Skip to content

feat: add guided SecurityException form#99

Open
AnvayKharb wants to merge 4 commits into
kubescape:mainfrom
AnvayKharb:feat/securityexception-guided-form
Open

feat: add guided SecurityException form#99
AnvayKharb wants to merge 4 commits into
kubescape:mainfrom
AnvayKharb:feat/securityexception-guided-form

Conversation

@AnvayKharb

@AnvayKharb AnvayKharb commented May 29, 2026

Copy link
Copy Markdown

This pull request introduces a new "Create Exception" workflow for both compliance controls and vulnerability matches, making it easier for users to create security exceptions directly from scan results. It adds a reusable CreateExceptionButton component, integrates it into compliance and vulnerability scan details, and provides comprehensive test coverage for the exception form. Additionally, the code improves type safety in several places.

Exception Management Integration:

  • Added a new CreateExceptionButton component (src/exceptions/CreateExceptionButton.tsx) that opens a dialog to create a security exception, prefilled with relevant workload or vulnerability information.
  • Integrated the CreateExceptionButton into the compliance scan details table, so users can create exceptions for failed controls that are not already excepted. [1] [2]
  • Added the CreateExceptionButton to each vulnerability match row in the vulnerabilities scan details, allowing exceptions to be created for specific CVEs. [1] [2] [3] [4]

Testing and Validation:

  • Added comprehensive tests for SecurityExceptionForm, covering form navigation, field validation, prefill functionality, and correct API submission for both namespaced and cluster-scoped exceptions.

Type Safety and Code Quality:

  • Improved type annotations for table cell renderers and event handlers in WorkloadScanDetails.tsx and WorkloadScanDetails.tsx (vulnerabilities), replacing any with explicit types for better type safety and maintainability. [1] [2] [3] [4]

Summary by CodeRabbit

  • New Features
    • Added “Exception” column with a Create Exception action for failed compliance controls in workload scans
    • Added “Exception” column and prefilled create-exception action for CVEs in vulnerability findings
    • New multi-step Security Exception form for creating posture or vulnerability exceptions (scope, type, metadata, review)

@coderabbitai

coderabbitai Bot commented May 29, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@AnvayKharb, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 45 minutes and 23 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2579f34a-4d1e-4e21-992a-ae0b3b3332a0

📥 Commits

Reviewing files that changed from the base of the PR and between 244090a and e70dacb.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (6)
  • src/compliance/WorkloadScanDetails.tsx
  • src/exceptions/CreateExceptionButton.tsx
  • src/exceptions/SecurityExceptionForm.test.tsx
  • src/exceptions/SecurityExceptionForm.tsx
  • src/softwarecomposition/SecurityException.ts
  • src/vulnerabilities/WorkloadScanDetails.tsx
📝 Walkthrough

Walkthrough

Adds a multi-step SecurityExceptionForm, a CreateExceptionButton dialog wrapper, tests, and integrates exception creation into compliance and vulnerability WorkloadScanDetails tables with prefilled context.

Changes

Security Exception Creation

Layer / File(s) Summary
SecurityExceptionForm: types, state, submit
src/exceptions/SecurityExceptionForm.tsx
Defines form types, step constants, state, validation, manifest construction, version-fallback POST, and the async submit handler recording created resources.
SecurityExceptionForm UI: steps and navigation
src/exceptions/SecurityExceptionForm.tsx
Renders the stepper and the four steps (Scope, Exception Type, Metadata, Review), validation messages, success/error alerts, and navigation controls.
SecurityExceptionForm test suite
src/exceptions/SecurityExceptionForm.test.tsx
Jest/RTL tests covering setup, step navigation, prefilling, validation gating, and submission for namespaced and cluster-scoped exceptions.
CreateExceptionButton: dialog wrapper
src/exceptions/CreateExceptionButton.tsx
IconButton+Tooltip that opens a dialog with SecurityExceptionForm, passes optional prefill props and defaultType, and supports disabled state and custom label.
Compliance: Exception column
src/compliance/WorkloadScanDetails.tsx
Imports CreateExceptionButton, tightens Status cell typing, and adds an Exception column that renders the button only for failed controls not already exempted, prefilled with control and workload info.
Vulnerabilities: Matches exception column
src/vulnerabilities/WorkloadScanDetails.tsx
Threads workload context into Matches, types handlers and cell renderers, changes Description renderer, and adds an Exception column rendering CreateExceptionButton prefilled with CVE and workload context.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I clicked a button, a dialog hopped bright,
Four steps to make an exception right,
Prefilled IDs from workload and scan,
A POST, a resource, then peace on the land.
Hooray—exceptions, stitched by rabbit might!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title 'feat: add guided SecurityException form' accurately describes the main change: introducing a new guided form component for creating security exceptions.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/exceptions/SecurityExceptionForm.tsx`:
- Around line 767-771: The Confirm and Create button can be clicked again after
success because isSubmitting becomes false and canContinue becomes true; modify
the continue gating to also check for createdResource so the form locks after a
successful submit. Update the logic that computes canContinue (or the render
condition around the Button in SecurityExceptionForm, referencing handleSubmit,
isSubmitting and canContinue) to return false when createdResource is
non-null/defined, and/or add a direct check when rendering the Button to disable
it if createdResource exists; ensure handleSubmit still sets createdResource on
success so the new guard prevents duplicate post requests.

In `@src/vulnerabilities/WorkloadScanDetails.tsx`:
- Around line 153-155: The external Link using target="_blank" in the
WorkloadScanDetails table cell (the Link component that renders
href={row.original.vulnerability.dataSource} and content from cell.getValue())
needs to include rel="noopener noreferrer" to prevent tabnabbing; update the
Link element to add rel="noopener noreferrer" alongside target="_blank" so the
link becomes secure while keeping the same href and displayed value.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c3d89261-01d9-438b-abc9-39d76e910928

📥 Commits

Reviewing files that changed from the base of the PR and between b52e6cd and 4b8ed3a.

📒 Files selected for processing (5)
  • src/compliance/WorkloadScanDetails.tsx
  • src/exceptions/CreateExceptionButton.tsx
  • src/exceptions/SecurityExceptionForm.test.tsx
  • src/exceptions/SecurityExceptionForm.tsx
  • src/vulnerabilities/WorkloadScanDetails.tsx

Comment thread src/exceptions/SecurityExceptionForm.tsx
Comment thread src/vulnerabilities/WorkloadScanDetails.tsx Outdated
@mgalesloot

Copy link
Copy Markdown
Collaborator

Thanks for the PR, the wizard is a nice feature.

Review:

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/exceptions/CreateExceptionButton.tsx`:
- Line 45: Update the dialog title text in CreateExceptionButton.tsx so it
matches the trigger tooltip/aria-label by changing the DialogTitle string from
"Create SecurityException" to "Create Security Exception"; verify the
DialogTitle component (and any related label/tooltip constants or props used in
the CreateExceptionButton component) uses the spaced wording for consistent UX
copy.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9c189b3f-d88d-4545-94d0-6ee717a0d88b

📥 Commits

Reviewing files that changed from the base of the PR and between 4b8ed3a and 244090a.

📒 Files selected for processing (4)
  • src/compliance/WorkloadScanDetails.tsx
  • src/exceptions/CreateExceptionButton.tsx
  • src/exceptions/SecurityExceptionForm.tsx
  • src/vulnerabilities/WorkloadScanDetails.tsx
🚧 Files skipped from review as they are similar to previous changes (3)
  • src/compliance/WorkloadScanDetails.tsx
  • src/vulnerabilities/WorkloadScanDetails.tsx
  • src/exceptions/SecurityExceptionForm.tsx

Comment thread src/exceptions/CreateExceptionButton.tsx Outdated
Signed-off-by: Anvay <anvaykharb007@gmail.com>
…ion fallback, reuse centralized types

Signed-off-by: Anvay <anvaykharb007@gmail.com>
…ard cluster, fix event typing, test theme & mocks

Signed-off-by: Anvay <anvaykharb007@gmail.com>
Signed-off-by: Anvay <anvaykharb007@gmail.com>
@AnvayKharb AnvayKharb force-pushed the feat/securityexception-guided-form branch from cc9bbee to e70dacb Compare May 31, 2026 08:18
@AnvayKharb

Copy link
Copy Markdown
Author

Hi @mgalesloot , thanks for the review! All points addressed in the latest commits icon button with tooltip, type inferred from context, API version fixed, types moved to central models file, and synced with PR #84. Let me know if anything else needs adjustment!

@mgalesloot

mgalesloot commented May 31, 2026

Copy link
Copy Markdown
Collaborator

This PR can still not be merged with #86. Both PRs are working on exceptions with CRDs instead of configmaps.

I will merge the other PR 86 to main to make it easier: please rebase this PR branch on main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Waiting on Author

Development

Successfully merging this pull request may close these issues.

3 participants