WIP

rbjornstad · rbjornstad · commit 88d8c7b1e7f0 · 2025-03-21T12:05:19.000+01:00
diff --git a/src/lib/components/VulnerabilityBadges.svelte b/src/lib/components/VulnerabilityBadges.svelte
@@ -26,48 +26,52 @@
 	const categories = ['critical', 'high', 'medium', 'low', 'unassigned'] as const;
 </script>
 
-<div class="vulnerability-summary">
+<div class="wrapper">
+	<div class="vulnerability-summary">
+		{#if summary !== PendingValue}
+			{#each categories as category (category)}
+				<BodyShort
+					class="vulnerability-count"
+					style="background-color: {severityToColor(category)}"
+				>
+					{summary[category]}
+				</BodyShort>
+				<div class="category">{category}</div>
+			{/each}
+		{:else}
+			<Loader />
+		{/if}
+	</div>
+
 	{#if summary !== PendingValue}
-		{#each categories as category (category)}
-			<BodyShort class="vulnerability-count" style="background-color: {severityToColor(category)}">
-				{summary[category]}
-			</BodyShort>
-			<div class="category">{category}</div>
-		{/each}
-	{:else}
-		<Loader />
-	{/if}
-</div>
-{#if summary !== PendingValue}
-	<div class="container">
-		<dl>
+		<BodyShort>
 			{#if summary['riskScore']}
-				<dt>Risk score:</dt>
-				<dd>
-					<span class={summary['riskScore'] > 100 ? 'red' : 'green'}>{summary['riskScore']}</span>
-				</dd>
-				<!--HelpText title="Risk score"
-				>The risk score is a calculated value based on the severity of the vulnerabilities
-				discovered within the workloads. A higher risk score indicates a higher risk of
-				exploitation. Algorithms may vary, but a common approach is to assign a score based on the
-				severity of the vulnerabilities found. The Score is calculated: "((critical * 10) + (high *
-				5) + (medium * 3) + (low * 1) + (unassigned * 5))".
-			</HelpText-->
+				<strong>Risk score:</strong>
+				{#if summary['coverage']}
+					{summary['riskScore']}
+				{:else if summary['riskScore'] > 100}
+					<span class="red">{summary['riskScore']}</span> (above defined threshold of 100)
+				{:else}
+					<span class="green">{summary['riskScore']}</span>
+				{/if}
 			{/if}
-
+		</BodyShort>
+		<BodyShort>
 			{#if summary['coverage']}
-				<dt>Coverage:</dt>
-				<dd>
-					<span class={summary['coverage'] < 100 ? 'red' : 'green'}
-						>{percentageFormatter(summary['coverage'] ? summary['coverage'] : 0, 0)}</span
-					>
-				</dd>
+				<strong>Coverage:</strong>
+				<span class={summary['coverage'] < 100 ? 'red' : 'green'}
+					>{percentageFormatter(summary['coverage'] ? summary['coverage'] : 0, 0)}</span
+				>
 			{/if}
-		</dl>
-	</div>
-{/if}
+		</BodyShort>
+	{/if}
+</div>
 
 <style>
+	.wrapper {
+		display: grid;
+		row-gap: var(--a-spacing-2);
+	}
 	.category {
 		text-transform: capitalize;
 	}
@@ -95,34 +99,11 @@
 		}
 	}
 
-	.container {
-		display: flex;
-		gap: 0.5rem;
-		justify-content: space-between;
-	}
-
 	.red {
 		color: var(--a-surface-danger);
 	}
 
 	.green {
 		color: var(--a-surface-success);
 	}
-
-	dl {
-		display: grid;
-		grid-template-columns: 90px auto;
-		margin-block-start: 0;
-		margin-block-end: 0;
-		padding-top: var(--a-spacing-4);
-	}
-
-	dt {
-		font-weight: bold;
-		text-align: left;
-	}
-
-	dd {
-		margin: 0;
-	}
 </style>
diff --git a/src/lib/components/WorkloadVulnerabilitySummary.svelte b/src/lib/components/WorkloadVulnerabilitySummary.svelte
@@ -0,0 +1,80 @@
+<script lang="ts">
+	import { docURL } from '$lib/doc';
+	import SuccessIcon from '$lib/icons/SuccessIcon.svelte';
+	import WarningIcon from '$lib/icons/WarningIcon.svelte';
+	import { BodyShort, Heading, Link } from '@nais/ds-svelte-community';
+	import VulnerabilityBadges from './VulnerabilityBadges.svelte';
+
+	interface Props {
+		workload: {
+			__typename: string;
+			name: string;
+			team: {
+				slug: string;
+			};
+			teamEnvironmnet: {
+				environment: {
+					name: string;
+				};
+			};
+			image: {
+				hasSBOM: boolean;
+				vulnerabilitySummary: {
+					critical: number;
+					high: number;
+					medium: number;
+					low: number;
+					unassigned: number;
+					riskScore: number;
+				};
+			};
+		};
+	}
+
+	const { workload }: Props = $props();
+
+	const { image } = workload;
+
+	const imageDetailsUrl = $derived(
+		`/team/${workload.team.slug}/${workload.teamEnvironmnet.environment.name}/${workload.__typename === 'Application' ? 'app' : 'job'}/${workload.name}/vulnerability-report`
+	);
+
+	const categories = ['critical', 'high', 'medium', 'low', 'unassigned'] as const;
+	const hasFindings = categories.some(
+		(severity) => (image.vulnerabilitySummary?.[severity] ?? 0) > 0
+	);
+</script>
+
+<div class="wrapper">
+	<Heading level="3" size="small">Vulnerabilities</Heading>
+
+	{#if !image.hasSBOM && image.vulnerabilitySummary !== null}
+		<BodyShort>
+			<WarningIcon class="text-aligned-icon" /> Data was discovered, but the SBOM was not rendered. Refer
+			to the <Link href={docURL('/services/vulnerabilities/')}>Nais documentation</Link> for further
+			assistance.
+		</BodyShort>
+	{:else if image.vulnerabilitySummary === null}
+		<BodyShort>
+			<WarningIcon class="text-aligned-icon" /> No data found.
+			<a href={docURL('/services/vulnerabilities/how-to/sbom/')} target="_blank">How to fix</a>
+		</BodyShort>
+	{:else if image.hasSBOM && image.vulnerabilitySummary && hasFindings}
+		<VulnerabilityBadges summary={image.vulnerabilitySummary} />
+	{:else if image.hasSBOM}
+		<BodyShort>
+			<SuccessIcon class="text-aligned-icon" /> No vulnerabilities found. Good work!
+		</BodyShort>
+	{/if}
+
+	<Link href={imageDetailsUrl}>View vulnerability report</Link>
+</div>
+
+<style>
+	.wrapper {
+		display: flex;
+		flex-direction: column;
+		gap: var(--a-spacing-1);
+		align-items: start;
+	}
+</style>
diff --git a/src/lib/components/image/ImageVulnerabilities.svelte b/src/lib/components/image/ImageVulnerabilities.svelte
@@ -3,7 +3,17 @@
 	import Pagination from '$lib/Pagination.svelte';
 	import { changeParams } from '$lib/utils/searchparams';
 	import { severityToColor } from '$lib/utils/vulnerabilities';
-	import { Button, Heading, Table, Tbody, Td, Th, Thead, Tr } from '@nais/ds-svelte-community';
+	import {
+		Button,
+		Heading,
+		Loader,
+		Table,
+		Tbody,
+		Td,
+		Th,
+		Thead,
+		Tr
+	} from '@nais/ds-svelte-community';
 	import { CheckmarkIcon } from '@nais/ds-svelte-community/icons';
 	import { untrack } from 'svelte';
 	import type { ImageVulnerabilitiesVariables } from './$houdini';
@@ -147,32 +157,32 @@
 	};
 </script>
 
-<Heading level="2" size="medium">Vulnerabilities</Heading>
-<Table
-	size="small"
-	sort={{
-		orderBy: tableSort.orderBy || ImageVulnerabilityOrderField.SEVERITY,
-		direction: tableSort.direction === 'ASC' ? 'ascending' : 'descending'
-	}}
-	onsortchange={tableSortChange}
->
-	<Thead>
-		<Tr>
-			<Th style="width: 13rem" sortable={true} sortKey={ImageVulnerabilityOrderField.IDENTIFIER}
-				>ID</Th
-			>
-			<Th sortable={true} sortKey={ImageVulnerabilityOrderField.PACKAGE}>Package</Th>
-			<Th style="width: 7rem " sortable={true} sortKey={ImageVulnerabilityOrderField.SEVERITY}
-				>Severity</Th
-			>
-			<Th style="width: 3rem" sortable={true} sortKey={ImageVulnerabilityOrderField.SUPPRESSED}
-				>Suppressed</Th
-			>
-			<Th sortable={true} sortKey={ImageVulnerabilityOrderField.STATE}>State</Th>
-		</Tr>
-	</Thead>
-	<Tbody>
-		{#if $vulnerabilities.data}
+<Heading level="2" size="medium" spacing>Vulnerabilities</Heading>
+{#if $vulnerabilities.data}
+	<Table
+		size="small"
+		sort={{
+			orderBy: tableSort.orderBy || ImageVulnerabilityOrderField.SEVERITY,
+			direction: tableSort.direction === 'ASC' ? 'ascending' : 'descending'
+		}}
+		onsortchange={tableSortChange}
+	>
+		<Thead>
+			<Tr>
+				<Th style="width: 13rem" sortable={true} sortKey={ImageVulnerabilityOrderField.IDENTIFIER}
+					>ID</Th
+				>
+				<Th sortable={true} sortKey={ImageVulnerabilityOrderField.PACKAGE}>Package</Th>
+				<Th style="width: 7rem " sortable={true} sortKey={ImageVulnerabilityOrderField.SEVERITY}
+					>Severity</Th
+				>
+				<Th style="width: 3rem" sortable={true} sortKey={ImageVulnerabilityOrderField.SUPPRESSED}
+					>Suppressed</Th
+				>
+				<Th sortable={true} sortKey={ImageVulnerabilityOrderField.STATE}>State</Th>
+			</Tr>
+		</Thead>
+		<Tbody>
 			{@const vulnz = $vulnerabilities.data.team.environment.workload.image.vulnerabilities.nodes}
 			{#each vulnz as v (v)}
 				<Tr>
@@ -222,9 +232,14 @@
 					<Td colspan={999}>No vulnerabilities</Td>
 				</Tr>
 			{/each}
-		{/if}
-	</Tbody>
-</Table>
+		</Tbody>
+	</Table>
+{:else}
+	<div style="display: flex; justify-content: center; align-items: center; height: 200px;">
+		<Loader size="2xlarge" />
+	</div>
+{/if}
+
 {#if image}
 	<Pagination
 		page={image.vulnerabilities.pageInfo}
diff --git a/src/lib/components/image/TrailFinding.svelte b/src/lib/components/image/TrailFinding.svelte
@@ -111,51 +111,6 @@
 									<Td><Time time={node.timestamp} distance={true} /></Td>
 								</Tr>
 							{/if}
-							{#if node}
-								<Tr>
-									<Td>{node.onBehalfOf}</Td>
-									<Td>{node.state}</Td>
-									<Td>{node.suppressed}</Td>
-									<Td>{node.comment}</Td>
-									<Td><Time time={node.timestamp} distance={true} /></Td>
-								</Tr>
-							{/if}
-							{#if node}
-								<Tr>
-									<Td>{node.onBehalfOf}</Td>
-									<Td>{node.state}</Td>
-									<Td>{node.suppressed}</Td>
-									<Td>{node.comment}</Td>
-									<Td><Time time={node.timestamp} distance={true} /></Td>
-								</Tr>
-							{/if}
-							{#if node}
-								<Tr>
-									<Td>{node.onBehalfOf}</Td>
-									<Td>{node.state}</Td>
-									<Td>{node.suppressed}</Td>
-									<Td>{node.comment}</Td>
-									<Td><Time time={node.timestamp} distance={true} /></Td>
-								</Tr>
-							{/if}
-							{#if node}
-								<Tr>
-									<Td>{node.onBehalfOf}</Td>
-									<Td>{node.state}</Td>
-									<Td>{node.suppressed}</Td>
-									<Td>{node.comment}</Td>
-									<Td><Time time={node.timestamp} distance={true} /></Td>
-								</Tr>
-							{/if}
-							{#if node}
-								<Tr>
-									<Td>{node.onBehalfOf}</Td>
-									<Td>{node.state}</Td>
-									<Td>{node.suppressed}</Td>
-									<Td>{node.comment}</Td>
-									<Td><Time time={node.timestamp} distance={true} /></Td>
-								</Tr>
-							{/if}
 						{/each}
 					{/if}
 				</Tbody>
diff --git a/src/routes/team/[team]/[env]/job/[job]/vulnerability-report/+page.gql b/src/routes/team/[team]/[env]/job/[job]/vulnerability-report/+page.gql
@@ -2,7 +2,6 @@ query JobImageDetails($team: Slug!, $env: String!, $job: String!) @cache(policy:
 	team(slug: $team) {
 		slug
 		environment(name: $env) {
-			name
 			environment {
 				name
 			}
@@ -22,6 +21,7 @@ query JobImageDetails($team: Slug!, $env: String!, $job: String!) @cache(policy:
 					}
 				}
 				image {
+					id
 					name
 					tag
 					hasSBOM
diff --git a/src/routes/team/[team]/[env]/job/[job]/vulnerability-report/+page.svelte b/src/routes/team/[team]/[env]/job/[job]/vulnerability-report/+page.svelte

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ query JobImageDetails($team: Slug!, $env: String!, $job: String!) @cache(policy:`
`2`	`2`	`team(slug: $team) {`
`3`	`3`	`slug`
`4`	`4`	`environment(name: $env) {`
`5`		`- name`
`6`	`5`	`environment {`
`7`	`6`	`name`
`8`	`7`	`}`
`@@ -22,6 +21,7 @@ query JobImageDetails($team: Slug!, $env: String!, $job: String!) @cache(policy:`
`22`	`21`	`}`
`23`	`22`	`}`
`24`	`23`	`image {`
	`24`	`+ id`
`25`	`25`	`name`
`26`	`26`	`tag`
`27`	`27`	`hasSBOM`