43 lines
2.6 KiB
Markdown
43 lines
2.6 KiB
Markdown
# Impact-First Vulnerability Detail (EPSS/KEV)
|
|
|
|
## Module
|
|
Web
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Vulnerability detail page redesigned with impact-first layout showing EPSS probability, KEV catalog status, reachability state, and blast radius before technical details.
|
|
|
|
## Implementation Details
|
|
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/vulnerabilities/`
|
|
- **Components**:
|
|
- `claim-table` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/claim-table.component.ts`)
|
|
- `confidence-meter` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/confidence-meter.component.ts`)
|
|
- `policy-chips` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/policy-chips.component.ts`)
|
|
- `replay-button` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/replay-button.component.ts`)
|
|
- `trust-algebra` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.component.ts`)
|
|
- `trust-vector-bars` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-vector-bars.component.ts`)
|
|
- `vuln-triage-dashboard` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/vuln-triage-dashboard/vuln-triage-dashboard.component.ts`)
|
|
- `vulnerability-detail` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-detail.component.ts`)
|
|
- `vulnerability-explorer` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-explorer.component.ts`)
|
|
- **Services**:
|
|
- `trust-algebra` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.service.ts`)
|
|
- **Models**:
|
|
- `src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.models.ts`
|
|
- **Source**: SPRINT_20260118_007_FE_security_consolidation.md
|
|
|
|
## E2E Test Plan
|
|
- **Setup**:
|
|
- [ ] Log in with a user that has appropriate permissions
|
|
- [ ] Navigate to `/vulnerabilities`
|
|
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
|
- **Core verification**:
|
|
- [ ] Verify the component renders correctly with sample data
|
|
- [ ] Verify interactive elements respond to user input
|
|
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
|
- **Edge cases**:
|
|
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
|
- [ ] Verify responsive layout at different viewport sizes
|
|
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|