Conversation
- add CVSS vector parser to console/src/utils/cvssVectorParser.ts - update vulnerabilities UI to navigate to detail page on row click - remove inline detail sheet component (detail-sheet.tsx) and related usage - refactor severity-badge.tsx for consistent color mapping and sizing - adjust detail-vulnerability.tsx imports and structure to align with new flow - cleanup: delete obsolete .kilocode/skills docs and SKILL files - note: CVSS parser provides versioned, raw, detailed, and normalized outputs for vulnerability analysis
…view - add AnalyzeButton to trigger analysis via API with success/error toasts - introduce Section component for themed vulnerability detail sections - wire up Markdown and image rendering in vulnerability detail - adjust data-table emptyMessage and styling tweaks - minor improvements to vulnerabilities list and statistics pages
…n notification - introduce VULNERABILITY_ANALYSIS_COMPLETED notification type, DB migration, and i18n - trigger notification after successful vulnerability analysis in VulnerabilityAnalysisProcessor - pass userId to analyzeVulnerability, attach metadata (id, name), and notify user - return vulnerability from processing to support downstream usage - wire NotificationsModule into VulnerabilitiesModule; adjust Bull queue removeOnComplete/RemoveOnFail - extend VulnerabilitiesService to accept userId and publish notifications via NotificationsService - update VulnerabilitiesController to provide user context during analysis - add truncateUrl utility and use in detail vulnerability page - small console UI tweaks: header layout adjustments, title rendered as span, and onClose propagation to notification list/item
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the vulnerability management UI, replacing the side-sheet detail view with a comprehensive full-page layout that includes AI-powered analysis results and real-time status polling. Backend enhancements include a new notification type for completed analyses and updated queue processing logic. Review feedback identifies an observability issue regarding the immediate deletion of failed queue jobs, the presence of a debug log in the notification service, and a redundant database query in the vulnerability analysis service.
| delay: 2000, | ||
| }, | ||
| removeOnComplete: true, | ||
| removeOnFail: true, |
There was a problem hiding this comment.
Setting removeOnFail: true will cause failed jobs to be immediately deleted from the queue. This makes it impossible to investigate failures or retry them manually. It is recommended to keep failed jobs for a certain period or set this to false for better observability.
| removeOnFail: true, | |
| removeOnFail: false, |
| } | ||
|
|
||
| async markAsRead(id: string, userId: string) { | ||
| console.log(id, userId); |
There was a problem hiding this comment.
A debug console.log has been left in the code. Please remove it to maintain clean production logs.
| const workspace = await this.getWorkspaceForVulnerability( | ||
| vulnerability.id, | ||
| ); |
There was a problem hiding this comment.
The workspaceId is already available in the job data (passed during queue addition). Re-fetching the workspace here via getWorkspaceForVulnerability is redundant and adds an unnecessary database query. Consider passing the workspaceId from the processor to this method.
2 participants
No description provided.