43 lines
2.7 KiB
Markdown
43 lines
2.7 KiB
Markdown
# UI-Driven Vulnerability Annotation and State Management
|
|
|
|
## Module
|
|
Web
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
UI workflow for vulnerability lifecycle state management (open -> in_review -> mitigated -> closed, plus false_positive and deferred branches), VEX candidate review and approval with auto-generated justifications from Smart-Diff, and cryptographically auditable decision trails. Includes triage dashboard with severity filters and state transition modals.
|
|
|
|
## Implementation Details
|
|
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/vulnerabilities/`
|
|
- **Components**:
|
|
- `claim-table` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/claim-table.component.ts`)
|
|
- `confidence-meter` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/confidence-meter.component.ts`)
|
|
- `policy-chips` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/policy-chips.component.ts`)
|
|
- `replay-button` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/replay-button.component.ts`)
|
|
- `trust-algebra` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.component.ts`)
|
|
- `trust-vector-bars` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-vector-bars.component.ts`)
|
|
- `vuln-triage-dashboard` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/vuln-triage-dashboard/vuln-triage-dashboard.component.ts`)
|
|
- `vulnerability-detail` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-detail.component.ts`)
|
|
- `vulnerability-explorer` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-explorer.component.ts`)
|
|
- **Services**:
|
|
- `trust-algebra` (`src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.service.ts`)
|
|
- **Models**:
|
|
- `src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/trust-algebra/trust-algebra.models.ts`
|
|
- **Source**: SPRINT_4000_0100_0002_vuln_annotation.md
|
|
|
|
## E2E Test Plan
|
|
- **Setup**:
|
|
- [ ] Log in with a user that has appropriate permissions
|
|
- [ ] Navigate to `/vulnerabilities`
|
|
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
|
- **Core verification**:
|
|
- [ ] Verify the component renders correctly with sample data
|
|
- [ ] Verify interactive elements respond to user input
|
|
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
|
- **Edge cases**:
|
|
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
|
- [ ] Verify responsive layout at different viewport sizes
|
|
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|