Conversation
The Create Finding form's Framework dropdown greyed out PCI DSS, HIPAA, GDPR, ISO 9001, and ISO 42001 even when the org subscribed to them (reported on org_69d943ca3fbbf2c473e97b0a, blocked from logging ISO 42001 findings in-app). Root cause: the disabled state was gated by a hardcoded frontend `FINDING_TYPE_LABELS` constant that only listed SOC 2 and ISO 27001, and the Prisma `FindingType` enum / API DTO only accepted those two values — so no org could log a finding against any other framework regardless of subscription. Changes: - DB: extend `FindingType` enum with `pci_dss`, `hipaa`, `gdpr`, `iso9001`, `iso42001` (additive `ALTER TYPE ... ADD VALUE` migration) - API: extend DTO validator, audit / notifier label maps, and the framework-name → finding-type mapping in `frameworks-timeline.helper` - DTO uses `@IsIn([...])` instead of `@IsEnum(FindingType)` to match the workaround already applied to `area` (decorator-eval enum capture) - Frontend: extend `FINDING_TYPE_LABELS`; extract a pure `extractOrgFrameworkTypes` helper that maps framework names to `FindingType` (tolerates versioned variants like `ISO/IEC 27001:2022`) - `CreateFindingSheet` now gates options on the org's actual enabled frameworks instead of the hardcoded label set, and auto-corrects the default `type` when the org doesn't subscribe to SOC 2 - Tests: 11 new vitest cases covering loading, empty, all 7 frameworks, ISO 27001/9001/42001 ambiguity, versioned variants, custom frameworks, and the reported bug; existing jest mocks extended Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
fix(findings): allow logging against all enabled frameworks
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
🎉 This PR is included in version 3.64.2 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Enable logging findings against all supported frameworks (SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, ISO 9001, ISO 42001). Fix the Create Finding form so it only allows frameworks the org has enabled and selects a valid default.
Bug Fixes
FindingTypewithpci_dss,hipaa,gdpr,iso9001,iso42001.@IsIn([...]); add labels in audit/notifier; update framework→type mapping.FINDING_TYPE_LABELS; addextractOrgFrameworkTypesto gate and default the Framework field; add tests covering all frameworks and the ISO 42001 case.Migration
prisma migrate deploy(orprisma migrate dev) and thenprisma generate.Written for commit 188bb70. Summary will update on new commits. Review in cubic