[VW-79] Show Helm SBOMs in UI

[timrcm]

• Show a link to SBOM when sbomUrl (and thus HelmSbomId) is populated.

Summary by CodeRabbit

• New Features
  • Added conditional SBOM (Software Bill of Materials) links in asset details, asset drawer, and device artifact panels. When available for a device group, a "View SBOM" external link appears and opens in a new tab with safe link attributes.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
viper	Ready	Preview, Comment	Mar 19, 2026 5:18pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
viper-demo	Ignored		Mar 19, 2026 5:18pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d943711e-fef0-4f56-817d-e983e0467578

📥 Commits

Reviewing files that changed from the base of the PR and between c5bc035 and 5d17bf9.

📒 Files selected for processing (1)

• src/lib/db.ts

✅ Files skipped from review due to trivial changes (1)

• src/lib/db.ts

---

📝 Walkthrough

Walkthrough

Adds conditional SBOM external links to asset and device-artifact UI components and includes sbomUrl in Prisma payload types so the device group's SBOM URL is selectable.

Changes

Cohort / File(s)	Summary
Asset UI components src/features/assets/components/asset-drawer.tsx, src/features/assets/components/asset.tsx, src/features/assets/components/assets.tsx	Added conditional "SBOM" entries to Device Information sections that render an external link labeled "View SBOM" pointing to asset.deviceGroup.sbomUrl when present (target="_blank", rel="noopener noreferrer") with ExternalLinkIcon.
Device Artifact UI src/features/device-artifacts/components/device-artifacts.tsx	Imported ExternalLinkIcon and added a conditional "SBOM" section under Associated Device Group that shows a styled external "View SBOM" link when deviceArtifact.deviceGroup.sbomUrl is truthy (includes break-all handling).
Database types src/lib/db.ts	Extended Prisma payload selection for AssetWithIssues and AssetWithDeviceGroup to include deviceGroup.sbomUrl: true so SBOM URL is available to the UI.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• table fixes #37 — Modifies asset drawer / assets UI, overlaps with changes to asset-related components and UI structure.

Suggested reviewers

• trummelhadron
• 0xcad

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'VW-79 Show Helm SBOMs in UI' accurately describes the main change: adding UI functionality to display SBOM links when sbomUrl is available across multiple asset-related components.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch vw79-fetch-sbom-frontend

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can suggest fixes for GitHub Check annotations.

Configure the reviews.tools.github-checks setting to adjust the time to wait for GitHub Checks to complete.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/features/assets/components/assets.tsx`:
- Around line 413-419: Update the Prisma payload types so deviceGroup includes
helmSbomId: modify the AssetWithIssues and AssetWithDeviceGroup type definitions
to add helmSbomId: true inside the deviceGroup.select object (so
deviceGroup.select contains id, cpe, and helmSbomId) because the computed
sbomUrl field requires helmSbomId to be selected for asset.deviceGroup.sbomUrl
to be available.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ba0fb0fc-8fbb-46e1-8325-193ae509c5b9

📥 Commits

Reviewing files that changed from the base of the PR and between 9a1c29f and c5bc035.

📒 Files selected for processing (4)

• src/features/assets/components/asset-drawer.tsx
• src/features/assets/components/asset.tsx
• src/features/assets/components/assets.tsx
• src/features/device-artifacts/components/device-artifacts.tsx