git.stella-ops.org/docs/features/unchecked/web/vuln-explorer-with-evidence-tree-and-citation-links.md

Vuln Explorer with Evidence Tree and Citation Links

Module

Web

Status

IMPLEMENTED

Description

Enriched vulnerability explorer with evidence tree (hierarchical proof navigation), citation link component for linking evidence to external sources, evidence subgraph visualization, triage cards with sortable attributes, and verdict explanation rendering.

Implementation Details

• Feature directory: src/Web/StellaOps.Web/src/app/features/vuln-explorer/
• Components:
  • citation-link (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/citation-link/citation-link.component.ts)
  • evidence-subgraph (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/evidence-subgraph/evidence-subgraph.component.ts)
  • evidence-tree (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/evidence-tree/evidence-tree.component.ts)
  • filter-preset-pills (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/filter-preset-pills/filter-preset-pills.component.ts)
  • triage-card (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/triage-card/triage-card.component.ts)
  • triage-filters (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/triage-filters/triage-filters.component.ts)
  • verdict-explanation (src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/verdict-explanation/verdict-explanation.component.ts)
• Services:
  • evidence-subgraph (src/Web/StellaOps.Web/src/app/features/vuln-explorer/services/evidence-subgraph.service.ts)
  • filter-url-sync (src/Web/StellaOps.Web/src/app/features/vuln-explorer/services/filter-url-sync.service.ts)
• Models:
  • src/Web/StellaOps.Web/src/app/features/vuln-explorer/components/filter-preset-pills/filter-preset.models.ts
  • src/Web/StellaOps.Web/src/app/features/vuln-explorer/models/evidence-subgraph.models.ts
• Source: Feature matrix scan

E2E Test Plan

• Setup:
  • Log in with a user that has appropriate permissions
  • Navigate to /vulnerabilities
  • Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
• Core verification:
  • Verify the component renders correctly with sample data
  • Verify interactive elements respond to user input
  • Verify data is fetched and displayed from the correct API endpoints
• Edge cases:
  • Verify graceful handling when backend API is unavailable (error state)
  • Verify responsive layout at different viewport sizes
  • Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)