Comments (5)
We are starting to implement this feature.
Users will be able to configure the finding ordering in the design. The design holds a list of fields to sort by and their sort direction. The data structure for the finding ordering config will be something like:
[{"field": "cvss", "order": "desc"}, {"field": "title", "order": "asc"}]
[{"field": "target", "order": "asc"}, {"field": "cvss", "order": "desc"}, {"field": "created", "order": "asc"}]
In pentest projects the findings use the ordering config from the design by default. It will be possible to override the finding order. I.e. not use the ordering config from the design and manually move findings up and down in the finding list via drag and drop.
from sysreptor.
Thanks for the answer!
The sorting works already, I indeed had not updated the design.
from sysreptor.
Implemented in https://github.com/Syslifters/sysreptor/releases/tag/2023.119
from sysreptor.
Thanks fore adding this feature!
However, the custom sorting should also be used for the editing part on the left side (where all the findings are added to).
And also additionally, when the CVSS field is removed maybe an color-option for the risk indicator would be nice to have.
Background information:
In our pentests we apply the risk manually to each finding with a enum field risk_category
with the values ciritcal, high, medium, low, observation and recommendation.
So a mapping with colors instead of the automatically applied from the cvss field would be a nice to have addition.
from sysreptor.
The custom sorting should already be used by the finding sidebar in projects. For existing projects, please note that you need to refresh the design for these projects to apply any design changes including the configured finding order. See also this answer #64 (comment)
The SysReptor frontend sets the sidebar colors based on the cvss
field or the newly added predefined field severity
. The severity
field is an enum of severity levels (critical, high, medium, low, info; same as CVSS levels). I think you cannot use this field because you use 6 levels instead of 5.
Adding a configuration option for mapping custom risk levels to sidebar colors would be quite a niche configuration, which I think will not be used by many users. Since the benefit is quite small (just a colored findings sidebar) compared to the implementation complexity, we will not implement this for now.
from sysreptor.
Related Issues (20)
- [Feature request] Drag and drop steps HOT 10
- [Feature Request] Screen Offset while editing HOT 1
- Guest user restrictions not working HOT 5
- [BUG] Large enum item list slows down the app considerably HOT 2
- [Feature Request] - New Role "Project Admin"
- Can't modify/save items properly in report preview data HOT 4
- Grey out buttons, menus, actions when user does not have permissions
- [Feature Request] Option to change the colour palette of the severity for a finding. HOT 3
- [repo addition] add offsec templates to git HOT 4
- [feature request] naming assets when pasted HOT 4
- [BUG] switching split-view and render jumps the page HOT 2
- [Feature Request] - Add HTML export option button. HOT 1
- superuser password HOT 1
- [Feature request] OWASP Risk Rating Methodology HOT 1
- docker compose fails with "FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory" HOT 1
- Report Fields Not Saved as Default HOT 8
- [feature request] report name template HOT 1
- [ DOCS ] - Finding Import HOT 2
- [ ENHANCEMENT ] - ZeusCloud Import HOT 2
- macOS: Permission denied: '/data/uploadedassets' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sysreptor.