stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
0acd2ecabbe25ef047c1d3792d238e0b2082b450
git.stella-ops.org/docs/features/checked/web/image-security-release-backed-ui.md

2.7 KiB
Raw Blame History

Image Security Release-Backed UI

Module

Web

Status

VERIFIED

Description

Mounted /security/images workspace that derives scope from live releases, release components, environments, findings, and SBOM explorer data. The page now renders truthful empty states when no release is selected and explicit unavailable-state messaging where the current backend contracts expose metadata only.

Implementation Details

  • Feature directory: src/Web/StellaOps.Web/src/app/features/image-security/
  • Canonical route: /security/images
  • Components:
    • image-security-shell (src/Web/StellaOps.Web/src/app/features/image-security/image-security-shell.component.ts)
    • image-summary-tab (src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-summary-tab.component.ts)
    • image-findings-tab (src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-findings-tab.component.ts)
    • image-sbom-tab (src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-sbom-tab.component.ts)
    • image-vex-tab (src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-vex-tab.component.ts)
    • image-evidence-tab (src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-evidence-tab.component.ts)
  • Services:
    • image-security-data (src/Web/StellaOps.Web/src/app/features/image-security/image-security-data.service.ts)
  • Source: docs/implplan/SPRINT_20260415_008_FE_ui_truthful_state_cutover_and_todo_wiring.md

E2E Test Plan

  • Setup:
    • Log in with a user that has appropriate permissions
    • Navigate to /security/images
    • Ensure at least one release exists so the scope selector can populate
  • Core verification:
    • Verify the empty state teaches the operator to select a release instead of showing fake image data
    • Select a release and verify live release images populate
    • Verify VEX and Evidence tabs show truthful metadata-only copy when deeper contracts are unavailable

Verification

  • Date (UTC): 2026-04-15T17:03:18Z
  • Tier 1 note: focused Angular suite src/Web/StellaOps.Web/src/tests/image_security/image-security-truthful-state.spec.ts passed 8/8 during the truthful-state cutover.
  • Tier 2 evidence: docs/qa/feature-checks/runs/web/image-security-release-backed-ui/run-001/tier2-ui-check.json
  • Replay scope:
    • Open /security/images and verify the mounted empty state renders No image security scope selected.
    • Select a live release and verify Release images renders from real release-scoped data.
    • Open VEX and Evidence tabs and verify the mounted page reports metadata-only or release-level limitations explicitly instead of showing fake tab content.