Skip to content

Add admin UI for custom vulnerability ID generation#1660

Open
heyiamwahab236 wants to merge 1 commit into
DependencyTrack:4.14.xfrom
tecan:feature/custom-vuln-id
Open

Add admin UI for custom vulnerability ID generation#1660
heyiamwahab236 wants to merge 1 commit into
DependencyTrack:4.14.xfrom
tecan:feature/custom-vuln-id

Conversation

@heyiamwahab236

Copy link
Copy Markdown

Description

Adds the admin UI for the opt-in custom vulnerability ID feature: an
Administration → Configuration → Customization page with an enable toggle (off by
default), organization code, template editor with clickable placeholder badges,
sequence reset policy, padding, and a live preview of the generated identifier. The
create-vulnerability modal previews the next identifier and lets the server allocate
it atomically on save (with a single retry if the previewed identifier was taken in
the meantime). When the feature is disabled, the create form behaves exactly as before.

Addressed Issue

Part of DependencyTrack/dependency-track#6638
Frontend companion to DependencyTrack/dependency-track#6639

Additional Details

Depends on the backend PR above for the /api/v1/customization/vulnerability-id
(GET/PUT) and /api/v1/vulnerability/vulnId + /vulnId/preview endpoints. Only
en.json is updated; other locales are handled via Crowdin. Verified with
npm run build, npm run lint (no new lint findings vs. the base branch), and a
manual end-to-end test with the backend PR: configure → save → persist across reload →
create vulnerability with generated ID → sequence increment → manual ID override →
disable → fallback to the default random format.

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have updated the migration changelog accordingly
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly
  • This PR is a substantial change (per the ADR criteria), and I have added an ADR under docs/adr/

Frontend companion to the template-based vulnerability ID generator:

- New Administration -> Configuration -> Customization page for the
  vulnerability ID settings: use-custom toggle (off by default), org code,
  default project code, template editor with clickable placeholder badges,
  sequence reset policy, sequence padding, and a live preview of the
  generated identifier.
- New customization plugin exposing the /api/v1/customization/vulnerability-id
  endpoints with in-memory caching; settings are preloaded once after
  authentication and shared across components.
- The create-vulnerability modal now previews the next identifier via
  GET /api/v1/vulnerability/vulnId/preview without reserving it. When the
  user keeps the auto-generated identifier, the create request omits vulnId
  so the server allocates it atomically inside the create transaction, with
  a single retry on a duplicate-identifier conflict. A manually entered
  identifier behaves exactly as before.
- en.json keys only; other locales are managed via Crowdin.

Signed-off-by: Abdul Wahab Shah <abdul.shah@tecan.com>
@owasp-dt-bot

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants