@(
projectsWithSelection: ProjectsWithSelection,
tagOption: Option[(Int, LibraryTag)],
statistics: LibDepStatistics
)(implicit messagesApi: MessagesApi, requestHeader: DefaultRequest, mainTemplateData: MainTemplateData)
@main(
title = s"details for ${projectsWithSelection.projectNameText}${tagOption.map(_._2.name).fold("")(" and tag "+_)}",
projectsOption = Some((projectsWithSelection, x => routes.Statistics.vulnerabilities(x, tagOption.map(_._1))))
){
@healthReport(statistics.failedProjects)
We have @statistics.vulnerabilitiesToDependencies.size vulnerabilities
of @statistics.vulnerabilitiesToDependencies.flatMap(_._2).toSet.size dependencies (@statistics.vulnerabilitiesToDependencies.flatMap(_._2.flatMap(_.plainLibraryIdentifiers)).toSet.size libraries).
@if(!projectsWithSelection.isProjectSpecified){
They are affecting @statistics.vulnerabilitiesToDependencies.flatMap(_._2.flatMap(_.projects)).toSet.size projects.
}else{
Showing only project matching the selected filter.
When a filter is applied, number of affected project might differ, as it is computed over a subset of subprojects. As a result, order of vulnerabilities might slightly differ from their order at all-projects view.
}
Vulnerabilities are sorted by severity. If the severity is the same, they are sorted by number of affected projects. If even this matches, they are sorted by name (which is related to vulnerability age).
@for((vulnerability, dependencies) <- statistics.vulnerabilitiesToDependencies.toSeq.sortBy{case (vuln, deps) =>
(
vuln.cvssScore.map(-_), // CVSS score
-deps.flatMap(_.projects).toSet.size, // number of affected projects
vuln.name // make it deterministic
)
}){
@vulnerability.name
CVSS @(vulnerability.cvss.score.getOrElse{"?"}),
@defining(dependencies.flatMap(_.projects).toSet.size){ numProjects =>
affecting @numProjects @if(numProjects>1){projects}else{project}
}
@vulnerability.description
@* @dependencies.map(_.identifiers)
*@
@* @dependencies.flatMap(_.projects).toSet
*@
}
}