Merge branch 'stackable' of https://github.com/stackabletech/SecObserve into stackable

dervoeti · dervoeti · commit d772667a10d1 · 2026-03-13T13:21:08.000+01:00
diff --git a/backend/application/core/api/serializers_observation.py b/backend/application/core/api/serializers_observation.py
@@ -275,7 +275,10 @@ def _create_azure_devops_url(observation: Observation, origin_source_file_url: s
 
 def _create_common_url(observation: Observation, origin_source_file_url: str) -> str:
     if observation.branch:
-        origin_source_file_url += f"/{observation.branch.name}"
+        if "$BRANCH_NAME" in origin_source_file_url:
+            origin_source_file_url = origin_source_file_url.replace("$BRANCH_NAME", observation.branch.name)
+        else:
+            origin_source_file_url += f"/{observation.branch.name}"
     origin_source_file_url += f"/{observation.origin_source_file}"
     if observation.origin_source_line_start:
         origin_source_file_url += "#L" + str(observation.origin_source_line_start)
diff --git a/backend/application/import_observations/services/import_observations.py b/backend/application/import_observations/services/import_observations.py
@@ -313,10 +313,13 @@ def _process_data(import_parameters: ImportParameters, settings: Settings) -> Tu
             else:
                 observation_found = (
                     Observation.objects.filter(
+                        product=imported_observation.product,
                         title=imported_observation.title,
                         branch=import_parameters.branch,
                         origin_component_name=imported_observation.origin_component_name,
                         origin_component_version=imported_observation.origin_component_version,
+                        origin_cloud_qualified_resource=imported_observation.origin_cloud_qualified_resource,
+                        origin_kubernetes_qualified_resource=imported_observation.origin_kubernetes_qualified_resource,
                     )
                     .exclude(scanner=imported_observation.scanner)
                     .exists()
@@ -328,7 +331,9 @@ def _process_data(import_parameters: ImportParameters, settings: Settings) -> Tu
                         f"{imported_observation.title} - {imported_observation.origin_component_name} - "
                         f"{imported_observation.origin_component_version} - {imported_observation.scanner}"
                         f"{imported_observation.origin_docker_image_name} - "
-                        f"{imported_observation.origin_docker_image_tag}"
+                        f"{imported_observation.origin_docker_image_tag} - "
+                        f"{imported_observation.origin_cloud_qualified_resource} - "
+                        f"{imported_observation.origin_kubernetes_qualified_resource}"
                     )
                 else:
                     _process_new_observation(imported_observation, settings)
diff --git a/backend/application/rules/services/rule_engine.py b/backend/application/rules/services/rule_engine.py
@@ -160,6 +160,8 @@ def check_rule_for_observation(
             or observation_before.current_severity != observation.current_severity
             or observation_before.rule_vex_justification != observation.rule_vex_justification
             or observation_before.current_vex_justification != observation.current_vex_justification
+            or observation_before.rule_vex_remediations != observation.rule_vex_remediations
+            or observation_before.current_vex_remediations != observation.current_vex_remediations
             or observation_before.general_rule != observation.general_rule
             or observation_before.product_rule != observation.product_rule
         ):
@@ -240,6 +242,10 @@ def _check_rule_fields(
                 observation.rule_vex_justification = rule.new_vex_justification
                 observation.current_vex_justification = get_current_vex_justification(observation)
 
+            if rule.new_vex_remediations:
+                observation.rule_vex_remediations = rule.new_vex_remediations
+                observation.current_vex_remediations = get_current_vex_remediations(observation)
+
             if observation.current_status == Status.STATUS_RISK_ACCEPTED:
                 if observation_before.current_status != Status.STATUS_RISK_ACCEPTED:
                     observation.risk_acceptance_expiry_date = calculate_risk_acceptance_expiry_date(observation.product)
@@ -344,7 +350,7 @@ def _write_observation_log(
         else ""
     )
     vex_remediations = (
-        observation.current_vex_remediations or ""
+        observation.current_vex_remediations
         if observation_before.current_vex_remediations != observation.current_vex_remediations
         else ""
     )
diff --git a/frontend/src/metrics/MetricsStatusCurrent.tsx b/frontend/src/metrics/MetricsStatusCurrent.tsx
@@ -39,7 +39,6 @@ const MetricsStatusCurrent = (props: MetricsStatusCurrentProps) => {
             OBSERVATION_STATUS_NOT_AFFECTED,
             OBSERVATION_STATUS_NOT_SECURITY,
             OBSERVATION_STATUS_RISK_ACCEPTED,
-            OBSERVATION_STATUS_AFFECTED,
         ],
         datasets: [
             {
@@ -86,7 +85,6 @@ const MetricsStatusCurrent = (props: MetricsStatusCurrentProps) => {
                     result.json.not_affected,
                     result.json.not_security,
                     result.json.risk_accepted,
-                    result.json.affected,
                 ];
                 setData((data) => data.concat(new_data));
             })
