48 lines
2.7 KiB
Markdown
48 lines
2.7 KiB
Markdown
# UI-Driven Vulnerability Annotation and State Management
|
|
|
|
## Module
|
|
Web
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
UI workflow for vulnerability lifecycle state management (`open -> in_review -> mitigated -> closed`, plus `false_positive` and `deferred` branches), VEX candidate review and approval, and auditable operator decision flow through the triage dashboard.
|
|
|
|
## Implementation Details
|
|
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/vulnerabilities/`
|
|
- **Route surface**:
|
|
- `src/Web/StellaOps.Web/src/app/app.routes.ts` (`/vulnerabilities/triage`)
|
|
- **Components**:
|
|
- `vuln-triage-dashboard` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/vuln-triage-dashboard/vuln-triage-dashboard.component.ts`)
|
|
- `vulnerability-detail` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-detail.component.ts`)
|
|
- `vulnerability-explorer` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-explorer.component.ts`)
|
|
- **APIs/Models**:
|
|
- `src/Web/StellaOps.Web/src/app/core/api/vuln-annotation.client.ts`
|
|
- `src/Web/StellaOps.Web/src/app/core/api/vuln-annotation.models.ts`
|
|
- **Behavior coverage**:
|
|
- `src/Web/StellaOps.Web/src/tests/vulnerabilities/ui-driven-vulnerability-annotation-and-state-management.behavior.spec.ts`
|
|
- **Source**: `SPRINT_4000_0100_0002_vuln_annotation.md`
|
|
|
|
## E2E Test Plan
|
|
- **Setup**:
|
|
- [ ] Log in with a user that has vulnerability triage permissions
|
|
- [ ] Navigate to `/vulnerabilities/triage`
|
|
- [ ] Ensure fixture/API data exists for findings and pending VEX candidates
|
|
- **Core verification**:
|
|
- [ ] Verify summary, findings, and VEX candidate lists load on dashboard init
|
|
- [ ] Verify state transition modal submits target state/justification and refreshes state
|
|
- [ ] Verify candidate approve/reject actions submit deterministic payloads and refresh candidate/summary views
|
|
- [ ] Verify details action routes to `/vulnerabilities/:vulnId`
|
|
- **Edge cases**:
|
|
- [ ] Verify graceful handling when vulnerability annotation APIs are unavailable
|
|
- [ ] Verify empty-list rendering for filtered findings/candidates
|
|
- [ ] Verify accessibility basics (keyboard navigation and semantic labels)
|
|
|
|
## Verification
|
|
- Run ID: `docs/qa/feature-checks/runs/web/ui-driven-vulnerability-annotation-and-state-management/run-001/`
|
|
- Date (UTC): 2026-02-11
|
|
- Tier 0: PASS (source/symbol verification for triage route mounting, details navigation wiring, and supported behavior harness under `src/tests/**`).
|
|
- Tier 1: PASS (`npm run test` focused suite: 25 files / 123 tests; `npm run build` passed with known baseline warnings).
|
|
- Tier 2: PASS (route declaration, init data load, state transition flow, candidate approve/reject flow, and details-route navigation behavior).
|