Vulnerability Audit: Filter Using Audit Trail Timestamps

[msymons]

Current Behavior

The Vulnerability Audit screen is a useful tool that will usually (or hopefully) lead to a lot of additional audit decisions being made. After a while you might have hundreds (or thousands) of audit decisions recorded in Dependency-Track.

Good practice will include reviewing decisions. However, there is no functionality that allows filteringAd by audit timestamps. eg

• I want to check every new audit (eg, added in last week)"
• How many vulnerabilities have been "In Triage" for more than 30 days?

Proposed Behavior

Add support for filtering by Audit Timestamps.

Note that the audit trail will include multiple timestamps. eg:

mark.symons - 13 Jan 2023 at 02:09:35
Analysis: NOT_SET → IN_TRIAGE

mark.symons - 22 Jun 2024 at 21:57:14
This has been in triage for too long

The comment timestamp should not "break" filtering for vulnerabilities based on analysis state.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[nscuro]

This one will need a bit more thought since we don't store the modification timestamp on a per-field basis. The only thing with timestamps are comments (i.e. entries in the audit trail). But those are unstructured text, so it's not necessarily easy to programmatically determine what was done.