Collections, Hierarchy, Parent-Child-Relationship - No reverse lookup possible by WebUI

[BoaThor]

Current Behavior

There is - to my best knowledge - currently no way to tell the root parent project of a child project without any further measures like tagging or custom properties.

(I personally see this as a defect, since it breaks a the link between a project and a vulnerability.)

Use Case: You have hundreds of projects - and you need to find out to which project a newly reported/identified vulnerability is belonging.

Typical situation:
Your project´s structure:
-project 1
|->dev-release
--|->component a
--|->component b
|->qa-release
--|->component a
--|->component b
|->prod-release
--|->component a
--|->component b
-project 2
|->dev-release
--|->component a
--|->component b
|->qa-release
--|->component a
--|->component b
|->prod-release
--|->component a
--|->component b
Your report: CVE-1234-12345 in "component a"

Conclusion: Not very helpful. - The problem would be identical if multiply objects would have other logic e.g., cake machine -> interface -> webserver, chocolate machine -> interface -> webserver etc. etc. - The search function "Portfolio->Projects" will also not be very helpful here.

User Experience:
Go to "vulnerability audit" - see "project name" - click on a project known as "child project".
The vulnerability report for the affected component is presented. No information in regard of the hierarchy or parent project is to be found in the report.

In the "Components Details" you find a field "Parent" - that presents the direct parent project but not the root level project. In the examples above it could point to e.g., "qa-release" or "prod-release".

Only ways of finding affected components by GUI is

• to manually identify the relationship by looking through the entire portfolio of all projects.
• adding and maintaining tags of all projects in regards of their dependencies
• adding and maintaining properties manually for each project

Proposed Behavior

Request:
Add the root parent project (linked) to the report´s page - if the project is no root project itself.
Display the complete hierarchy / path of the affected object - if the project is no root project itself.
Add a column "root parent project" to the "vulnerability audit" table.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[BoaThor]

Problem is similar to Status: #1331 but related to the vulnerability audit table

[BoaThor]

Another similar request is #1289 but with another solution and not fully demonstrating the issue that the current situation creates.