stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/web/ui-driven-vulnerability-annotation-and-state-management.md

2.7 KiB
Raw Blame History

UI-Driven Vulnerability Annotation and State Management

Module

Web

Status

IMPLEMENTED

Description

UI workflow for vulnerability lifecycle state management (open -> in_review -> mitigated -> closed, plus false_positive and deferred branches), VEX candidate review and approval with auto-generated justifications from Smart-Diff, and cryptographically auditable decision trails. Includes triage dashboard with severity filters and state transition modals.

Implementation Details

  • Feature directory: src/Web/StellaOps.Web/src/app/features/vulnerabilities/
  • Components:
    • claim-table (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/claim-table.component.ts)
    • confidence-meter (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/confidence-meter.component.ts)
    • policy-chips (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/policy-chips.component.ts)
    • replay-button (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/replay-button.component.ts)
    • trust-algebra (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.component.ts)
    • trust-vector-bars (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-vector-bars.component.ts)
    • vuln-triage-dashboard (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/vuln-triage-dashboard/vuln-triage-dashboard.component.ts)
    • vulnerability-detail (src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-detail.component.ts)
    • vulnerability-explorer (src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-explorer.component.ts)
  • Services:
    • trust-algebra (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.service.ts)
  • Models:
    • src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.models.ts
  • Source: SPRINT_4000_0100_0002_vuln_annotation.md

E2E Test Plan

  • Setup:
    • Log in with a user that has appropriate permissions
    • Navigate to /vulnerabilities
    • Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
  • Core verification:
    • Verify the component renders correctly with sample data
    • Verify interactive elements respond to user input
    • Verify data is fetched and displayed from the correct API endpoints
  • Edge cases:
    • Verify graceful handling when backend API is unavailable (error state)
    • Verify responsive layout at different viewport sizes
    • Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)