WIP

Author: andnorda

src/lib/components/errors/ErrorMessage.svelte

@@ -6,9 +6,15 @@
 		error,
 		workloadType,
 		instances,
+		teamSlug,
+		workloadName,
+		environment,
 		docURL
 	}: {
 		workloadType: 'App' | 'Job';
+		teamSlug: string;
+		workloadName: string;
+		environment: string;
 		instances?: {
 			name: string;
 			status: { message: string };
@@ -33,6 +39,11 @@
 							name: string;
 							detail: string;
 					  }
+					| {
+							__typename: 'WorkloadStatusVulnerable';
+							riskScore: number;
+							critical: number;
+					  }
 			  ))
 			| { __typename: "non-exhaustive; don't match this" };
 		docURL: (path: string) => string;
@@ -55,7 +66,8 @@
 		WorkloadStatusSynchronizationFailing: 'Rollout Failed - Synchronization Error',
 		WorkloadStatusDeprecatedRegistry: 'Deprecated Image Registry',
 		WorkloadStatusNoRunningInstances: 'No Running Instances',
-		WorkloadStatusFailedRun: 'Job Failed'
+		WorkloadStatusFailedRun: 'Job Failed',
+		WorkloadStatusVulnerable: 'High Risk: Vulnerabilities Detected'
 	};
 </script>
 
@@ -139,6 +151,31 @@
 				<BodyLong>
 					Check logs if available. If you're unable to resolve the issue, contact the Nais team.
 				</BodyLong>
+			{:else if error.__typename === 'WorkloadStatusVulnerable'}
+				<BodyLong>
+					{#if error.riskScore > 100}
+						<strong>Risk Score:</strong>
+						{error.riskScore} (Exceeds threshold of 100)<br />
+					{/if}
+					{#if error.critical > 0}
+						<strong>Critical Vulnerabilities:</strong>
+						{error.critical}
+					{/if}
+				</BodyLong>
+				<BodyLong>
+					Workloads are flagged as vulnerable if their dependencies have a high risk score or
+					critical vulnerabilities.
+				</BodyLong>
+				<BodyLong>
+					Review detailed vulnerability information in the <a
+						href="/team/{teamSlug}/{environment}/{workloadType === 'Job'
+							? 'job'
+							: 'app'}/{workloadName}/vulnerability-report">Vulnerability Report</a
+					>, and update affected dependencies to their latest patched versions.
+				</BodyLong>
+				<BodyLong>
+					Ignoring these vulnerabilities can expose your application to potential security breaches.
+				</BodyLong>
 			{/if}
 		</div>
 	</Alert>

src/lib/components/errors/RiskScore.stories.svelte

@@ -0,0 +1,106 @@
+<script module>
+	import { defineMeta } from '@storybook/addon-svelte-csf';
+	import ErrorMessage from './ErrorMessage.svelte';
+	import TeamErrorMessage from './TeamErrorMessage.svelte';
+
+	const { Story } = defineMeta({
+		title: 'Errors/Vulnerable Image',
+		tags: ['autodocs']
+	});
+</script>
+
+<Story name="Risk Score - Workload">
+	<ErrorMessage
+		docURL={(p) => p}
+		error={{
+			__typename: 'WorkloadStatusVulnerable',
+			level: 'WARNING',
+			riskScore: 276,
+			critical: 0
+		}}
+		teamSlug="team-service-management"
+		workloadName="ip-lookup-preprod"
+		environment="dev-fss"
+		workloadType="App"
+	/>
+</Story>
+
+<Story name="Critical - Workload">
+	<ErrorMessage
+		docURL={(p) => p}
+		error={{
+			__typename: 'WorkloadStatusVulnerable',
+			level: 'WARNING',
+			riskScore: 70,
+			critical: 7
+		}}
+		teamSlug="team-service-management"
+		workloadName="ip-lookup-preprod"
+		environment="dev-fss"
+		workloadType="App"
+	/>
+</Story>
+
+<Story name="Both - Workload">
+	<ErrorMessage
+		docURL={(p) => p}
+		error={{
+			__typename: 'WorkloadStatusVulnerable',
+			level: 'WARNING',
+			riskScore: 276,
+			critical: 1
+		}}
+		teamSlug="team-service-management"
+		workloadName="ip-lookup-preprod"
+		environment="dev-fss"
+		workloadType="App"
+	/>
+</Story>
+
+<Story name="Team - Singular">
+	<TeamErrorMessage
+		teamSlug="team-service-management"
+		error={{
+			__typename: 'WorkloadStatusVulnerable',
+			level: 'WARNING'
+		}}
+		workloads={[
+			{
+				__typename: 'App',
+				name: 'ip-lookup-preprod',
+				teamEnvironment: { environment: { name: 'dev-fss' } },
+				team: { slug: 'team-service-management' }
+			}
+		]}
+	/>
+</Story>
+
+<Story name="Team - Multiple">
+	<TeamErrorMessage
+		teamSlug="team-service-management"
+		error={{
+			__typename: 'WorkloadStatusVulnerable',
+			level: 'WARNING'
+		}}
+		workloads={[
+			{
+				__typename: 'App',
+				name: 'ip-lookup-preprod',
+				teamEnvironment: { environment: { name: 'dev-fss' } },
+				team: { slug: 'team-service-management' }
+			},
+			{
+				__typename: 'App',
+				name: 'tsm-dustin-integration-preprod',
+				teamEnvironment: { environment: { name: 'prod-fss' } },
+				team: { slug: 'team-service-management' }
+			},
+			{
+				__typename: 'App',
+				name: 'tsm-dustin-integration-preprod',
+				teamEnvironment: { environment: { name: 'prod-fss' } },
+				team: { slug: 'team-service-management' }
+			}
+		]}
+	/>
+</Story>

src/lib/components/errors/TeamErrorMessage.svelte

@@ -16,7 +16,8 @@
 				| 'WorkloadStatusSynchronizationFailing'
 				| 'WorkloadStatusDeprecatedRegistry'
 				| 'WorkloadStatusNoRunningInstances'
-				| 'WorkloadStatusFailedRun';
+				| 'WorkloadStatusFailedRun'
+				| 'WorkloadStatusVulnerable';
 		};
 		workloads: {
 			__typename: string | null;
@@ -43,14 +44,16 @@
 		WorkloadStatusSynchronizationFailing: 'Rollout Failed - Synchronization Error',
 		WorkloadStatusDeprecatedRegistry: 'Deprecated Image Registry',
 		WorkloadStatusNoRunningInstances: 'No Running Instances',
-		WorkloadStatusFailedRun: 'Job Failed'
+		WorkloadStatusFailedRun: 'Job Failed',
+		WorkloadStatusVulnerable: 'High Risk: Vulnerabilities Detected'
 	};
 	const summary = {
 		WorkloadStatusInvalidNaisYaml: 'Workloads with invalid manifests',
 		WorkloadStatusSynchronizationFailing: 'Workloads with synchronization errors',
 		WorkloadStatusDeprecatedRegistry: 'Workloads with deprecated image registries',
 		WorkloadStatusNoRunningInstances: 'Applications with no running instances',
-		WorkloadStatusFailedRun: 'Failed jobs'
+		WorkloadStatusFailedRun: 'Failed jobs',
+		WorkloadStatusVulnerable: 'High risk workloads'
 	};
 </script>
 
@@ -94,21 +97,36 @@
 			<BodyLong>
 				The following job{workloads.length === 1 ? ' has' : 's have'} failed.
 			</BodyLong>
+		{:else if error.__typename === 'WorkloadStatusVulnerable'}
+			<BodyLong>
+				The following workload{workloads.length === 1 ? ' is' : 's are'} flagged as vulnerable because
+				{workloads.length === 1 ? 'its' : 'their'} dependencies have a high risk score or critical vulnerabilities.
+			</BodyLong>
 		{/if}
 		<div>
 			{#if workloads.length < 5}
 				{#each workloads as workload (workload)}
-					<WorkloadLink {workload} />
+					<WorkloadLink {workload} hideTeam />
 				{/each}
 			{:else}
 				<details>
 					<summary>{summary[error.__typename]}</summary>
 					{#each workloads as workload (workload)}
-						<WorkloadLink {workload} />
+						<WorkloadLink {workload} hideTeam />
 					{/each}
 				</details>
 			{/if}
 		</div>
+
+		{#if error.__typename === 'WorkloadStatusVulnerable'}
+			<BodyLong>
+				// TODO: fortsett her Review detailed vulnerability information in each workload's
+				Vulnerability Report, and update affected dependencies to their latest patched versions.
+			</BodyLong>
+			<BodyLong>
+				Ignoring these vulnerabilities can expose your workloads to potential security breaches.
+			</BodyLong>
+		{/if}
 	</div></Alert
 >