Vulnerability Audit Grouped View: Affected Projects count includes surpressed vulnerabilities #4507
Description
Current Behavior
For some vulnerabilities it shows affectedProjects == 1 in Vulnerability Audit Grouped view.
But in reality the affected project count is zero. When clikcing on the VulnID and going to the Vulnerability page it shows affectedProjects==0, which is correct.
Steps to Reproduce
Look for vulnerability that affects at least 2 projects.
Observe in Vulnerability Audit View Grouped it shows 2 affected projects.
Surpress the vulnerability for 1 project
Observe in Vulnerability Audit View Grouped it still shows 2 affected projects.
Observe that on the Vulnerability details page it shows 1 affected projects.
Expected Behavior
Affected projects should only count non-surpressed vulnerabilities?
Alternatively add a filter option to let the user decide.
Dependency-Track Version
4.12.2
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist
- I have read and understand the contributing guidelines
- I have checked the existing issues for whether this defect was already reported