trustification · vobratil · Jan 13, 2025 · Jan 15, 2025 · Jan 16, 2025 · Jan 17, 2025
diff --git a/tests/features/advisory-explorer.feature b/tests/features/advisory-explorer.feature
@@ -0,0 +1,80 @@
+Feature: Advisory Explorer
+    As a Developer or a Devsecops Engineer
+    I want to be able to display all available information about a single advisory - metadata and related vulnerabilites
+
+Background:
+    Given User is using an instance of the TPA Application
+    And User has successfully uploaded an SBOM
+    And User has successfully uploaded a vulnerability dataset
+    And User has successfully uploaded an advisory dataset
+
+# Advisory Explorer
+Scenario: Navigating to the Advisory Explorer page by selecting it from the list of all advisories
+    Given User is on the Home page
+    When User clicks on the Search button in the menu
+    And User selects the Advisories tab
+    And User selects an advisory from the list
+    Then The Advisory Explorer page should display
+
+Scenario: Navigating to the Advisory Explorer page by searching for it in the search bar
+    Given User is on the Home page
+    When User clicks on the Search textbox
+    And User enters the ID of an advisory
+    And User searches for the advisory
+    And User selects the advisory returned by the search
+    Then The Advisory Explorer page should display
+
+Scenario: Navigating to the Advisory Explorer page by filtering advisories in the list of all advisories
+    Given User is on the Home page
+    When User clicks on the Search button in the menu
+    And User selects the Advisories tab
+    And User selects a filter
+    And User selects an advisory returned by the filter
+    Then The Advisory Explorer page should display
+
+Scenario: Display an overview of an advisory
+    Given User is on the Home page
+    When User navigates to a Advisory Explorer page
+    Then The ID and description of the advisory should be visible
+    And "Show more" button should be visible for advisories with a long title
+    And Download button should be visible
+
+Scenario: Download an advisory from the Advisory Explorer page
+    Given User is on the Home page
+    When User navigates to the Advisory Explorer page
+    And User clicks the Download button
+    Then The advisory should download as a JSON file
+
+# Advisory Overview
+Scenario: Display detailed information about a single advisory
+    Given User is on the Home page
+    When User navigates to the Advisory Explorer page
+    Then The Overview, Publisher, Tracking, References and Product Info panels should display
+    And The Product Info panel should display a list of impacted products
+    And The Product Info panel items should be collapsable
+
+# Advisory Notes
+Scenario: Display notes about a single advisory
+    Given User is on the Home page
+    When User navigates to the Advisory Explorer page
+    And User navigates to the Notes tab on the Advisory Overview page
+    Then All notes on an advisory should display
+
+# Advisory Vulnerabilities
+Scenario: Display vulnerabilities tied to a single advisory
+    Given User is on the Home page
+    When User navigates to the Advisory Explorer page
+    And User navigates to the Vulnerabilites tab on the Advisory Overview page
+    Then A list of all active vulnerabilites tied to the advisory should display
+    And The ID, Title, Discovery, Release, Score and CWE information should be visible for each vulnerability
+    And The vulnerabilities should be sorted by ID by default
+    And Each vulnerability should be expandable
+
+Scenario: Display detailed information about a single vulnerability tied to a single advisory
+    Given User is on the Home page
+    When User navigates to the Advisory Explorer page
+    And User navigates to the Vulnerabilites tab on the Advisory Overview page
+    And User expands the row of a selected vulnerability
+    Then A list of all affected products, separated by status, should display
+    And Each product should display a link to a remediation
+    And All notes on a vulnerability should be displayed underneath the list of products
diff --git a/tests/features/vulnerability-explorer.feature b/tests/features/vulnerability-explorer.feature
@@ -0,0 +1,71 @@
+Feature: Vulnerability Explorer
+    As a Developer or a Devsecops Engineer
+    I want to be able to display all available information about a vulnerability - metadata, related products and advisories
+
+Background:
+    Given User is using an instance of the TPA Application
+    And User has successfully uploaded an SBOM
+    And User has successfully uploaded a vulnerability dataset
+    And User has successfully uploaded an advisory dataset
+
+# Vulnerabilities Explorer
+Scenario: Navigating to the Vulnerability Explorer page by selecting it from the list of all vulnerabilities
+    Given User is on the Home page
+    When User clicks on the Search button in the menu
+    And User selects the Vulnerabilities tab
+    And User selects an Vulnerability from the list
+    Then The Vulnerability Explorer page should display
+
+Scenario: Navigating to the Vulnerability Explorer page by searching for it in the search bar
+    Given User is on the Home page
+    When User clicks on the Search textbox
+    And User enters an ID of a Vulnerability
+    And User searches for the Vulnerability
+    And User selects the Vulnerability returned by the search
+    Then The Vulnerability Explorer page should display
+
+Scenario: Navigating to the Vulnerability Explorer page by filtering vulnerabilities in the list of all vulnerabilities
+    Given User is on the Home page
+    When User clicks on the Search button in the menu
+    And User selects the Vulnerabilities tab
+    And User selects a filter
+    And User selects an Vulnerability returned by the filter
+    Then The Vulnerability Explorer page should display
+
+Scenario: Display an overview of a vulnerability
+    Given User is on the Home page
+    When User navigates to the Vulnerabilities Explorer page
+    Then CVE name, CVSS score and CVE description should be visible
+    And "Show more" button is visible for vulnerabilities with a long descriptions
+    And Vulnerability metadata Reserved, Last Published Date and Last Modified should be visible
+    And Download button should be visible
+
+Scenario: Download a vulnerability CVE from the Vulnerability Explorer page
+    Given User is on the Home page
+    When User navigates to the Vulnerabilities Explorer page
+    And User clicks the Download button
+    Then The vulnerability CVE should download as a JSON file
+
+# Vulnerability-related Products
+Scenario: Display a list of products related to a single vulnerability
+    Given User is on the Home page
+    When User navigates to the Vulnerabilities Explorer page
+    And User clicks on the Related Products tab
+    Then The Name, Version, Status, Dependencies, Supplier and Created On data is visible for each product
+    And The name of each product should be a link to the overview of a corresponding SBOM Overview page
+    And The dependencies column should be expandable
+
+Scenario: Display a list of dependencies of a product related to a single vulnerability
+    Given User is on the Home page
+    When User navigates to the Vulnerabilities Explorer page
+    And User clicks on the Related Products tab
+    And User clicks on the Dependencies column of a product
+    Then The Type, Namespace, Name, Version, Path, Qualifiers and Dependency tree position data should display for each dependency
+
+# Vulnerability-related Advisories
+Scenario: Display advisories tied to a single vulnerability
+    Given User is on the Home page
+    When User navigates to the Vulnerabilities Explorer page
+    And User clicks on the Related Advisories tab
+    Then The ID, Title, Aggregated severity, Revision and Vulnerabilities data should display for each advisory tied to the vulnerability
+    And The ID should be a link a corresponding Advisory Overview page