Merge pull request #148 from DependencyTrack/136-improve-github-advisory-config-ui-api-token-documentation

nscuro · web-flow · commit 42f2cb1eb70e · 2022-05-13T21:45:28.000+02:00
Improve GHSA description; Prevent saving of invalid configs; Add GitHub and NIST logos
diff --git a/src/assets/img/github-logo.svg b/src/assets/img/github-logo.svg
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   width="256px"
+   height="250px"
+   viewBox="0 0 256 250"
+   version="1.1"
+   preserveAspectRatio="xMidYMid"
+   id="svg828"
+   sodipodi:docname="github-logo.svg"
+   inkscape:version="1.1.2 (b8e25be8, 2022-02-05)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs832" />
+  <sodipodi:namedview
+     id="namedview830"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     showgrid="false"
+     inkscape:zoom="4.9384338"
+     inkscape:cx="102.1579"
+     inkscape:cy="143.46654"
+     inkscape:window-width="3440"
+     inkscape:window-height="1387"
+     inkscape:window-x="1512"
+     inkscape:window-y="25"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg828" />
+  <g
+     id="g826">
+    <path
+       d="M128.00106,0 C57.3172926,0 0,57.3066942 0,128.00106 C0,184.555281 36.6761997,232.535542 87.534937,249.460899 C93.9320223,250.645779 96.280588,246.684165 96.280588,243.303333 C96.280588,240.251045 96.1618878,230.167899 96.106777,219.472176 C60.4967585,227.215235 52.9826207,204.369712 52.9826207,204.369712 C47.1599584,189.574598 38.770408,185.640538 38.770408,185.640538 C27.1568785,177.696113 39.6458206,177.859325 39.6458206,177.859325 C52.4993419,178.762293 59.267365,191.04987 59.267365,191.04987 C70.6837675,210.618423 89.2115753,204.961093 96.5158685,201.690482 C97.6647155,193.417512 100.981959,187.77078 104.642583,184.574357 C76.211799,181.33766 46.324819,170.362144 46.324819,121.315702 C46.324819,107.340889 51.3250588,95.9223682 59.5132437,86.9583937 C58.1842268,83.7344152 53.8029229,70.715562 60.7532354,53.0843636 C60.7532354,53.0843636 71.5019501,49.6441813 95.9626412,66.2049595 C106.172967,63.368876 117.123047,61.9465949 128.00106,61.8978432 C138.879073,61.9465949 149.837632,63.368876 160.067033,66.2049595 C184.49805,49.6441813 195.231926,53.0843636 195.231926,53.0843636 C202.199197,70.715562 197.815773,83.7344152 196.486756,86.9583937 C204.694018,95.9223682 209.660343,107.340889 209.660343,121.315702 C209.660343,170.478725 179.716133,181.303747 151.213281,184.472614 C155.80443,188.444828 159.895342,196.234518 159.895342,208.176593 C159.895342,225.303317 159.746968,239.087361 159.746968,243.303333 C159.746968,246.709601 162.05102,250.70089 168.53925,249.443941 C219.370432,232.499507 256,184.536204 256,128.00106 C256,57.3066942 198.691187,0 128.00106,0 Z M47.9405593,182.340212 C47.6586465,182.976105 46.6581745,183.166873 45.7467277,182.730227 C44.8183235,182.312656 44.2968914,181.445722 44.5978808,180.80771 C44.8734344,180.152739 45.876026,179.97045 46.8023103,180.409216 C47.7328342,180.826786 48.2627451,181.702199 47.9405593,182.340212 Z M54.2367892,187.958254 C53.6263318,188.524199 52.4329723,188.261363 51.6232682,187.366874 C50.7860088,186.474504 50.6291553,185.281144 51.2480912,184.70672 C51.8776254,184.140775 53.0349512,184.405731 53.8743302,185.298101 C54.7115892,186.201069 54.8748019,187.38595 54.2367892,187.958254 Z M58.5562413,195.146347 C57.7719732,195.691096 56.4895886,195.180261 55.6968417,194.042013 C54.9125733,192.903764 54.9125733,191.538713 55.713799,190.991845 C56.5086651,190.444977 57.7719732,190.936735 58.5753181,192.066505 C59.3574669,193.22383 59.3574669,194.58888 58.5562413,195.146347 Z M65.8613592,203.471174 C65.1597571,204.244846 63.6654083,204.03712 62.5716717,202.981538 C61.4524999,201.94927 61.1409122,200.484596 61.8446341,199.710926 C62.5547146,198.935137 64.0575422,199.15346 65.1597571,200.200564 C66.2704506,201.230712 66.6095936,202.705984 65.8613592,203.471174 Z M75.3025151,206.281542 C74.9930474,207.284134 73.553809,207.739857 72.1039724,207.313809 C70.6562556,206.875043 69.7087748,205.700761 70.0012857,204.687571 C70.302275,203.678621 71.7478721,203.20382 73.2083069,203.659543 C74.6539041,204.09619 75.6035048,205.261994 75.3025151,206.281542 Z M86.046947,207.473627 C86.0829806,208.529209 84.8535871,209.404622 83.3316829,209.4237 C81.8013,209.457614 80.563428,208.603398 80.5464708,207.564772 C80.5464708,206.498591 81.7483088,205.631657 83.2786917,205.606221 C84.8005962,205.576546 86.046947,206.424403 86.046947,207.473627 Z M96.6021471,207.069023 C96.7844366,208.099171 95.7267341,209.156872 94.215428,209.438785 C92.7295577,209.710099 91.3539086,209.074206 91.1652603,208.052538 C90.9808515,206.996955 92.0576306,205.939253 93.5413813,205.66582 C95.054807,205.402984 96.4092596,206.021919 96.6021471,207.069023 Z"
+       fill="#161614"
+       id="path824"
+       style="fill:#ffffff" />
+  </g>
+  <rect
+     style="fill:#ffffff;stroke-width:0.004;fill-opacity:0"
+     id="rect936"
+     width="284.65063"
+     height="262.0275"
+     x="-5.7273769"
+     y="-4.2955327" />
+</svg>
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
@@ -442,11 +442,12 @@
     "vulnsource_nvd_desc": "The National Vulnerability Database (NVD) is the largest publicly available source of vulnerability intelligence. It is maintained by a group within the National Institute of Standards and Technology (NIST) and builds upon the work of MITRE and others. Vulnerabilities in the NVD are called Common Vulnerabilities and Exposures (CVE). There are over 100,000 CVEs documented in the NVD spanning from the 1990’s to the present.",
     "vulnsource_nvd_feeds_url": "NVD Feeds URL",
     "vulnsource_github_advisories_enable": "Enable GitHub Advisory mirroring",
-    "vulnsource_github_advisories_desc": "GitHub Advisories is a centralized source of vulnerability intelligence specific to GitHub projects. GitHub advisories may \nor may not be documented in the National Vulnerability Database. Restarting the Dependency-Track server is required to force the system to mirror the contents of GitHub Advisories. A Personal Access Token is needed, but it doesn't require any scope.",
+    "vulnsource_github_advisories_desc": "GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Dependency-Track integrates with GHSA by mirroring advisories via GitHub's public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes need to be assigned to it.",
     "registered_email_address": "Registered email address",
     "api_token": "API token",
     "consumer_key": "Consumer key",
     "consumer_secret": "Consumer secret",
+    "personal_access_token": "Personal Access Token",
     "identifier": "Identifier",
     "url": "URL",
     "enabled": "Enabled",
diff --git a/src/views/administration/vuln-sources/VulnSourceGitHubAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceGitHubAdvisories.vue
@@ -1,10 +1,20 @@
 <template>
   <b-card no-body :header="header">
     <b-card-body>
-      <c-switch id="vulnsourceEnabled" color="primary" v-model="vulnsourceEnabled" label v-bind="labelIcon" />{{$t('admin.vulnsource_github_advisories_enable')}}
+      <img alt="GitHub logo" src="@/assets/img/github-logo.svg" width="65"/>
+      <hr/>
+      <c-switch
+        :disabled="!this.vulnsourceEnabled && !this.apitoken"
+        color="primary"
+        id="vulnsourceEnabled"
+        label
+        v-bind="labelIcon"
+        v-model="vulnsourceEnabled"
+      />
+      {{$t('admin.vulnsource_github_advisories_enable')}}
       <b-validated-input-group-form-input
         id="github-advisories-apitoken"
-        :label="$t('admin.api_token')"
+        :label="$t('admin.personal_access_token')"
         input-group-size="mb-3"
         rules="required"
         type="password"
@@ -15,7 +25,13 @@
       {{ $t('admin.vulnsource_github_advisories_desc') }}
     </b-card-body>
     <b-card-footer>
-      <b-button variant="outline-primary" class="px-4" @click="saveChanges">{{ $t('message.update') }}</b-button>
+      <b-button
+        :disabled="this.vulnsourceEnabled && !this.apitoken"
+        @click="saveChanges"
+        class="px-4"
+        variant="outline-primary">
+          {{ $t('message.update') }}
+      </b-button>
     </b-card-footer>
   </b-card>
 </template>
diff --git a/src/views/administration/vuln-sources/VulnSourceNvd.vue b/src/views/administration/vuln-sources/VulnSourceNvd.vue
@@ -1,7 +1,15 @@
 <template>
   <b-card no-body :header="header">
     <b-card-body>
-      <c-switch id="vulnsourceEnabled" color="primary" v-model="vulnsourceEnabled" label v-bind="labelIcon" />{{$t('admin.vulnsource_nvd_enable')}}
+      <c-switch
+        :disabled="!this.vulnsourceEnabled && !this.nvdFeedsUrl"
+        id="vulnsourceEnabled"
+        color="primary"
+        v-model="vulnsourceEnabled"
+        label
+        v-bind="labelIcon"
+      />
+      {{$t('admin.vulnsource_nvd_enable')}}
       <b-validated-input-group-form-input
         id="nvd-feeds-url"
         :label="$t('admin.vulnsource_nvd_feeds_url')"
@@ -15,7 +23,13 @@
       {{ $t('admin.vulnsource_nvd_desc') }}
     </b-card-body>
     <b-card-footer>
-      <b-button variant="outline-primary" class="px-4" @click="saveChanges">{{ $t('message.update') }}</b-button>
+      <b-button
+        :disabled="this.vulnsourceEnabled && !this.nvdFeedsUrl"
+        variant="outline-primary"
+        class="px-4"
+        @click="saveChanges">
+          {{ $t('message.update') }}
+      </b-button>
     </b-card-footer>
   </b-card>
 </template>
