Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance metrics to include audited/unaudited violations by classification #3612

Open
2 tasks done
setchy opened this issue Apr 10, 2024 · 2 comments · May be fixed by #3615
Open
2 tasks done

Enhance metrics to include audited/unaudited violations by classification #3612

setchy opened this issue Apr 10, 2024 · 2 comments · May be fixed by #3615
Labels
enhancement New feature or request good first issue Good for newcomers p3 Nice-to-have features size/S Small effort

Comments

@setchy
Copy link
Contributor

setchy commented Apr 10, 2024
edited

Current Behavior

There are a number of APIs that return metrics information in the following shape

"metrics": {
    "critical": 0,
    "high": 0,
    "medium": 0,
    "low": 0,
    "unassigned": 0,
    "vulnerabilities": 0,
    "vulnerableComponents": 0,
    "components": 0,
    "suppressed": 0,
    "findingsTotal": 0,
    "findingsAudited": 0,
    "findingsUnaudited": 0,
    "inheritedRiskScore": 0.0,
    "policyViolationsFail": 0,
    "policyViolationsWarn": 0,
    "policyViolationsInfo": 0,
    "policyViolationsTotal": 0,
    "policyViolationsAudited": 0,
    "policyViolationsUnaudited": 0,
    "policyViolationsSecurityTotal": 0,
    "policyViolationsSecurityAudited": 0,
    "policyViolationsSecurityUnaudited": 0,
    "policyViolationsLicenseTotal": 0,
    "policyViolationsLicenseAudited": 0,
    "policyViolationsLicenseUnaudited": 0,
    "policyViolationsOperationalTotal": 0,
    "policyViolationsOperationalAudited": 0,
    "policyViolationsOperationalUnaudited": 0,
    "firstOccurrence": 1234567890,
    "lastOccurrence": 1234567890
}

For some dimensions it provides total, audited and unaudited breakdowns, with the exception being

  • policyViolationsFail
  • policyViolationsWarn
  • policyViolationsInfo

Proposed Behavior

Enhance the metrics object to include the total/audited/unaudited breakdown

{
  ...
  "policyViolationsFailTotal": 0,
  "policyViolationsFailAudited": 0,
  "policyViolationsFailUnaudited": 0,
  "policyViolationsWarnTotal": 0,
  "policyViolationsWarnAudited": 0,
  "policyViolationsWarnUnaudited": 0,
  "policyViolationsInfoTotal": 0,
  "policyViolationsInfoAudited": 0,
  "policyViolationsInfoUnaudited": 0,
  ...
}

Checklist
@setchy setchy added the enhancement New feature or request label Apr 10, 2024
@nscuro nscuro added p3 Nice-to-have features good first issue Good for newcomers size/S Small effort labels Apr 11, 2024
@setchy
Copy link
Contributor Author

setchy commented Apr 12, 2024

@nscuro - would you want this to be a non-breaking or breaking change (ie: maintain policyViolationsFail, policyViolationsWarn & policyViolationsInfo or just move forward with the 9 new fields)

@nscuro
Copy link
Member

nscuro commented Apr 12, 2024

It should be a non-breaking change.

@setchy setchy linked a pull request Apr 13, 2024 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers p3 Nice-to-have features size/S Small effort
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(metrics): audited/unaudited by policy violation state setchy/dependency-track
2 participants
@setchy @nscuro