Fix labels for vulnerabilities with source UNKNOWN

Signed-off-by: nscuro <[email protected]>
DependencyTrack · Apr 20, 2024 · 82c015f · 82c015f
1 parent 3851825
commit 82c015f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss
@@ -137,6 +137,11 @@ html {
   background-color: #EBE5A8;
   border: 1px solid #DCD167;
 }
+.label-source-unknown {
+  background-color: $severity-unassigned;
+  border: 1px solid $grey-900;
+  color: #FFFFFF;
+}
 .label-notification {
   color: #222222;
   padding: .2em .6em .3em;

diff --git a/src/shared/common.js b/src/shared/common.js
@@ -165,11 +165,13 @@ $common.formatAnalyzerLabel = function formatAnalyzerLabel(
       break;
     case 'TRIVY_ANALYZER':
       analyzerLabel = 'Trivy';
-
-      analyzerUrl = 'https://nvd.nist.gov/vuln/detail/' + vulnId;
-      if (vulnSource === 'GITHUB') {
+      if (vulnSource === 'NVD') {
+        analyzerUrl = 'https://nvd.nist.gov/vuln/detail/' + vulnId;
+      } else if (vulnSource === 'GITHUB') {
         analyzerUrl = 'https://github.com/advisories/' + vulnId;
       }
+      // NB: Trivy can report vulnerabilities from sources that DT does
+      // not explicitly support.
       break;
   }
   if (analyzerUrl) {
@@ -228,6 +230,9 @@ $common.resolveSourceVulnInfo = function resolveSourceVulnInfo(
       sourceInfo.url =
         'https://vulndb.cyberriskanalytics.com/vulnerabilities/' + vulnId;
       break;
+    case 'UNKNOWN':
+      // Not possible to provide any additional information.
+      break;
   }
   return sourceInfo;
 };