Reporting and Triage improvements (was a GSoC idea, now available to all) #1618
Description
Possible GSoC idea: Reporting and Triage improvements
- related: GSoC 2022: Start Here #1462
- related: GSoC 2022 Ideas / Brainstorming thread #1379
I just filed 4 feature requests related to the report UI and how we display triage data:
- Feature request: Filters for component view (HTML reports) #1614
- Feature request: highlight new/unexplored CVES on main page (HTML reports) #1615
- Feature Request: improved CVE overview (HTML reports) #1616
- Feature request: Add remarks to PDF reports #1617
And this got me thinking that we probably have some refinements we can do in that area:
- improving how triage is displayed across reports (e.g apparently it's missing in PDF right now)
- allowing further customization of reports based on triage
- adding how-to guides on common triage scenarios such as...
- "how to triage false positives"
- "how to add triage comments" (e.g. extended information about mitigations used for a cve which isn't yet fixed)
- "how to re-use triage in other projects using merged reports" (e.g. use the triage from a docker base image across multiple projects using the same base)
- "tracking changing triage and fixes over time using merged reports"
-Improving, creating, or recommending tools to help with triage data. We have some, but probably not everything anyone could want here. Do we need a command line "add triage to file" option, for example?
Difficulty: Intermediate to Advanced
Hours: 175 or 350 depending on how many of these ideas you propose to tackle. Simple triage display fixes and documentation is likely a 175 hour project, students intending to add additional triage tools and triage-customized reports would likely want to apply for a 350hr slot.
Open to all:
This work was previously flagged as a potential GSoC project, but we didn't get an applicants interested in doing it at that time. It's now available to anyone who wants to work in this area.