Skip to content

feat(heureka): adds false positive actions and image version details page #1421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hodanoori wants to merge 43 commits into
base: main
Choose a base branch
from
Open

feat(heureka): adds false positive actions and image version details page #1421

hodanoori wants to merge 43 commits into from
+2,905 −404

Conversation

@hodanoori
Copy link
Contributor

@hodanoori hodanoori commented Jan 20, 2026
edited
Loading

Summary

Adds false positive remediation to Heureka and introduces an image version details page. Users can mark vulnerabilities as false positive from the image details page and revert false positives from the remediated tab, with success/error feedback via inline messages and toasts. The image version details page shows occurrences and vulnerabilities for a specific version. SHA256 identifiers are shortened to 7 characters in breadcrumbs and page titles for readability in the image version details page. Active and remediated vulnerabilities are reflected in the URL, and the remediation history panel state is encoded in the query string.

Changes Made

  • False positive remediation

    • Added false positive action to the vulnerabilities list on the image details page
    • Implemented FalsePositiveModal with required description field and validation
    • Integrated with remediation API to create false positive remediations
    • Success message for “mark as false positive” shown via inline Message and local state

  • Revert false positive

    • Added “Revert False Positive” action in the remediation history panel (remediated tab)
    • Integrated with delete-remediation API
    • Success/error feedback via Toast in the panel (aligned with mark-as-false-positive message style)
    • After revert or mark as false positive, triggers refetch of getRemediations and getImages so active and remediated lists stay in sync

  • URL routing for image details

    • Query params: vulnerabilitiesList=active | remediated (default active), and vulRemediations=<CVE> when the remediation history panel is open for a CVE
    • Tab selection and open remediation panel are reflected in the URL and restored on load

  • Image version details page

    • New route /services/$service/images/$image/versions/$version
    • ImageVersionDetails with version-specific information
    • ImageVersionOccurrences for component instances and ImageVersionIssuesList for vulnerabilities of that version
    • Integrated with fetchImageVersions for version-specific data

  • Image details page

    • Image versions list with navigation to version details on version click
    • Tabs: “Active Vulnerabilities” and “Remediated Vulnerabilities”

  • SHA256 display

    • getShortSha256() utility (first 7 characters after sha256:)
    • Breadcrumb and page title in image version details use shortened SHA; full SHA kept in URL

  • Tests

    • Tests added for FalsePositiveModal, RemediatedIssueDataRow, RemediationHistoryPanel, and RemediatedIssuesDataRows component which are the main components related to support false positive actions implemented in this PR.

Related Issues

Screenshots (if applicable)

CD5BDEF1-87DA-4EA9-94B9-B709CCCA4401

893F5F3F-0696-4E71-81C4-F783129B6436_1_105_c

6EC4F5DC-3C42-40FA-AA7E-F6262A87D24D_1_105_c

295CE4DD-AB67-4787-A0B7-EE6B6DAA9B89 4AEC5918-881D-44A8-A3AF-5487BE40DEDF

Testing Instructions

  1. pnpm i
  2. pnpm TASK

Checklist

  • I have performed a self-review of my code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.
  • I have made corresponding changes to the documentation (if applicable).
  • My changes generate no new warnings or errors.
  • I have created a changeset for my changes.

PR Manifesto

Review the PR Manifesto for best practises.

hodanoori and others added 6 commits January 20, 2026 09:18
@hodanoori
feat(heureka): adds image details page (#1393)
12bfc52 
* feat(heureka): adds image details page

* chore(heureka): removes image details panel

* feat(heureka): navigate from service panel to image details page

* chore(heureka): adds changeset

* chore(heureka): adjusts tests

* chore(heureka): makes navigation checks generic

* chore(heureka): makes navigation checks generic

* fix(heureka): fixes prettier issue

* feat(heureka): improves navigation and url definition

* chore(heureka): adjusts test
@hodanoori
feat(heureka): put the search box inside the vulnerabilities top navi…
5d21f3d 
…gation item
@hodanoori
chore(heureka): extends codegen to be adjusted with apollo client V4
864acdb
@hodanoori
chore(heureka): display the seven chars after sha256 based on github …
35ab5a0 
…pattern for breadcrumb
@hodanoori
feat(heureka): adds messages to remediation actions
4bc758b
@hodanoori
chore(heureka): fix typescheck
d48b237
@hodanoori hodanoori requested a review from a team as a code owner January 20, 2026 13:38
@changeset-bot
Copy link

changeset-bot bot commented Jan 20, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 2f8a510

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@cloudoperators/juno-app-heureka Major
@cloudoperators/juno-app-greenhouse Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@hodanoori hodanoori self-assigned this Jan 20, 2026
@hodanoori hodanoori added the heureka Heureka related issues label Jan 20, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 20, 2026
edited
Loading

PR Preview Action v1.6.3

🚀 View preview at
https://cloudoperators.github.io/juno/pr-preview/pr-1421/

Built to branch gh-pages at 2026-02-09 09:26 UTC.
Preview will be ready when the GitHub Pages deployment is complete.

ArtieReus
ArtieReus reviewed Jan 22, 2026
View reviewed changes
Copy link
Collaborator

@ArtieReus ArtieReus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job! this PR is quite lorge 😅. Added some comments

ArtieReus
ArtieReus reviewed Jan 23, 2026
View reviewed changes
Copy link
Collaborator

@ArtieReus ArtieReus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about to add tests for all of those new components?

@hodanoori
Merge main into hoda-heureka-false-positive
8e69870
@hodanoori
fix(carbon): remove unnecessary type assertion in ErrorFallback
eeddd1f
@hodanoori
fix(heureka): fixes type issues
984048d
@hodanoori
chore(heureka): fixes test
dea3eb9
@hodanoori
fix(heureka): show default message in ErrorFallback when error.messag…
eaf680a 
…e is empty
@hodanoori
fix(heureka): assert vulFilter as VulnerabilityFilter in ImageIssuesList
b0916cc
@hodanoori
fix(heureka): assert vulFilter as VulnerabilityFilter in ImageIssuesList
62f3085
@hodanoori
fix(heureka): assert vulFilter as VulnerabilityFilter in ImageIssuesList
319c3a2
@hodanoori
feat(heureka): adds remediation action panel
56fbdeb
@hodanoori
feat(heureka): add success error msg after revert false positive
69ba82c
@hodanoori
Merge main into hoda-heureka-false-positive
eacb22c
@hodanoori
feat(heureka): adds routing for active and remediated vulnerabilities…
aae5fde 
… and remediations panel
hodanoori and others added 20 commits February 11, 2026 17:18
@hodanoori
Merge branch 'main' into hoda-heureka-false-positive
a677e18
@hodanoori
chore(heureka): remove ./tanstack from gitignore
ba8898e
@hodanoori
chore(heureka): remove message provider lib and its usage
be26b61
@hodanoori
feat(heureka): adds tests on image details page components
f871a67
@hodanoori
chore(heureka): updates pnpm-lock.yaml
d4df3eb
@hodanoori
fix(heureka): type assertions for RemediatedIssuesDataRows test mocks
5b47f5a
@hodanoori
chore(heureka): updates the changeset text
7c13802
@hodanoori
fix(heureka): use React Query cache for fetchImageVersions
39b5e7f
@hodanoori
chore(heureka): uses descriptionTrimmed once in FalsePositiveModal
eefbc58
@hodanoori
fix(heureka): avoid setState after unmount in FalsePositiveModal
fdaa134
@hodanoori
chore(heureka): use functional setState for expand toggle in Remediat…
71afcb7 
…edIssueDataRow
@hodanoori
chore(heureka): use functional setState for expand toggle in Remediat…
03000ca 
…edIssueDataRow
@hodanoori
fix(heureka): drop rel on internal anchor in ImageVersionOccurrences
1f94616
@hodanoori
fix(heureka): type edge params with VulnerabilityEdge and ComponentIn…
3d76a8a 
…stanceEdge in utils
@hodanoori
fix(heureka): type image version normalizers with GetImageVersionsQuery
3b6ad5c
@hodanoori
chore(heureka): uses Stack with gap for tooltip content in ImageVersi…
9d2c08a 
…onOccurrences
@hodanoori
fix(heureka): disable all revert actions while any revert is in progress
808429c
@hodanoori
fix(heureka): clear search on version-details nav and decode version …
d85da31 
…params
@hodanoori
feat(heureka): show first 30 versions with Show more for the rest
3bcd194
@hodanoori
feat(heureka): show first 30 versions with Show more for the rest
2f8a510
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ArtieReus ArtieReus ArtieReus left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@hodanoori hodanoori

Labels

heureka Heureka related issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hodanoori @ArtieReus