Feature/SBOM

backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/controller/FindingsByTeamController.java

@@ -46,6 +46,7 @@ public ResponseEntity<Page<TeamFindingsAndVulnsResponseDto>> getTeamFindings(@Re
             }
             return new ResponseEntity<>(findingsByTeamService.getCloudAndRepoFindingsAndVulns(remoteIdentifier, principal, pageable, filters), HttpStatus.OK);
         } catch (Exception e){
+            log.error("Error fetching findings for team remoteIdentifier={}: {}", remoteIdentifier, e.getMessage(), e);
             return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
         }
     }

backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java

@@ -162,13 +162,14 @@ public Page<TeamFindingsAndVulnsResponseDto> getCloudAndRepoFindingsAndVulns(Str
                 .flatMap(team -> findCloudSubscriptionService.getByTeam(team.getId(), principal).stream())
                 .collect(Collectors.toList());
 
-        String severity = filters.getOrDefault("severity", null);
-        String source = filters.getOrDefault("source", null);
-        String status = filters.getOrDefault("status", null);
-        String name = filters.getOrDefault("name", null);
-        if (name != null && name.isBlank()) {
-            name = null;
+        String severityStr = filters.getOrDefault("severity", null);
+        String sourceStr = filters.getOrDefault("source", null);
+        String statusStr = filters.getOrDefault("status", null);
+        String nameRaw = filters.getOrDefault("name", null);
+        if (nameRaw != null && nameRaw.isBlank()) {
+            nameRaw = null;
         }
+        String name = nameRaw != null ? nameRaw.toLowerCase() : null;
         String epssString = filters.getOrDefault("epss", null);
         BigDecimal epss = (epssString != null) ? new BigDecimal(epssString) : null;
         String kevStr = filters.getOrDefault("kev", null);
@@ -177,8 +178,16 @@ public Page<TeamFindingsAndVulnsResponseDto> getCloudAndRepoFindingsAndVulns(Str
         else if ("f".equalsIgnoreCase(kevStr) || "false".equalsIgnoreCase(kevStr)) kev = false;
         String urgencyFilter = filters.getOrDefault("urgency", null); // expected values: "urgent" | "notable"
 
-        Page<Finding> codeRepoFindingsPage = findingRepository.findByCodeReposPageable(codeRepos, pageable, severity, source, status, epss, kev, name);
-        Page<Finding> cloudSubscriptionFindingsPage = findingRepository.findByCloudSubscriptionsPageable(cloudSubscriptions, pageable, severity, source, status, epss, kev, name);
+        Finding.Severity severity = severityStr != null ? Finding.Severity.valueOf(severityStr.toUpperCase()) : null;
+        Finding.Source source = sourceStr != null ? Finding.Source.valueOf(sourceStr.toUpperCase()) : null;
+        Finding.Status status = statusStr != null ? Finding.Status.valueOf(statusStr.toUpperCase()) : null;
+
+        Page<Finding> codeRepoFindingsPage = codeRepos.isEmpty()
+                ? Page.empty(pageable)
+                : findingRepository.findByCodeReposPageable(codeRepos, pageable, severity, source, status, epss, kev, name);
+        Page<Finding> cloudSubscriptionFindingsPage = cloudSubscriptions.isEmpty()
+                ? Page.empty(pageable)
+                : findingRepository.findByCloudSubscriptionsPageable(cloudSubscriptions, pageable, severity, source, status, epss, kev, name);
 
         List<Finding> combinedFindings = Stream.concat(
                 codeRepoFindingsPage.getContent().stream(),

backend/src/main/java/io/mixeway/mixewayflowapi/db/repository/FindingRepository.java

@@ -108,25 +108,25 @@ List<Finding> findByCodeRepoAndVulnerabilityNameAndBranchAndLocation(
            "JOIN f.codeRepo cr " +
            "JOIN f.codeRepoBranch b " +
            "WHERE f.codeRepo IN :codeRepos " +
-           "AND (COALESCE(:severity, f.severity) = f.severity) " +
-           "AND (COALESCE(:source, f.source) = f.source) " +
-           "AND (COALESCE(:status, f.status) = f.status) " +
-           "AND (:epss IS NULL OR v.epss >= :epss)" +
-           "AND (COALESCE(:kev, v.exploitExists) = v.exploitExists)" +
-           "AND (:name IS NULL OR LOWER(v.name) LIKE LOWER(CONCAT('%', :name, '%')))" +
+           "AND (:severity IS NULL OR f.severity = :severity) " +
+           "AND (:source IS NULL OR f.source = :source) " +
+           "AND (:status IS NULL OR f.status = :status) " +
+           "AND (:epss IS NULL OR v.epss >= :epss) " +
+           "AND (:kev IS NULL OR v.exploitExists = :kev) " +
+           "AND (:name IS NULL OR LOWER(v.name) = :name) " +
            "AND b = cr.defaultBranch")
-    Page<Finding> findByCodeReposPageable(@Param("codeRepos") List<CodeRepo> codeRepos, Pageable pageable,  @Param("severity") String severity, @Param("source") String source, @Param("status") String status, @Param("epss") BigDecimal epss,  @Param("kev")  Boolean exploitExists, @Param("name") String name);
+    Page<Finding> findByCodeReposPageable(@Param("codeRepos") List<CodeRepo> codeRepos, Pageable pageable, @Param("severity") Finding.Severity severity, @Param("source") Finding.Source source, @Param("status") Finding.Status status, @Param("epss") BigDecimal epss, @Param("kev") Boolean exploitExists, @Param("name") String name);
 
     @Query("SELECT f FROM Finding f " +
            "JOIN f.vulnerability v " +
            "WHERE f.cloudSubscription IN :cloudSubscriptions " +
-           "AND (COALESCE(:severity, f.severity) = f.severity) " +
-           "AND (COALESCE(:source, f.source) = f.source) " +
-           "AND (COALESCE(:status, f.status) = f.status) " +
-           "AND (:epss IS NULL OR v.epss >= :epss)" +
-           "AND (COALESCE(:kev, v.exploitExists) = v.exploitExists)" +
-           "AND (:name IS NULL OR LOWER(v.name) LIKE LOWER(CONCAT('%', :name, '%')))")
-    Page<Finding> findByCloudSubscriptionsPageable(@Param("cloudSubscriptions") List<CloudSubscription> cloudSubscriptions, Pageable pageable, @Param("severity") String severity, @Param("source") String source, @Param("status") String status, @Param("epss") BigDecimal epss,  @Param("kev")  Boolean exploitExists, @Param("name") String name);
+           "AND (:severity IS NULL OR f.severity = :severity) " +
+           "AND (:source IS NULL OR f.source = :source) " +
+           "AND (:status IS NULL OR f.status = :status) " +
+           "AND (:epss IS NULL OR v.epss >= :epss) " +
+           "AND (:kev IS NULL OR v.exploitExists = :kev) " +
+           "AND (:name IS NULL OR LOWER(v.name) = :name)")
+    Page<Finding> findByCloudSubscriptionsPageable(@Param("cloudSubscriptions") List<CloudSubscription> cloudSubscriptions, Pageable pageable, @Param("severity") Finding.Severity severity, @Param("source") Finding.Source source, @Param("status") Finding.Status status, @Param("epss") BigDecimal epss, @Param("kev") Boolean exploitExists, @Param("name") String name);
 
     List<Finding> findAllByCodeRepoAndVulnerabilityAndLocation(CodeRepo repo,
                                                                Vulnerability vuln,

backend/src/main/java/io/mixeway/mixewayflowapi/integrations/repo/apiclient/GitLabApiClientService.java

@@ -37,7 +37,6 @@ public Flux<ImportCodeRepoResponseDto> fetchAllProjects(String repoUrl, String a
         // Build the initial URI for the first page of results.
         String initialUri = UriComponentsBuilder.fromHttpUrl(repoUrl)
                 .path(PROJECTS_API_PATH)
-                .queryParam("membership", "true")
                 .queryParam("per_page", 100)
                 .toUriString();