Problem:
Currently, developers don't have visibility into vulnerabilities in their projects.
Goal:
Our initial requirement is to allow developers the ability to view base image vulnerabilities across all container images within a specific Project.
Why is it important?
Use cases:
As a developer, ...
- I want to view a count of the number of images that are vulnerable in my selected project, when CSO is installed to the cluster.
- I want to see a breakdown by severity across all vulnerable images in my selected project.
- I want to see the number of vulnerabilities in each vulnerable image and the count of how many are fixable.
- I want to see how many pods are affected by each vulnerable image
- I want a link to access details in Quay for each vulnerable container image that is stored in that repository
Acceptance criteria
As a developer, ...
- I should be able to see an option to view list of Vulnerabilities for a selected project
- I should be able to see the total count of vulnerable images in a selected project
- I should be able to see severity-based counts of all vulnerable images in a selected project
- I should be able to drill into severity, count of vulnerabilities, count of fixable vulnerabilities, number of affected pods for each vulnerable image
- I should be able to launch the Quay UI panel, in context of the manifest of the vulnerable image stored in that repository
Dependencies (External/Internal):
CSO
Slack Channel
#tmp-odc-app-vulnerabilities in CoreOS slack
Design Artifacts:
tbd
Exploration:
Step 1 - Empathize
Step 2 - Define
Step 3 - Ideate
Note:
Initial use case/journey ideas https://docs.google.com/presentation/d/12XmfeoZxnaOjsbRMIGr7FJtrE9ywvW5B2tEFi2wG3dQ/edit?usp=sharing
Notes
Depending on the user's role, the permissions might limit the sorts of actions they have access to.
There are no Sub-Tasks for this issue.