44 lines
2.7 KiB
Markdown
44 lines
2.7 KiB
Markdown
# Image Security Release-Backed UI
|
|
|
|
## Module
|
|
Web
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Mounted `/security/images` workspace that derives scope from live releases, release components, environments, findings, and SBOM explorer data. The page now renders truthful empty states when no release is selected and explicit unavailable-state messaging where the current backend contracts expose metadata only.
|
|
|
|
## Implementation Details
|
|
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/image-security/`
|
|
- **Canonical route**: `/security/images`
|
|
- **Components**:
|
|
- `image-security-shell` (`src/Web/StellaOps.Web/src/app/features/image-security/image-security-shell.component.ts`)
|
|
- `image-summary-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-summary-tab.component.ts`)
|
|
- `image-findings-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-findings-tab.component.ts`)
|
|
- `image-sbom-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-sbom-tab.component.ts`)
|
|
- `image-vex-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-vex-tab.component.ts`)
|
|
- `image-evidence-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-evidence-tab.component.ts`)
|
|
- **Services**:
|
|
- `image-security-data` (`src/Web/StellaOps.Web/src/app/features/image-security/image-security-data.service.ts`)
|
|
- **Source**: `docs/implplan/SPRINT_20260415_008_FE_ui_truthful_state_cutover_and_todo_wiring.md`
|
|
|
|
## E2E Test Plan
|
|
- **Setup**:
|
|
- [ ] Log in with a user that has appropriate permissions
|
|
- [ ] Navigate to `/security/images`
|
|
- [ ] Ensure at least one release exists so the scope selector can populate
|
|
- **Core verification**:
|
|
- [ ] Verify the empty state teaches the operator to select a release instead of showing fake image data
|
|
- [ ] Select a release and verify live release images populate
|
|
- [ ] Verify VEX and Evidence tabs show truthful metadata-only copy when deeper contracts are unavailable
|
|
|
|
## Verification
|
|
- Date (UTC): 2026-04-15T17:03:18Z
|
|
- Tier 1 note: focused Angular suite `src/Web/StellaOps.Web/src/tests/image_security/image-security-truthful-state.spec.ts` passed 8/8 during the truthful-state cutover.
|
|
- Tier 2 evidence: `docs/qa/feature-checks/runs/web/image-security-release-backed-ui/run-001/tier2-ui-check.json`
|
|
- Replay scope:
|
|
- Open `/security/images` and verify the mounted empty state renders `No image security scope selected`.
|
|
- Select a live release and verify `Release images` renders from real release-scoped data.
|
|
- Open `VEX` and `Evidence` tabs and verify the mounted page reports metadata-only or release-level limitations explicitly instead of showing fake tab content.
|