Uploaded image for project: 'OpenShift Dev Console'
  1. OpenShift Dev Console
  2. ODC-5131

View App Dependency vulnerabilities in Project Dashboard

XMLWordPrintable

    • View App Dependency vulnerabilities in Project Dashboard
    • To Do
    • Impediment
    • 0% To Do, 0% In Progress, 100% Done
    • S
    • GA
    • 2

      Overview

      Vulnerabilities were added to OpenShift Developer Console in 4.7, but are limited to base image vulnerabilities. Quay 3.5 is a dependency to be able to support application dependencies and Snyk integration.

      Problem:

      Currently, developers don't have visibility into vulnerabilities in their projects.

      Goal:

      Our initial requirement is to allow developers the ability to view vulnerabilities across all container images within a specific Project. 

      Why is it important?

      Use cases:

      To be updated/confirmed via Epic Exploration

      • As a developer, I want to view a count of all vulnerabilities related to app stack dependencies, across all apps in my project.
      • As a developer, I want to be able to see the vulnerability counts per application in my project.
      • As a developer, I want to be able to view a list of vulnerabilities, severity, name of the direct dependency, current version, fixed-in version, and recommended version
      • As a developer, I want to be able to click through a vulnerability to get more details from Snyk 

      Acceptance criteria

      As a developer, ...

      1. I should be able to see a list of vulnerabilities in the Vulnerabilities tab of the Project page
        1. I should be able to differentiate between different vulnerability severities
      2. I should be able to drill in and see the details of one of the vulnerabilities
        1. I should be able to filter between All vulnerabilities, App dependency or Base Image vulnerabilities on the IMV Details page
        2. I should be able to access Snyk data when available

      Dependencies (External/Internal):

      CSO

      Quay 3.5

      Slack Channel

      #tmp-odc-app-vulnerabilities in CoreOS slack

      Design Artifacts:

      UX design: https://github.com/openshift/openshift-origin-design/pull/508 

      Exploration Results

      Artifacts from Epic Exploration can be found in this drive
      – Update this list after Epic Exploration

      1. GA feature, thus should be properly documented
      2. GA feature, thus need to provide enablement
      3. Include in what's new RHD blog
      4. Consider for stretch RHD blog

      Step 1 - Empathize
      Step 2 - Define
      Step 3 - Ideate

      Note:

      Initial use case/journey ideas https://docs.google.com/presentation/d/12XmfeoZxnaOjsbRMIGr7FJtrE9ywvW5B2tEFi2wG3dQ/edit?usp=sharing

      Notes

      Depending on the user's role, the permissions might limit the sorts of actions they have access to.

              viraj-1 Vikram Raj
              sdoyle@redhat.com Serena Nichols (Inactive)
              Vikram Raj Vikram Raj
              Sanket Pathak Sanket Pathak
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: