From e55ff496e511ba74387981a92ea6c05b46bf394c Mon Sep 17 00:00:00 2001
From: Valentijn Scholten <valentijnscholten@gmail.com>
Date: Sat, 11 Jan 2025 18:17:37 +0100
Subject: [PATCH] add Composer data source admin info page

Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com>
---
 src/i18n/locales/en.json                      |  7 ++++++-
 src/router/index.js                           | 13 +++++++++++++
 src/views/administration/AdminMenu.vue        |  5 +++++
 src/views/administration/Administration.vue   |  3 +++
 .../VulnSourceComposerAdvisories.vue          | 19 +++++++++++++++++++
 5 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 src/views/administration/vuln-sources/VulnSourceComposerAdvisories.vue

diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index 017cdc9ef..56c6f9b5d 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -283,7 +283,12 @@
     "vulnsource_osv_base_url": "OSV Base URL",
     "welcome_message": "Welcome Message",
     "welcome_message_desc": "Customize the welcome message that appears on the start page of Dependency-Track before users sign in.",
-    "welcome_message_enable": "Enable welcome message"
+    "welcome_message_enable": "Enable welcome message",
+    "composer_advisories": "Composer Security Advisories",
+    "vulnsource_composer_advisories_desc": "The Composer ecosystem provides security advisories via its Composer repositories. Examples are https://packagist.org and https://packages.drupal.org/8. These security advisories are used by Composer to provide the composer audit command.",
+    "vulnsource_composer_to_enable": "Composer advisory mirroring can be enabled for a repository via it configuration:",
+    "composer_repositories": "Composer Repositories",
+    "documentation": "Documentation"
   },
   "condition": {
     "forbidden": "Forbidden (403)",
diff --git a/src/router/index.js b/src/router/index.js
index 977ff6069..bdcb2f06d 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -58,6 +58,8 @@ const VulnSourceGitHubAdvisories = () =>
   import('@/views/administration/vuln-sources/VulnSourceGitHubAdvisories');
 const VulnSourceOSVAdvisories = () =>
   import('@/views/administration/vuln-sources/VulnSourceOSVAdvisories');
+const VulnSourceComposerAdvisories = () =>
+  import('@/views/administration/vuln-sources/VulnSourceComposerAdvisories');
 
 const Cargo = () => import('@/views/administration/repositories/Cargo');
 const Composer = () => import('@/views/administration/repositories/Composer');
@@ -552,6 +554,17 @@ function configRoutes() {
                 permission: 'SYSTEM_CONFIGURATION',
               },
             },
+            {
+              path: 'vulnerabilitySources/composer',
+              component: VulnSourceComposerAdvisories,
+              meta: {
+                title: i18n.t('message.administration'),
+                i18n: 'message.administration',
+                sectionPath: '/admin',
+                sectionName: 'Admin',
+                permission: 'SYSTEM_CONFIGURATION',
+              },
+            },
             {
               path: 'repositories/cargo',
               alias: ['repositories'],
diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
index 47f86976f..a055779ab 100644
--- a/src/views/administration/AdminMenu.vue
+++ b/src/views/administration/AdminMenu.vue
@@ -176,6 +176,11 @@ export default {
               name: this.$t('admin.osv_advisories'),
               route: 'vulnerabilitySources/osv',
             },
+            {
+              component: 'VulnSourceComposerAdvisories',
+              name: this.$t('admin.composer_advisories'),
+              route: 'vulnerabilitySources/composer',
+            },
           ],
         },
         {
diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
index 5034e2931..6818f11ac 100644
--- a/src/views/administration/Administration.vue
+++ b/src/views/administration/Administration.vue
@@ -38,6 +38,8 @@ import VulnDbAnalyzer from './analyzers/VulnDbAnalyzer';
 import VulnSourceGitHubAdvisories from './vuln-sources/VulnSourceGitHubAdvisories';
 import VulnSourceNvd from './vuln-sources/VulnSourceNvd';
 import VulnSourceOSVAdvisories from './vuln-sources/VulnSourceOSVAdvisories';
+import VulnSourceComposerAdvisories from './vuln-sources/VulnSourceComposerAdvisories';
+
 // Repositories
 import Cargo from './repositories/Cargo';
 import Composer from './repositories/Composer';
@@ -89,6 +91,7 @@ export default {
     VulnSourceNvd,
     VulnSourceGitHubAdvisories,
     VulnSourceOSVAdvisories,
+    VulnSourceComposerAdvisories,
     Cargo,
     Composer,
     Gem,
diff --git a/src/views/administration/vuln-sources/VulnSourceComposerAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceComposerAdvisories.vue
new file mode 100644
index 000000000..cab7e0604
--- /dev/null
+++ b/src/views/administration/vuln-sources/VulnSourceComposerAdvisories.vue
@@ -0,0 +1,19 @@
+<template>
+  <b-card no-body>
+    <b-card-body>
+      <img alt="Composer logo" src="@/assets/img/composer-logo.png" />
+      <hr />
+      {{ $t('admin.vulnsource_composer_advisories_desc') }}
+      <hr />
+      {{ $t('admin.vulnsource_composer_to_enable') }}
+      <a href="/admin/repositories/composer">
+        {{ $t('admin.composer_repositories') }} </a
+      >.
+      <hr />
+      {{ $t('admin.documentation') }}
+      <a href="https://docs.dependencytrack.org/datasources/composer/"
+        >https://docs.dependencytrack.org/datasources/composer/</a
+      >.
+    </b-card-body>
+  </b-card>
+</template>