Skip to content

Compliance risks feature#789

Open
Konstantin-Zhukov wants to merge 10 commits into
mainfrom
compliance-risks-feature
Open

Compliance risks feature#789
Konstantin-Zhukov wants to merge 10 commits into
mainfrom
compliance-risks-feature

Conversation

@Konstantin-Zhukov

@Konstantin-Zhukov Konstantin-Zhukov commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Done

  • Compliance Risks list page wired to the real endpoint (paginated)
  • Open/Resolved tabs (filtered server-side via ?state)
  • Framework filter + framework icons
  • Compliance Risk detail page (policy, controls, violations, actions)
  • "Download evidence" button on detail page (placeholder)
  • Summary dashboard: Open + Resolved tiles (real counts), Controls covered + Last attestation tiles (mocked)
  • Distribution donut chart (Open vs Resolved) in a collapsible
  • API types, asset-menu entry, ESLint config + layout fixes

TODO

  • Implement a Compliance Risks tab at the group level. The UI is similar to the asset-level tab, with one key difference: each item in the group-level Compliance Risk list should be expandable into sub-items showing how that control is assessed in every child asset belonging to the group. The backend needs to provide the corresponding per-asset breakdown data.
  • Backend …/compliance-risks/stats endpoint to replace mocked tiles (Controls covered, Last attestation) and the count-fetch PoC
  • Review and finalize the Detailed Compliance Risk page content. It currently renders everything the backend returns, raw — the layout and which fields to surface (and how) still need design polish.
  • Lift the duplicated count fetch into one shared source (ComplianceStats + ComplianceDistribution)
  • Wire "Download evidence" / OSCAL export to real endpoints
  • clarify and implement actions supported by Detailed Compliance Risk page
  • Server crashes on every compliance-risk action (Accept / Comment / Reopen / False Positive). The action's state change is saved, then the event is broadcast to all integrations; each integration's HandleEvent switches on vuln type and only handles dependencyVuln / firstPartyVuln / licenseRisk. There is no complianceRisk case, so the vuln interface stays nil and vuln.GetTicketID() dereferences nil → SIGSEGV, killing the whole process. Affects all three integrations (gitlab/github/jira) and fires regardless of whether a repo is connected (the crash happens before the connection check). State is persisted, so the action appears applied only after a server restart.
    Fix: add a nil-guard (if vuln == nil { return nil }) after the type switch in each integration — or add a proper complianceRisk case if compliance events should sync to tickets.
  • False-Positive compliance risks silently revert to "open" after a daemon run (~1-2 days).

@Konstantin-Zhukov
add Compliance Risks section with mockup data to asset view
1b1551b
@Konstantin-Zhukov
add OSCAL download button
87e815b
@Konstantin-Zhukov
rename button
4667103
@Konstantin-Zhukov
fix: repair broken ESLint config on Next 16
18899da
@Konstantin-Zhukov
fix: avoid constructing JSX inside try/catch in org layout
011e26d 
The try/catch only catches the async data fetching, not render-time
errors from the returned JSX, so move the JSX return outside the try
block (satisfies react-hooks/error-boundaries).
@Konstantin-Zhukov Konstantin-Zhukov self-assigned this Jun 19, 2026
@Konstantin-Zhukov
feat: wire compliance risks to real endpoint with framework filter
b23d239 
- Replace mockup data with the real paginated compliance-risks endpoint
  (list + detail) via the shared fetcher; remove mockBackend + mock JSON.
- Update ComplianceRiskDTO to the real backend shape (policyFrameworks,
  policyTags, violations, message, evidenceType, …).
- Remove the open/closed switcher; show open and closed risks in one
  paginated list (backend returns them open-first).
- Add a single-select framework dropdown that filters server-side via
  filterQuery[policyFrameworks][frameworkContains]; render it as a native
  Filter chip using a new hidden filter option.
- Rewrite list columns (Policy, Frameworks, State, Violations, Created).
@Konstantin-Zhukov
improve compliance risks UI: open/closed tabs, framework icons, riche…
e017df3 
…r detail
@Konstantin-Zhukov Konstantin-Zhukov force-pushed the compliance-risks-feature branch from 7fd2144 to e017df3 Compare June 19, 2026 12:02
@Konstantin-Zhukov
add compliance risks summary dashboard above list
cf0ccd6
@Konstantin-Zhukov
add controls-covered and last-attestation stat tiles
97e3e1c 
make StatTile presentational (figure passed as children) so numeric counts, the controls ratio and the attestation time string share one tile without a union-typed value
mock controls-covered and last-attestation with a TODO documenting the target /compliance-risks/stats backend shape, since neither is exposed by the API yet
@Konstantin-Zhukov
add compliance risk distribution chart and evidence download button
c14895b
@Konstantin-Zhukov Konstantin-Zhukov marked this pull request as ready for review June 19, 2026 17:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timbastin timbastin Awaiting requested review from timbastin

@refoo0 refoo0 Awaiting requested review from refoo0

At least 1 approving review is required to merge this pull request.

Assignees

@Konstantin-Zhukov Konstantin-Zhukov

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Konstantin-Zhukov