feat(assets): add website field to asset data mapping

[l1ttps]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @l1ttps, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the user experience in the console by introducing a robust multi-select severity filter for vulnerabilities, enabling more granular control over displayed data. It also adds a convenient feature to asset technology badges, making them interactive by linking directly to the technology's website. Underlying these UI enhancements are corresponding API and data model updates, alongside a substantial cleanup of outdated security report functionalities in the generated API client.

Highlights

• Vulnerability Severity Filtering: Introduced a new multi-select filter for vulnerabilities, allowing users to filter by severity levels (Critical, High, Medium, Low, Info) directly within the console UI.
• Clickable Technology Badges: Enhanced the TechnologyTooltip component to make technology badges interactive. Users can now click on a technology badge to open its associated website in a new browser tab.
• API and Data Model Updates: Modified the backend API to support the new severity filtering for vulnerabilities and extended the asset technology data model to include a website field.
• Code Generation Cleanup: Performed a significant cleanup by removing numerous deprecated SecurityReport related types and API endpoints from the generated client code, streamlining the API surface.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• console/src/components/ui/select.tsx
  • Standardized string literals to single quotes and added missing semicolons for consistency.
  • Made a minor adjustment to a Tailwind CSS class in the SelectTrigger component.
• console/src/pages/assets/components/technology-tooltip.tsx
  • Refactored the technology badge from a Badge component to a span element with equivalent styling.
  • Implemented click and keyboard accessibility handlers to open the associated technology's website in a new tab.
  • Updated the fallback Boxes icon size from size-8 to size-4 for technologies without an iconUrl.
• console/src/pages/vulnerabilities/components/severity-filter.tsx
  • New file: Added a new React component for multi-selecting vulnerability severity levels.
  • Provides options for Critical, High, Medium, Low, and Info severities.
  • Includes UI for displaying the count of selected filters and a button to clear all selections.
• console/src/pages/vulnerabilities/components/status-filter.tsx
  • Updated the styling of the SelectTrigger to be border-dashed and text-xs for a more consistent look with other filters.
• console/src/pages/vulnerabilities/list-vulnerabilitys.tsx
  • Integrated the new SeverityFilter component into the vulnerability list's toolbar.
  • Managed the state for selected severity filters and updated the data fetching logic to include this new filter parameter.
  • Ensured row selections are cleared and the page resets when severity filters change.
• console/src/services/apis/gen/queries.ts
  • Updated the DataPayloadResult.raw type from string to DataPayloadResultRaw (an object type).
  • Introduced VulnerabilitiesControllerGetVulnerabilitiesSeverityItem enum and added a severity array parameter to VulnerabilitiesControllerGetVulnerabilitiesParams.
  • Removed a large set of types and associated query/mutation hooks related to SecurityReport functionality.
• core-api/src/modules/assets/assets.service.ts
  • Extended the TechnologyDetailDTO mapping to include a website field, allowing technology entries to have an associated URL.
• core-api/src/modules/vulnerabilities/dto/get-vulnerability.dto.ts
  • Added an optional severity array property to GetVulnerabilitiesQueryDto, enabling API requests to filter vulnerabilities by multiple severity levels.
  • Included a @Transform decorator to correctly handle single string or array inputs for the severity parameter.
• core-api/src/modules/vulnerabilities/vulnerabilities.service.ts
  • Modified the getVulnerabilities method to incorporate the new severity filter into the database query, allowing filtering by multiple severity levels.
• worker/services/core-api/api.ts
  • Updated the DataPayloadResult.raw type from string to object.
  • Removed various SecurityReport related interfaces and enums, and their corresponding API methods, reflecting the cleanup in the console's generated types.
  • Added VulnerabilitiesControllerGetVulnerabilitiesParamsSeverityEnum and included severity as an optional array parameter in the getVulnerabilities API method.

Activity

• No specific activity (comments, reviews, or progress updates) has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces two main features: it adds a clickable website link to technology assets and implements a severity filter on the vulnerabilities page. The backend changes correctly add the website field to the data mapping and update the vulnerabilities endpoint to support filtering by severity. The frontend changes integrate the new severity filter and make the technology tooltips clickable.

The code is generally well-written, but I've identified a couple of areas for improvement in the frontend components, mainly concerning code duplication, imperative DOM manipulation, and accessibility. My comments provide suggestions to address these points by adopting more declarative patterns and improving accessibility.

[gemini-code-assist]

The onError handler uses direct DOM manipulation (createElement, appendChild) and innerHTML, which is not idiomatic in React and can be a security risk. This logic is also duplicated for the image in the tooltip content (lines 69-80).

A better approach is to use a state variable to track the image loading error and declaratively render a fallback component. This makes the code cleaner, safer, and more aligned with React principles.

Here's an example of how you could refactor this:

const [triggerImgError, setTriggerImgError] = useState(false);

// ... in your JSX
{tech?.iconUrl && !triggerImgError ? (
  <img
    src={tech.iconUrl}
    alt={tech.name}
    className="size-4"
    onError={() => setTriggerImgError(true)}
  />
) : (
  <Boxes className="size-4" />
)}

You would apply a similar pattern for the image inside TooltipContent.

[gemini-code-assist]

This implementation has some accessibility and event handling issues. Using a div with role="button" and an onClick handler that contains another interactive element (Checkbox) can be confusing for screen reader users and keyboard navigation. Additionally, you have redundant event handlers (onClick on the div and onCheckedChange on the Checkbox) that both call toggleSeverity.

A better pattern is to use a <label> element associated with the Checkbox. This makes the entire row clickable and is more accessible, while also simplifying the event handling.

              <label
                key={option.value}
                htmlFor={`severity-${option.value}`}
                className={cn(
                  'flex items-center space-x-2 rounded-sm px-2 py-1.5 cursor-pointer hover:bg-accent',
                  isSelected && 'bg-accent/50',
                )}
              >
                <Checkbox
                  id={`severity-${option.value}`}
                  checked={isSelected}
                  onCheckedChange={() => toggleSeverity(option.value)}
                  className="border-muted-foreground"
                />
                <div className="flex items-center gap-2 flex-1">
                  <span
                    className={cn('w-2 h-2 rounded-full', option.bgColor)}
                    aria-hidden="true"
                  />
                  <span className={cn('text-sm', option.color)}>
                    {option.label}
                  </span>
                </div>
              </label>