritten via analysis.

Note

This is also a good opportunity to rewrite the Finding query logic to use JDBI, and also add support for pagination.

@nscuro nscuro added defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort component/api-server labels Dec 13, 2023
@nscuro nscuro self-assigned this Dec 14, 2023
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Dec 14, 2023
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Dec 15, 2023
Additionally, refactor findings query to use JDBI and a single SQL statement, instead of multiple additional queries to enrich the results.

The new query also supports pagination, which the original logic didn't.

Closes DependencyTrack/hyades#966

Signed-off-by: nscuro <[email protected]>
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Dec 15, 2023
Additionally, refactor findings query to use JDBI and a single SQL statement, instead of multiple additional queries to enrich the results.

The new query also supports pagination, which the original logic didn't.

Closes DependencyTrack/hyades#966

Signed-off-by: nscuro <[email protected]>
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Dec 15, 2023
Additionally, refactor findings query to use JDBI and a single SQL statement, instead of multiple additional queries to enrich the results.

The new query also supports pagination, which the original logic didn't.

Closes DependencyTrack/hyades#966

Signed-off-by: nscuro <[email protected]>
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Dec 18, 2023
Additionally, refactor findings query to use JDBI and a single SQL statement, instead of multiple additional queries to enrich the results.

The new query also supports pagination, which the original logic didn't.

Closes DependencyTrack/hyades#966

Signed-off-by: nscuro <[email protected]>
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Dec 22, 2023
Additionally, refactor findings query to use JDBI and a single SQL statement, instead of multiple additional queries to enrich the results.

The new query also supports pagination, which the original logic didn't.

Closes DependencyTrack/hyades#966

Signed-off-by: nscuro <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component/api-server defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant