Add admin UI for custom vulnerability ID generation#1660
Open
heyiamwahab236 wants to merge 1 commit into
Open
Conversation
Frontend companion to the template-based vulnerability ID generator: - New Administration -> Configuration -> Customization page for the vulnerability ID settings: use-custom toggle (off by default), org code, default project code, template editor with clickable placeholder badges, sequence reset policy, sequence padding, and a live preview of the generated identifier. - New customization plugin exposing the /api/v1/customization/vulnerability-id endpoints with in-memory caching; settings are preloaded once after authentication and shared across components. - The create-vulnerability modal now previews the next identifier via GET /api/v1/vulnerability/vulnId/preview without reserving it. When the user keeps the auto-generated identifier, the create request omits vulnId so the server allocates it atomically inside the create transaction, with a single retry on a duplicate-identifier conflict. A manually entered identifier behaves exactly as before. - en.json keys only; other locales are managed via Crowdin. Signed-off-by: Abdul Wahab Shah <abdul.shah@tecan.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds the admin UI for the opt-in custom vulnerability ID feature: an
Administration → Configuration → Customization page with an enable toggle (off by
default), organization code, template editor with clickable placeholder badges,
sequence reset policy, padding, and a live preview of the generated identifier. The
create-vulnerability modal previews the next identifier and lets the server allocate
it atomically on save (with a single retry if the previewed identifier was taken in
the meantime). When the feature is disabled, the create form behaves exactly as before.
Addressed Issue
Part of DependencyTrack/dependency-track#6638
Frontend companion to DependencyTrack/dependency-track#6639
Additional Details
Depends on the backend PR above for the
/api/v1/customization/vulnerability-id(GET/PUT) and
/api/v1/vulnerability/vulnId+/vulnId/previewendpoints. Onlyen.jsonis updated; other locales are handled via Crowdin. Verified withnpm run build,npm run lint(no new lint findings vs. the base branch), and amanual end-to-end test with the backend PR: configure → save → persist across reload →
create vulnerability with generated ID → sequence increment → manual ID override →
disable → fallback to the default random format.
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR introduces changes to the database model, and I have updated the migration changelog accordinglyThis PR introduces new or alters existing behavior, and I have updated the documentation accordinglyThis PR is a substantial change (per the ADR criteria), and I have added an ADR underdocs/adr/