DependencyTrack · leec94 · Nov 30, 2023 · Nov 30, 2023
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
@@ -757,6 +757,15 @@
     "index_general_description": "Dependency Track uses Apache Lucene to enable full-text search on various entities like projects or vulnerabilities.",
     "index_use_cases": "The full-text search feature is principally used for the search API (i.e. all the indexes) and internal analyzer fuzzy matching on CPE (i.e. the vulnerable software index).",
     "index_issues_description": "The lucene indexes can degrade or drift from Dependency Track database over time. Even though DT does its best to minimize the drift, the administrative features below are provided to check or restore the indexes if need be. It must be used with caution.",
+    "index_risk_score_description": "Dependency Track calculates the risk score of each project as a weighted severity score using the following calculation as default: ",
+    "index_risk_score_calc": "((critical * 10) + (high * 5) + (medium * 3) + (low * 1) + (unassigned * 5))",
+    "index_risk_score_weighting_description": "You can customize the weighting of each severity to customize the risk score.",
+    "enable_risk_score_history_check": "Recalculate risk score weighting on project history",
+    "risk_score_weight_critical": "Critical (default: 10)",
+    "risk_score_weight_high": "High (default: 5)",
+    "risk_score_weight_medium": "Medium (default: 3)",
+    "risk_score_weight_low": "Low (default: 1)",
+    "risk_score_weight_unassigned": "Unassigned (default: 5)",
     "index_consistency_check_description": "You can enable a periodic background task that will check that all indexes exists, are not corrupted and that their difference with Dependency Track database is under a defined threshold percentage. Any check failure will trigger a rebuild of the corresponding index. A restart is required to take cadence modification into account.",
     "index_rebuild_description" : "You can selectively trigger an immediate rebuild of some or all indexes. The index rebuild will be perform by an asynchronous tasks. You can check the progress using Dependency Track logs.",
     "enable_index_consistency_check": "Enable periodic consistency check",

diff --git a/src/router/index.js b/src/router/index.js
@@ -25,6 +25,7 @@ const Jira = () => import('@/views/administration/configuration/JiraConfig')
 const InternalComponents = () => import('@/views/administration/configuration/InternalComponents')
 const TaskScheduler = () => import('@/views/administration/configuration/TaskScheduler')
 const Search = () => import('@/views/administration/configuration/Search')
+const RiskScore = () => import('@/views/administration/configuration/RiskScore')
 
 const InternalAnalyzer = () => import('@/views/administration/analyzers/InternalAnalyzer')
 const OssIndexAnalyzer = () => import('@/views/administration/analyzers/OssIndexAnalyzer')
@@ -306,6 +307,16 @@ function configRoutes() {
                 permission: 'SYSTEM_CONFIGURATION'
               },
             },
+            {
+              path: 'configuration/riskscore',
+              component: RiskScore,
+              meta: {
+                title: i18n.t('message.administration'),
+                i18n: 'message.administration',
+                sectionPath: '/admin',
+                permission: 'SYSTEM_CONFIGURATION'
+              },
+            },
             {
               path: 'analyzers/internal',
               alias: ['analyzers'],

diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
@@ -82,6 +82,11 @@ import { ACCESS_MANAGEMENT, SYSTEM_CONFIGURATION } from "../../shared/permission
                 component: 'Search',
                 name: this.$t('message.search'),
                 route: "configuration/search"
+              },
+              {
+                component: 'RiskScore',
+                name: this.$t('message.risk_score'),
+                route: "configuration/RiskScore"
               }
             ]
           },

diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
@@ -26,6 +26,7 @@ import InternalComponents from "./configuration/InternalComponents";
 import Jira from "./configuration/JiraConfig";
 import Search from "./configuration/Search.vue";
 import TaskScheduler from "./configuration/TaskScheduler.vue";
+import RiskScore from "./configuration/RiskScore.vue";
 // Analyzer plugins
 import InternalAnalyzer from "./analyzers/InternalAnalyzer";
 import OssIndexAnalyzer from "./analyzers/OssIndexAnalyzer";
@@ -66,7 +67,7 @@ export default {
   components: {
     EventBus,
     AdminMenu,
-    General, BomFormats, Email, Jira, InternalComponents, TaskScheduler, Search,
+    General, BomFormats, Email, Jira, InternalComponents, TaskScheduler, Search, RiskScore,
     InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer, SnykAnalyzer,
     VulnSourceNvd, VulnSourceGitHubAdvisories, VulnSourceOSVAdvisories,
     Cargo, Composer, Gem, GoModules, Hex, Maven, Npm, Cpan, Nuget, Python,

diff --git a/src/views/administration/configuration/RiskScore.vue b/src/views/administration/configuration/RiskScore.vue
@@ -0,0 +1,161 @@
+<template>
+  <div>
+    <p>{{ $t('admin.index_risk_score_description') }}</p>
+    <p>{{ $t('admin.index_risk_score_calc') }}</p>
+    <br/>
+    <b-card no-body :header="headers.customRiskScore">
+      <b-card-body>
+        <p>{{ $t('admin.index_risk_score_weighting_description') }}</p>
+        <c-switch id="riskscore.history.enabled" color="primary" v-model="customRiskScore.enabled" label v-bind="labelIcon" />{{$t('admin.enable_risk_score_history_check')}}
+        <b-validated-input-group-form-input
+          id="custom-risk-score-critical"
+          :label="$t('admin.risk_score_weight_critical')"
+          input-group-size="mb-3"
+          rules="required|min_value:1|max_value:10"
+          type="number"
+          v-model="customRiskScore.critical"
+          :tooltip="customRiskScore.criticalTooltip"
+        />
+        <b-validated-input-group-form-input
+          id="custom-risk-score-high"
+          :label="$t('admin.risk_score_weight_high')"
+          input-group-size="mb-3"
+          rules="required|min_value:1|max_value:10"
+          type="number"
+          v-model="customRiskScore.high"
+          :tooltip="customRiskScore.highTooltip"
+        />
+        <b-validated-input-group-form-input
+          id="custom-risk-score-medium"
+          :label="$t('admin.risk_score_weight_medium')"
+          input-group-size="mb-3"
+          rules="required|min_value:1|max_value:10"
+          type="number"
+          v-model="customRiskScore.medium"
+          :tooltip="customRiskScore.mediumTooltip"
+        />
+        <b-validated-input-group-form-input
+          id="custom-risk-score-low"
+          :label="$t('admin.risk_score_weight_low')"
+          input-group-size="mb-3"
+          rules="required|min_value:1|max_value:10"
+          type="number"
+          v-model="customRiskScore.low"
+          :tooltip="customRiskScore.lowTooltip"
+        />
+        <b-validated-input-group-form-input
+          id="custom-risk-score-unassigned"
+          :label="$t('admin.risk_score_weight_unassigned')"
+          input-group-size="mb-3"
+          rules="required|min_value:1|max_value:10"
+          type="number"
+          v-model="customRiskScore.unassigned"
+          :tooltip="customRiskScore.unassignedTooltip"
+        />
+      </b-card-body>
+      <b-card-footer>
+        <b-button size="md" class="px-4" variant="outline-primary" @click="saveCustomRiskScoreSettings">{{ $t('message.update') }}</b-button>
+      </b-card-footer>
+    </b-card>
+  </div>
+</template>
+
+<script>
+  import { Switch as cSwitch } from '@coreui/vue';
+  import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
+  import configPropertyMixin from "../mixins/configPropertyMixin";
+  import common from "../../../shared/common";
+
+  export default {
+    mixins: [configPropertyMixin],
+    props: {
+      header: String
+    },
+    components: {
+      cSwitch,
+      BValidatedInputGroupFormInput
+    },
+    data() {
+      return {
+        headers: {
+          customRiskScore: this.header + " - Risk Score Customization"
+        },
+        type: {
+          project: false,
+          component: false,
+          vulnerability: false,
+          vulnerablesofware: false,
+          license: false,
+          cpe: false,
+          servicecomponent:false
+        },
+        customRiskScore: {
+          enabled: false,
+          critical: "10",
+          criticalTooltip: "",
+          high: "5",
+          highTooltip: "",
+          medium: "3",
+          mediumTooltip: "",
+          low: "1",
+          lowTooltip: "",
+          unassigned: "5",
+          unassignedTooltip: "",
+        }
+      }
+    },
+    created () {
+      this.axios.get(this.configUrl).then((response) => {
+        let configItems = response.data.filter(function (item) { return item.groupName === "search-indexes" });
+        for (let i=0; i<configItems.length; i++) {
+          let item = configItems[i];
+          switch (item.propertyName) {
+            case "riskscore.history.enabled":
+              this.customRiskScore.enabled = common.toBoolean(item.propertyValue); break;
+            case "riskscore.critical":
+              this.customRiskScore.critical = item.propertyValue;
+              this.customRiskScore.criticalTooltip = item.description; break;
+              case "riskscore.high":
+              this.customRiskScore.high = item.propertyValue;
+              this.customRiskScore.highTooltip = item.description; break;
+              case "riskscore.medium":
+              this.customRiskScore.medium = item.propertyValue;
+              this.customRiskScore.mediumTooltip = item.description; break;
+              case "riskscore.low":
+              this.customRiskScore.low = item.propertyValue;
+              this.customRiskScore.lowTooltip = item.description; break;
+              case "riskscore.unassigned":
+              this.customRiskScore.unassigned = item.propertyValue;
+              this.customRiskScore.unassignedTooltip = item.description; break;
+          }
+        }
+      });
+    },
+    methods: {
+      saveCustomRiskScoreSettings: function() {
+        this.updateConfigProperties([
+          {groupName: 'risk-score', propertyName: 'riskscore.history.enabled', propertyValue: this.customRiskScore.enabled},
+          {groupName: 'risk-score', propertyName: 'riskscore.critical', propertyValue: this.customRiskScore.critical},
+          {groupName: 'risk-score', propertyName: 'riskscore.high', propertyValue: this.customRiskScore.high},
+          {groupName: 'risk-score', propertyName: 'riskscore.medium', propertyValue: this.customRiskScore.medium},
+          {groupName: 'risk-score', propertyName: 'riskscore.low', propertyValue: this.customRiskScore.low},
+          {groupName: 'risk-score', propertyName: 'riskscore.unassigned', propertyValue: this.customRiskScore.unassigned}
+        ]);
+      },
+      reindex: function() {
+        let url = `${this.$api.BASE_URL}/${this.$api.URL_SEARCH}/reindex`;
+        let params = new URLSearchParams();
+        Object.entries(this.type).forEach(([key, value]) => {
+          if(value) {
+            params.append('type', key.toUpperCase());
+          }
+        });
+        this.axios.post(url, null, { params: params }).then((response) => {
+          this.$toastr.s(this.$t('admin.reindex_submitted'));
+        }).catch((error) => {
+          this.$toastr.s(this.$t('admin.reindex_error'));
+        });
+      }
+    }
+  }
+</script>