Bars on projects dashboard are highly misleading (each scaled to 100%) #1332
Description
Current Behavior
Here's a screenshot of our DependencyTrack's Projects dashboard (we're just getting started on cleaning up things, so the numbers are relatively high at the moment):
Notice that the bars in the Policy Violations and Vulnerabilities columns are not helpful at all!
See Policy Violations in projects 2, 3, and 4: Project 3 has just roughly 1/10th of the failures of project 2 (102 vs. 986), but the red bars are almost equally wide. Similarly, project 3 has just 50% more failures compared to project 4 (102 vs. 68), but the red bar is way wider than that.
The effect is even more extreme in the Vulnerabilities column: Project 4 has way more critical, high, and medium vulnerabilities than the other three projects together, but just looking at the bar charts it seems to be vice versa.
When there are colorful charts in a tool like DependencyTrack, people focus on them and consequently on stuff that looks bad per the charts. Since these bar charts are misleading due to their scaling, they are giving a wrong impression on the state of affairs, and cause unnecessary talks and debates.
Please change the scaling of the bar charts to be relative to the sibling with the highest count (i.e. per level). For example, in the screenshot above, the Policy Violations of project 2 should be 100% wide and those of the other projects narrower. Vulnerabilities of project 4 should take 100% with the other bars much narrower (at most roughly 10%!).
Also, it might make sense to put the numbers next to the bars, such that they do not get clipped. In the screenshot above, project 2 has 32 Policy Violation warnings, but the number is illegible. Same for the 6 critical Vulnerabilities of project 4.
Steps to Reproduce
Uff, tough one to fill in here 😆
- Starting from an empty DependencyTrack instance, upload a few different SBOMs. But probably you already have some instance that you can just navigate to.
- Navigate to the Projects dashboard (
/projects). - Check the scaling of the bar charts in the Policy Violations and Vulnerability columns. Each bar chart uses 100% of the column's width, irrespective of the total number of violations and vulnerabilities of the respective project.
Expected Behavior
On the top level, there should only be one bar chart per column that spans to 100% column width, the other bar charts should scale relatively to that one.
This logic should apply per level, i.e. for children of a node in a project tree, there should be exactly one child that spans to 100% and its siblings should be narrower. This ensures the visualization to stay relevant even for projects that only have a fraction of the "global maximum" count.
Dependency-Track Frontend Version
4.13.0
Browser
Microsoft Edge
Browser Version
No response
Operating System
Windows
Checklist
- I have read and understand the contributing guidelines
- I have checked the existing issues for whether this defect was already reported