Hi, I'm kyle from the security rex team and today I'm reviewing and very early UI design, ideation, so sort of like a fly by quick iteration on this issue, showing the dependency past path on the dependency list and vulnerabilities so really quickly. The ux problem here is currently the dependency list is a flat list of dependencies based on the LOC file. So when a user is looking into a vulnerability detected like we see here, some vulnerability is detected with this dependency.

They can't easily make sense of the transient or in direct dependencies related to this one and see how it relates to those dependencies explicitly so understanding. This path is helpful to the remediation process of a certain dependency when it may be out of date or has a vulnerability in this design. Ayesha n--. The dependency path is shown here right by the lock file and location column.

So the ux upside here is that it's visible in space on the table row versus having the user jump into the lock file and try to figure out the path or and and again the other upside, is that it's just visible right here. In the row, without having to expand and collapse, they can immediately see that path for longer paths.

We could have a truncation in the middle in the middle to make sure the dependency at the top are sort of highest on the path is shown here so like in this example, swell is shown at the top, and then the full path could be shown in a popover upon hover, okay, so going back to our current state here, the vulnerabilities just just kind of as a final note, thats related to this. Just a bit of background, though the vulnerabilities on the dependency list are not currently anchored to more information.

As you might see like on the merge request, you can click to open the Moodle for more information about the dependency or and the vulnerability list which you can now click to go to the object page. There is a separate issue, that's addressing this and when that's complete, the vulnerabilities displayed will be anchored to the object page, and so how that's related to this issue is on this object. Page is another place where we could make that dependency path, explicit as well. Okay, so a link to the issue in the comments.

If you have any thoughts, please let us know. Thank you so much.