feat(web-app-reporter): Always show issue tab

[hanna-modica]

This allows on one hand the view to be more consistent, by always showing the same tab, and on the other hand allows to check resolved issues, even if there are no open issues left.

resolves #6232

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -2.94 ⚠️

Comparison is base (a4330fe) 64.28% compared to head (d5b6236) 61.35%.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #7171      +/-   ##
============================================
- Coverage     64.28%   61.35%   -2.94%     
- Complexity     1970     1984      +14     
============================================
  Files           333      333              
  Lines         16681    16663      -18     
  Branches       2386     2412      +26     
============================================
- Hits          10724    10223     -501     
- Misses         4918     5453     +535     
+ Partials       1039      987      -52     

Flag	Coverage Δ
funTest-docker	69.24% <ø> (ø)
funTest-non-docker	31.81% <ø> (+3.22%)	⬆️
test	37.41% <ø> (-2.67%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 23 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[sschuberth]

Please hard-wrap commit message body lines to avoid commit-lint complaining. While at it, "resolves" should be capitalized.

[tsteenbe]

This should be configurable option as we had users that don't want to see violations, issues and vulnerabilities. Propose we move this change in behavior to a reporter option (e.g. boolean to show tabs always or not).

[sschuberth]

This should be configurable option as we had users that don't want to see violations, issues and vulnerabilities. Propose we move this change in behavior to a reporter option (e.g. boolean to show tabs always or not).

Personally, I don't think it's worth to put the burden of implementing a reporter-specific option / feature flag on the OP for this. We should have a consistent UI independent of the number of issues / violations / vulnerabilities, and say in the tabs that there are none, if so.

[hanna-modica]

Propose we move this change in behavior to a reporter option (e.g. boolean to show tabs always or not).

A user would need to select this behaviour every time the report is loaded. IMHO, this does not sound that user friendly and I agree with @sschuberth. How can we come to an agreement here?

[tsteenbe]

A user would need to select this behaviour every time the report is loaded. IMHO, this does not sound that user friendly and I agree with @sschuberth. How can we come to an agreement here?

@hanna-modica That now what I proposed - it would be a configuration option at time of generation of the report, not upon opening the web report. No user action required only config change by an ORT admin.

[mnonnenmacher]

This should be configurable option as we had users that don't want to see violations, issues and vulnerabilities. Propose we move this change in behavior to a reporter option (e.g. boolean to show tabs always or not).

Personally, I don't think it's worth to put the burden of implementing a reporter-specific option / feature flag on the OP for this. We should have a consistent UI independent of the number of issues / violations / vulnerabilities, and say in the tabs that there are none, if so.

I agree with @sschuberth here. In the last community meeting there was no one present who actually preferred hiding the tab if there are no issues, but several participants preferred to always show it. As this also fixes the issue that it is currently impossible to review resolved issues if all issues are resolved, I would prefer to merge this as is and introduce an option only if there is an actual demand for it which justifies the work and increased complexity.

[tsteenbe]

@sschuberth @mnonnenmacher I am against merging this as is - as I said in the community meeting I don't believe this feature work as @hanna-modica expects it to work - if a scan has only resolved issues to my recollection it won't show these in issues (cam from old HERE decision) - this needs to be tested first.

We have ORT users that use SBOM and ORT web reports in the FOSS reporting to their customers as a replacement for Excel and HTML reports from their previous commercial vendor. WebApp is provided as convenience for customer legal counsel to quickly browse the result (happy to get them off Excel). Just because ORT users are not at the community meeting doesn't mean their use cases should be taken into account.

[hanna-modica]

I don't believe this feature work as @hanna-modica expects it to work - if a scan has only resolved issues to my recollection it won't show these in issues (cam from old HERE decision) - this needs to be tested first.

In our reports, resolved issues are always shown in the issues tab (if it is there). That aside, I believe it to be very confusing and not good UX nonetheless, if the shown tabs are not consistent for every report.

[mnonnenmacher]

@sschuberth @mnonnenmacher I am against merging this as is - as I said in the community meeting I don't believe this feature work as @hanna-modica expects it to work - if a scan has only resolved issues to my recollection it won't show these in issues (cam from old HERE decision) - this needs to be tested first.

I have verified that it works as expected, if all issues are resolved they are visible in the issues tab.

We have ORT users that use SBOM and ORT web reports in the FOSS reporting to their customers as a replacement for Excel and HTML reports from their previous commercial vendor. WebApp is provided as convenience for customer legal counsel to quickly browse the result (happy to get them off Excel). Just because ORT users are not at the community meeting doesn't mean their use cases should be taken into account.

I still don't understand how an empty issues tab could break anyone's use of the web app report. To the contrary, if you are resolving issues, rule violations, or vulnerabilities one by one, you can always see the effects in the web app reporter, until you resolve the last one, because then those tabs just disappear which is a confusing UX.