Skip to content

Display 'Analysis disabled' in CVE column #1141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jeremylenz merged 3 commits into from
Jan 20, 2026
Merged

Display 'Analysis disabled' in CVE column #1141

jeremylenz merged 3 commits into from
Jan 20, 2026
+138 −102

Conversation

@jeremylenz
Copy link
Collaborator

@jeremylenz jeremylenz commented Jan 15, 2026
edited
Loading

What are the changes introduced in this pull request?

Hey, we've got some upgrades to the Total CVEs column for IoP-enabled systems!

image
  1. Display "Analysis disabled" for hosts that have vulnerability analysis disabled
  2. Instead of a QuestionIcon, display '—' like we do for other columns. This will show for unregistered hosts, or when data is missing.
  3. Change the weight of the Total CVEs column so that 'Content view environments' doesn't show up between Recommendations and Total CVEs
  4. use propsToCamelCase so we can stop disabling that silly eslint rule

Considerations taken when implementing this change?

everything is well considered!!

This code is ✨ artisan ✨ and no AI was used in its creation

What are the testing steps for this pull request?

Hosts > All Hosts > Manage Columns > add the Total CVEs column

// CVECountCell.js line 36
// Change this 
if (optOut === true) {
// to this
if (true) {

Alternatively, you could figure out the proper curl command to send IoP a [PATCH /api/vulnerability/v1/systems/opt_out](https://console.redhat.com/docs/api/vulnerability/v1#operations-default-manager\.system_handler\.PatchBulkSystemsOptOut\.patch)

You should now see "Analysis disabled" for your host.
Additionally, you should see '—' and NOT a QuestionIcon for unregistered hosts.
You should continue to see a number of vulnerabilities (with link) for hosts with vulnerabilities.

@sourcery-ai
Copy link

sourcery-ai bot commented Jan 15, 2026
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates the CVE count cell rendering to use a typographic dash and text label instead of an icon for unknown/disabled states, adds handling for hosts with analysis opt-out, normalizes API response attributes to camelCase, and adjusts the Total CVEs column weight in the hosts index table.

Flow diagram for CVECountCell rendering logic

flowchart TD
  A[Start CVECountCell with hostDetails] --> B[Fetch cve_count and opt_out via API]
  B --> C{isIopEnabled?
  AND uuid defined?}
  C -- No --> D[Render typographic dash]
  C -- Yes --> E[Normalize attributes with propsToCamelCase]
  E --> F{optOut is true?}
  F -- Yes --> G[Render text Analysis disabled]
  F -- No --> H{cveCount is undefined?}
  H -- Yes --> D[Render typographic dash]
  H -- No --> I[Render Link with cveCount]
  I --> J[End]
  D --> J
  G --> J
Loading

File-Level Changes

Change Details Files
Refine CVE count cell behavior and data handling for Insights vulnerability display.
  • Return a typographic dash when Insights is not enabled or the host UUID is missing instead of rendering an UnknownIcon component.
  • Normalize API response attributes to camelCase using propsToCamelCase and extract cveCount and optOut from the host vulnerability attributes.
  • Show the literal text 'Analysis disabled' when the host has opted out of analysis.
  • Render the CVE count link using cveCount instead of the snake_case cve_count field and return a dash when cveCount is undefined instead of an icon.
 webpack/InsightsVulnerabilityHostIndexExtensions/CVECountCell.js
Adjust ordering of the Total CVEs column in the hosts index table.
  • Change the weight of the Total CVEs column to 1600 to reposition it relative to other columns.
 webpack/ForemanColumnExtensions/index.js
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Jan 15, 2026
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • Returning a raw '—' string instead of the previous <UnknownIcon /> changes the cell’s visual and accessibility behavior; consider verifying that the table styling and screen reader output remain consistent with other cells and, if needed, centralizing this placeholder as a shared component or constant.
  • You’re now calling propsToCamelCase on the API response inside the render; if this component is rendered frequently, consider memoizing or restructuring so the transformation isn’t re-run on every render for the same data.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- Returning a raw '—' string instead of the previous `<UnknownIcon />` changes the cell’s visual and accessibility behavior; consider verifying that the table styling and screen reader output remain consistent with other cells and, if needed, centralizing this placeholder as a shared component or constant.
- You’re now calling `propsToCamelCase` on the API response inside the render; if this component is rendered frequently, consider memoizing or restructuring so the transformation isn’t re-run on every render for the same data.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@jeremylenz jeremylenz force-pushed the vuln-opt-out-display branch from 8802ef5 to e028c06 Compare January 15, 2026 21:38
nofaralfasi
nofaralfasi reviewed Jan 19, 2026
View reviewed changes
Copy link
Collaborator

@nofaralfasi nofaralfasi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested the code locally and it works as expected - hosts with vulnerability analysis disabled now correctly show "Analysis disabled" instead of the CVE count, and the em-dash replacement for unknown states is consistent with the rest of the UI.
One suggestion: consider adding a test case for the new optOut feature to ensure it's covered.

@jeremylenz jeremylenz force-pushed the vuln-opt-out-display branch from e028c06 to 42ac4aa Compare January 19, 2026 13:22
@jeremylenz
Copy link
Collaborator Author

jeremylenz commented Jan 19, 2026

@nofaralfasi updated 👍

@jeremylenz jeremylenz mentioned this pull request Jan 19, 2026
Merged
@nofaralfasi
Copy link
Collaborator

nofaralfasi commented Jan 19, 2026

One suggestion: consider adding a test case for the new optOut feature to ensure it's covered.

@jeremylenz What do you think about adding tests for this?

@jeremylenz
Copy link
Collaborator Author

jeremylenz commented Jan 19, 2026

oops, I saw that and then forgot 😄 working on it!

@jeremylenz @claude
Add test coverage for 'Analysis disabled' CVE column behavior
f4bcd7a 
Adds two test cases to CVECountCell.test.js:
- Renders "Analysis disabled" when opt_out is true
- Renders CVE count link when valid count is returned

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@jeremylenz jeremylenz force-pushed the vuln-opt-out-display branch from 9f60914 to f4bcd7a Compare January 19, 2026 15:49
@jeremylenz
Copy link
Collaborator Author

jeremylenz commented Jan 19, 2026

@nofaralfasi test added. 👍

nofaralfasi
nofaralfasi approved these changes Jan 20, 2026
View reviewed changes
Copy link
Collaborator

@nofaralfasi nofaralfasi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. The test refactoring is a nice improvement over the previous approach, and the opt-out feature now has proper coverage.

@jeremylenz jeremylenz merged commit 3dea8e5 into theforeman:develop Jan 20, 2026
13 of 14 checks passed
nofaralfasi pushed a commit to nofaralfasi/foreman_rh_cloud that referenced this pull request Jan 20, 2026
@jeremylenz @claude @nofaralfasi
Display 'Analysis disabled' in CVE column (theforeman#1141)
84ee4d3 
* Display 'Analysis disabled' in CVE column

* fix tests

* Add test coverage for 'Analysis disabled' CVE column behavior

Adds two test cases to CVECountCell.test.js:
- Renders "Analysis disabled" when opt_out is true
- Renders CVE count link when valid count is returned

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@nofaralfasi nofaralfasi nofaralfasi approved these changes

+1 more reviewer

@ColeHiggins2 ColeHiggins2 ColeHiggins2 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jeremylenz @nofaralfasi @ColeHiggins2