nais
diff --git a/‎src/lib/components/Image.svelte
-93 b/‎src/lib/components/Image.svelte
-93
diff --git a/‎src/lib/components/WorkloadVulnerabilitySummary.svelte
+17-30 b/‎src/lib/components/WorkloadVulnerabilitySummary.svelte
+17-30
diff --git a/‎src/lib/utils/image.ts
+4-1 b/‎src/lib/utils/image.ts
+4-1
diff --git a/‎src/routes/dataproduct/image/+page.gql
+6 b/‎src/routes/dataproduct/image/+page.gql
+6
diff --git a/‎src/routes/team/[team]/[env]/app/[app]/+page.gql
+9-2 b/‎src/routes/team/[team]/[env]/app/[app]/+page.gql
+9-2
diff --git a/‎src/routes/team/[team]/[env]/app/[app]/+page.svelte
+6-2 b/‎src/routes/team/[team]/[env]/app/[app]/+page.svelte
+6-2
diff --git a/‎src/routes/team/[team]/[env]/app/[app]/vulnerability-report/+page.gql
+41-4 b/‎src/routes/team/[team]/[env]/app/[app]/vulnerability-report/+page.gql
+41-4
@@ -1,18 +1,18 @@
 <script lang="ts">
 	import { docURL } from '$lib/doc';
-	import SuccessIcon from '$lib/icons/SuccessIcon.svelte';
 	import WarningIcon from '$lib/icons/WarningIcon.svelte';
-	import { BodyShort, Heading, Link } from '@nais/ds-svelte-community';
+	import { BodyShort, Link } from '@nais/ds-svelte-community';
 	import VulnerabilityBadges from './VulnerabilityBadges.svelte';
 
 	interface Props {
+		showReportLink?: boolean;
 		workload: {
-			__typename: string;
+			__typename: string | null;
 			name: string;
 			team: {
 				slug: string;
 			};
-			teamEnvironmnet: {
+			teamEnvironment: {
 				environment: {
 					name: string;
 				};
@@ -26,48 +26,35 @@
 					low: number;
 					unassigned: number;
 					riskScore: number;
-				};
+				} | null;
 			};
 		};
 	}
 
-	const { workload }: Props = $props();
+	const { workload, showReportLink = true }: Props = $props();
 
 	const { image } = workload;
 
 	const imageDetailsUrl = $derived(
-		`/team/${workload.team.slug}/${workload.teamEnvironmnet.environment.name}/${workload.__typename === 'Application' ? 'app' : 'job'}/${workload.name}/vulnerability-report`
-	);
-
-	const categories = ['critical', 'high', 'medium', 'low', 'unassigned'] as const;
-	const hasFindings = categories.some(
-		(severity) => (image.vulnerabilitySummary?.[severity] ?? 0) > 0
+		`/team/${workload.team.slug}/${workload.teamEnvironment.environment.name}/${workload.__typename === 'Application' ? 'app' : 'job'}/${workload.name}/vulnerability-report`
 	);
 </script>
 
 <div class="wrapper">
-	<Heading level="3" size="small">Vulnerabilities</Heading>
-
-	{#if !image.hasSBOM && image.vulnerabilitySummary !== null}
-		<BodyShort>
-			<WarningIcon class="text-aligned-icon" /> Data was discovered, but the SBOM was not rendered. Refer
-			to the <Link href={docURL('/services/vulnerabilities/')}>Nais documentation</Link> for further
-			assistance.
-		</BodyShort>
-	{:else if image.vulnerabilitySummary === null}
-		<BodyShort>
-			<WarningIcon class="text-aligned-icon" /> No data found.
-			<a href={docURL('/services/vulnerabilities/how-to/sbom/')} target="_blank">How to fix</a>
-		</BodyShort>
-	{:else if image.hasSBOM && image.vulnerabilitySummary && hasFindings}
+	{#if image.hasSBOM && image.vulnerabilitySummary}
 		<VulnerabilityBadges summary={image.vulnerabilitySummary} />
-	{:else if image.hasSBOM}
+		{#if showReportLink}
+			<Link href={imageDetailsUrl}>View vulnerability report</Link>
+		{/if}
+	{:else}
 		<BodyShort>
-			<SuccessIcon class="text-aligned-icon" /> No vulnerabilities found. Good work!
+			<WarningIcon class="text-aligned-icon" /> No vulnerability data available. Learn how to generate
+			SBOMs and attestations for your workloads in the
+			<a href={docURL('/services/vulnerabilities/how-to/sbom/')} target="_blank"
+				>Nais documentation
+			</a>.
 		</BodyShort>
 	{/if}
-
-	<Link href={imageDetailsUrl}>View vulnerability report</Link>
 </div>
 
 <style>
 
@@ -1,4 +1,7 @@
-export const parseImage = (image: string) => {
+export const parseImage = (image?: string) => {
+	if (!image) {
+		return {};
+	}
 	const tag = image.split(':')[1];
 	const name = image.split(':')[0].split('/').pop();
 	const registry = image.split('/')[0];
 
@@ -15,6 +15,12 @@ query AllImages {
 							name
 						}
 					}
+					image {
+						hasSBOM
+						vulnerabilitySummary {
+							riskScore
+						}
+					}
 
 					status {
 						errors {
 
@@ -9,7 +9,15 @@ query App($app: String!, $team: Slug!, $env: String!) {
 					slug
 				}
 				image {
-					tag
+					hasSBOM
+					vulnerabilitySummary {
+						critical
+						high
+						medium
+						low
+						unassigned
+						riskScore
+					}
 				}
 				teamEnvironment {
 					environment {
@@ -63,7 +71,6 @@ query App($app: String!, $team: Slug!, $env: String!) {
 				...AppInstances
 				...Persistence
 				...WorkloadDeploy
-				...WorkloadImage
 				...NetworkPolicy
 				...Manifest
 				...Ingresses
 
@@ -5,11 +5,11 @@
 	import AggregatedCostForWorkload from '$lib/components/AggregatedCostForWorkload.svelte';
 	import Confirm from '$lib/components/Confirm.svelte';
 	import ErrorMessage, { supportedErrorTypes } from '$lib/components/errors/ErrorMessage.svelte';
-	import Image from '$lib/components/Image.svelte';
 	import NetworkPolicy from '$lib/components/NetworkPolicy.svelte';
 	import Persistence from '$lib/components/persistence/Persistence.svelte';
 	import Secrets from '$lib/components/Secrets.svelte';
 	import WorkloadDeploy from '$lib/components/WorkloadDeploy.svelte';
+	import WorkloadVulnerabilitySummary from '$lib/components/WorkloadVulnerabilitySummary.svelte';
 	import { docURL } from '$lib/doc';
 	import GraphErrors from '$lib/GraphErrors.svelte';
 	import Time from '$lib/Time.svelte';
@@ -121,7 +121,11 @@
 			</div>
 			<div class="sidebar">
 				<AggregatedCostForWorkload workload={app.name} {environment} {teamSlug} />
-				<Image workload={app} />
+				<div>
+					<Heading level="2" size="small" spacing>Vulnerabilities</Heading>
+					<WorkloadVulnerabilitySummary workload={app} />
+				</div>
+
 				<WorkloadDeploy workload={app} />
 				{#if viewerIsMember}
 					<Secrets workload={app.name} {environment} {teamSlug} />
 
@@ -3,15 +3,37 @@ query ApplicationImageDetails($team: Slug!, $env: String!, $app: String!)
 	team(slug: $team) {
 		slug
 		environment(name: $env) {
-			name
+			environment {
+				name
+			}
 			workload(name: $app) {
 				__typename
 				name
+				team {
+					slug
+				}
+				teamEnvironment {
+					environment {
+						name
+					}
+				}
+				status {
+					errors {
+						__typename
+						level
+						... on WorkloadStatusVulnerable {
+							summary {
+								critical
+								riskScore
+							}
+						}
+					}
+				}
 				image {
+					id
 					name
 					tag
 					hasSBOM
-
 					vulnerabilitySummary {
 						critical
 						high
@@ -20,8 +42,23 @@ query ApplicationImageDetails($team: Slug!, $env: String!, $app: String!)
 						unassigned
 						riskScore
 					}
-
-					...ImageWorkloadReferences
+					workloadReferences {
+						nodes {
+							workload {
+								id
+								__typename
+								team {
+									slug
+								}
+								teamEnvironment {
+									environment {
+										name
+									}
+								}
+								name
+							}
+						}
+					}
 				}
 			}
 		}
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,12 @@ query AllImages {`
`15`	`15`	`name`
`16`	`16`	`}`
`17`	`17`	`}`
	`18`	`+ image {`
	`19`	`+ hasSBOM`
	`20`	`+ vulnerabilitySummary {`
	`21`	`+ riskScore`
	`22`	`+ }`
	`23`	`+ }`
`18`	`24`
`19`	`25`	`status {`
`20`	`26`	`errors {`