Skip to content

fix: add filter to show packages with license violations but no vulnerabilities#2919

Open
summerpan688 wants to merge 5 commits into
google:mainfrom
summerpan688:fix/1643-license-violation-filter
Open

fix: add filter to show packages with license violations but no vulnerabilities#2919
summerpan688 wants to merge 5 commits into
google:mainfrom
summerpan688:fix/1643-license-violation-filter

Conversation

@summerpan688

@summerpan688 summerpan688 commented Jul 8, 2026

Copy link
Copy Markdown

Fixes #1643

Summary

Packages with license violations but no vulnerabilities were always
hidden in the HTML report, since the filtering logic only checked
.vuln-tr rows. This adds a "Show license violations without
vulnerabilities" filter checkbox (default: off) that reveals these
packages on request.
image

Also fixed two related issues surfaced during testing:

  • Packages with zero vulnerabilities were mislabeled "Filtered out"
    (a label meant for packages whose vulns were filtered by call
    analysis) — now shows "No known vulnerabilities" instead.
image
  • Clicking into these packages' details previously showed an empty
    vuln table — now shows a placeholder message instead.
image

Design discussion

See discussion in the issue comment
"Show all packages“ vs. the more scoped "Show license violations without vulnerabilities"
(happy to adjust based on feedback)

summerpan688 and others added 3 commits July 5, 2026 22:00
Fixes google#1643. Packages with license violations but no vulnerabilities were always hidden by showAndHideParentSections(), which only checked .vuln-tr rows. This adds a "Show license violations without vulnerabilities" checkbox that reveals these packages on demand, defaulting to off so existing report behavior is unchanged.
…ties

Previously, clicking into a package with zero vulnerabilities (e.g.
one with only a license violation) showed an empty vuln table, since
vuln_table_template.gohtml renders a table with headers regardless of
whether RegularVulns/HiddenVulns actually contain any entries. This
now shows "No known vulnerabilities for this package." instead,
reusing the existing .package-detail-title style.
@google-cla

google-cla Bot commented Jul 8, 2026

Copy link
Copy Markdown

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@summerpan688 summerpan688 changed the title Fix/1643 Add filter to show packages with license violations but no vulnerabilities fix: add filter to show packages with license violations but no vulnerabilities Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add a "Show all packages" filter to the HTML output

1 participant