Allow customers to filter by component and a specific version in group level. The motivation is that when a new CVE is published it is attached to a component and a version. Not being able to search for a specific version makes the "Filter by component" capability not relevant.
The user should be able to define the component AND the version they are looking for. It can be either a specific version or a range:
Clarification: The goal of this issue is to add another dedicated filter, named Version.
@nmccorrison@dagron1 – @subashis and I just a sync meeting about this. We are starting with the refinement but had some questions regarding example 1 vs example 2.
In example 1, I think we can use the filtered search with a couple operators (=, !=, >, <) which are then followed by the version number being typed in by the user (see mockup).
We could support allowing multiple tokens for version such that you can combine operators:
However, in example 2, you get the exact versions we have data on for a specific component. This would require a new graphql api call to fetch the actual versions of a component, or multiple components (since we can select multiple values in the component token). This increases the scope.
Would we like either example 1 or example 2, or both functionality combined? And, would we want to do this for multiple selected components, or somehow restrict version filtering to 1 selected component?
Not sure I understand why for Example 1 we can have 'free text' form of search, and for example 2, we need the the actual version. In any case, I am good with starting with example 1, and base on customer feedback improve it.
To clarify, the example 1 and 2 are from the designs in the description, not my screenshots. In the example 2, I see versions in a dropdown that can be checked, so my question was about that kind of UX. In that case we would have to fetch the actual versions of components which increases the scope.
In any case, I am good with starting with example 1, and base on customer feedback improve it.
Great @dagron1! I think that would already provide the biggest value and we can track customer feedback.
I already mentioned it here, to be consistent with other search/filter options available in the page, may be we should go with multi select dropdown. But I can see that @beckalippert is already working on the design.
Just to be clear, this filter will only available in the group level as we do not have the ability to filter in project level. I will update the description.
@lorenzvanherwaarden I started to look into the backend code. WDYT about promoting this issue to an epic and then we can start adding the issue for MVC.
to be consistent with other search/filter options available in the page, may be we should go with multi select dropdown. But I can see that @beckalippert is already working on the design.
Yes it needs to be consistent with the other filters, which are using the filtered search component and token. I would suggest when selecting "Version", you first get the choice for an operator, =, !=, >, and < (>=, and <=), and then it's a token for the free text for the version you want. So the operators would be a select dropdown, but the version is simply free text.
@lorenzvanherwaarden@subashis@dagron1 Are we able to do something like this? If users filter by version and no component, list all versions across all components. If they filter by a component, we'd only show the versions available of that particular component:
Thanks for the design @beckalippert! I think this is possible (although I'll leave the question about backend performance of getting all versions of all components to @subashis), but what do you think about doing this iteratively. I think we can get a lot of value for the user from a 1st iteration already (see below) and it reduces scope quite a bit.
1st iteration
Version filter with operators =, !=, ≥, ≤ and user enters the version themselves
Backend filtering capability on these operators with extending the REST API /dependencies
Possibly allowing multiple version filters so you can do advanced filtering (also with range). Need to further check if this is possible. Could be an iteration in itself.
2nd iteration
Create paginated GraphQL query for versions of components in a group
Use this query to populate a dropdown of Version filter
Thanks @beckalippert and @lorenzvanherwaarden. I think it is possible to extract all the versions for selected component through sbom_component_versions. About the performance, I need to play with query first and this also depends on the data we have in this table.
Version filter with operators =, !=, ≥, ≤ and user enters the version themselves
@lorenzvanherwaarden That could work for a 1st iteration. Didn't we add something like this recently on the Dependency List (or was it the Vulnerability Report?) with a dropdown like this with instruction to enter the version? But the popover in our case would say something like Type in a version number.
Thanks @beckalippert. Let's move forward with iteration 1.
@subashis@lorenzvanherwaarden - I am sure you are aware of it, but as a reminder, we need to make sure that if the filter is set for any version above 1.0 - it will include 1.0.1 and 1.0.2, and not start from 1.2, 1.2.1. I hope this is clear. Thanks
@beckalippert Do you mean like the help text for the identifier?
Thanks for bringing that up @dagron1. That makes me think, do we need both ≥, > and ≤, < to make the following work e.g.: we want all 1.x.y => Version ≥ 1.0.0 and Version < 2.0.0.
What do you think @subashis? Is it achievable on the backend to filter multiple times?
What do you think @subashis? Is it achievable on the backend to filter multiple times?
@lorenzvanherwaarden Version loading will happen twice but the filtering will happen once if I understand this correctly. For Version ≥ 1.0.0 and Version < 2.0.0 , the params will be sent to backend once and then the filtering will happen in one query. Please correct me if I am missing anything here, I misunderstood maybe.
@subashis I've seen that on the issues page, the operator != is done with using not[filter]=xyz in the querystring. I haven't found an example yet of how this is done for >=, <=, >, <.
Thanks @lorenzvanherwaarden for the update. To be consistent with the other options in the same page, may be we should go with multi select dropdown(search panel) for versions. WDYT? Looks like @beckalippert is working on a design #504984[design_1736378847258.png].