stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6e687b523aa572c0850de61175d702ad3f7d9c24
git.stella-ops.org/docs/modules/analytics/console.md
master 726d70dc7f tests fixes and sprints work
2026-01-22 19:08:46 +02:00

2.1 KiB
Raw Blame History

Analytics Console (SBOM Lake)

The Console exposes SBOM analytics lake data under Analytics > SBOM Lake. This view is read-only and uses the analytics API endpoints documented in docs/modules/analytics/README.md.

Access

  • Route: /analytics/sbom-lake
  • Required scopes: ui.read and analytics.read
  • Console admin bundles: role/analytics-viewer, role/analytics-operator, role/analytics-admin
  • Data freshness: the page surfaces the latest dataAsOf timestamp returned by the API.

Filters

The SBOM Lake page supports three filters that round-trip via URL query parameters:

  • Environment: env (optional, example: Prod)
  • Minimum severity: severity (optional, example: high)
  • Time window (days): days (optional, example: 90)

When a filter changes, the Console reloads all panels using the updated parameters. Supplier and license panels honor the environment filter alongside the other views.

Panels

The dashboard presents four summary panels:

  1. Supplier concentration (top suppliers by component count)
  2. License distribution (license categories and counts)
  3. Vulnerability exposure (top CVEs after VEX adjustments)
  4. Attestation coverage (provenance and SLSA 2+ coverage)

Each panel shows a loading state, empty state, and summary counts.

Trends

Two trend panels are included:

  • Vulnerability trend: net exposure over the selected time window
  • Component trend: total components and unique suppliers

The Console aggregates trend points by date and renders a simple bar chart plus a compact list.

Fixable Backlog

The fixable backlog table lists vulnerabilities with fixes available, grouped by component and service. The "Top backlog components" table derives a component summary from the same backlog data.

CSV Export

The "Export backlog CSV" action downloads a deterministic, ordered CSV with:

  • Service
  • Component
  • Version
  • Vulnerability
  • Severity
  • Environment
  • Fixed version

Troubleshooting

  • If panels show "No data", verify that the analytics schema and materialized views are populated.
  • If an error banner appears, check the analytics API availability and ensure the tenant has analytics.read.