Custom ordering of findings about sysreptor HOT 5 CLOSED

We are starting to implement this feature.

Users will be able to configure the finding ordering in the design. The design holds a list of fields to sort by and their sort direction. The data structure for the finding ordering config will be something like:

[{"field": "cvss", "order": "desc"}, {"field": "title", "order": "asc"}]

[{"field": "target", "order": "asc"}, {"field": "cvss", "order": "desc"}, {"field": "created", "order": "asc"}]

In pentest projects the findings use the ordering config from the design by default. It will be possible to override the finding order. I.e. not use the ordering config from the design and manually move findings up and down in the finding list via drag and drop.

from sysreptor.

Thanks for the answer!

The sorting works already, I indeed had not updated the design.

from sysreptor.

Implemented in https://github.com/Syslifters/sysreptor/releases/tag/2023.119

from sysreptor.

Thanks fore adding this feature!

However, the custom sorting should also be used for the editing part on the left side (where all the findings are added to).

And also additionally, when the CVSS field is removed maybe an color-option for the risk indicator would be nice to have.

Background information:
In our pentests we apply the risk manually to each finding with a enum field risk_category with the values ciritcal, high, medium, low, observation and recommendation.

So a mapping with colors instead of the automatically applied from the cvss field would be a nice to have addition.

from sysreptor.

The custom sorting should already be used by the finding sidebar in projects. For existing projects, please note that you need to refresh the design for these projects to apply any design changes including the configured finding order. See also this answer #64 (comment)

The SysReptor frontend sets the sidebar colors based on the cvss field or the newly added predefined field severity. The severity field is an enum of severity levels (critical, high, medium, low, info; same as CVSS levels). I think you cannot use this field because you use 6 levels instead of 5.

Adding a configuration option for mapping custom risk levels to sidebar colors would be quite a niche configuration, which I think will not be used by many users. Since the benefit is quite small (just a colored findings sidebar) compared to the implementation complexity, we will not implement this for now.

from sysreptor.