Design: Dependency List Grouping (MVC)
This is the design issue for the parent epic.
MVC Requirements
- Group by...
- Component
- Greatest value... helps identify which projects in a group have a ComponentY version A.B.
- Grouping by outdated component would also be very helpful - Nikhil
- Project
- License
- Sort by license needs to be added as part of this
- Purpose: To check which dependencies have a specific license.There might be a restricted license and the group owner wants to identify all of the components with that license. Eventually, we'd like to deprecate the License Compliance page.
Post-MVC
- Sort by violations (at the top) when grouped by license
- Policy violation exemptions when grouped by license
- Is there a need for group by Packager?
- Nikhil: may not be needed. Would say Ruby or Go dependencies, so not super useful.
- Group by Location needed?
- Nikhil: may not be needed
-
@jrandazzo
: I would get more input as to whether this should be the latest version available, or the most recent version that will fix the vulns
Other feedback:
- Filter by image in order to see what vulnerabilities are under it
Edited by Becka Lippert