Add CycloneDX and SBOM reports back to the Reports page
#2057
Comments
That's exactly the debatable point. Actually, my goal would be to get rid of the reports page completely, and display whatever report may be get generated in a more suitable place. The main reason for this is that ORT's reports server very diffident purposes. So instead of cramming everything into a report page just because it was created by the reporter, I'd rather group reports by their purpose and / or target audience. Also, with SBOM being such a buzzword now, to me it makes sense to make them stand out prominently and guide the user where to find and download them from the menu, instead of "burying" them in a list of other reports. To sum up, I think SBOMs should stay at an "SBOMs" menu in the "Compliance" section. Another entry could be "Attributions" for NOTICE files etc. More technical reports that are not meant for distribution, like the WebApp and Static HTML report, could actually go to the "Technical" section. Finally, there probably are a bunch of reports that are not usually needed, but that we'd still like to offer for download, but on demand. For these, I imagine an "Export" section that creates there reports on the fly, instead of creating everything "just in case" beforehand. This goes a bit into the direction of a more event-driven working paradigm, instead of the still very sequential job runs that we currently have. |
I agree with and like this approach! However, since the |
As one is probably not much more implementation effort than the other, I'd rather go the opposite direction and quickly agree on
|
Did you mean "NOT be able"? The reporter step could be skipped, so the UI should be prepared for the SBOMs not being available.
Keep in mind that for custom templates we cannot know the type of the report, so some "catch all" section would be required. At least as long as report types are not a feature of ORT itself so that template authors could set a type somehow. |
Yes, I'll correct it in the original post.
This is yet another thing to discuss. As said multiple times, I'd like to move away from this step-based mental model. Esp. the reporter step could be removed completely, in the sense that it is not visible to user and cannot be disabled, and some reports could always be generated, others only on demand (the "Export" functionality).
True. We could call these "Custom reports" or so.
Hmm, interesting idea. A report type could become a report plugin property... |
|
I see, that the UI should not be redundant, since it will have a lot of options in the menu probably soon. I still would like a page where I can easily find all generated reports. So here I do not agree with @bs-ondem, that we can get rid of that overview later.
And if we would have such an overview, I would also like it to contain the information, which reports were enabled in the reporter. Of course, one can always look this up in the run configuration, but I would find it convenient to have this information right where I am looking for the report. |
|
We've discussed this in-person with @hanna-modica and @mnonnenmacher at FOSS Backstage. The agreed plan is to introduce a "Reports" menu group with (for now) just "SBOMs" and "Other" sub-menu items, and use the current SBOM page as-is for the respective sub-menu, and put all other reports under "Other". Perspectively, we'd like to introduce dedicated report types to ORT's reporter tool, so we can automatically use more fine-grained grouping than just "Other". |
After the introduction of the
SBOMpage, the CycloneDX and SBOM reports were removed from theReportspage. This can be misleading, as theReportspage is intended to contain all downloadable reports. Removing these reports from the page creates confusion about where users can access them.The text was updated successfully, but these errors were encountered: