Current Behavior:

DT v4.1 introduced support for vulnerabilities in policy violations. In DT 4.3.1, the"Overview" tab for individual projects does not include Security Risk in the Policy Violations Breakdown chart:

This screenshot was taken from a project with 0 licence violations and 0 operational violations (ie, stats are correct) but which does have 2 security policy violations.

Steps to Reproduce:

• Create a security policy such as subject == SEVERITY && value IS MEDIUM (or whatever can guarantee at least one violation)
• For purpose of demonstration there is no need to restrict the policy to a particular project... although this can be done in order to reduce "noise".
• Navigate to a project that will be in violation of this policy
• The Policy Violations tab on the project page will list violations of type "security". Count them.
• The Overview tab on the project page displays a Policy Violations chart, broken down by Classification. Observe that there is no info on security violations.

Expected Behavior:

The Policy Violations by Classification Chart should include "security risk" and the number should match what you counted on the Policy Violations tab.

Environment:

• Dependency-Track Version: 4.3.1
• Client Browser: Firefox 90.0
• Client O/S: Windows 10.

Additional Details:

I am guessing that the problem relates to the code in ChartPolicyViolationBreakdown.vue that is commented out and marked TODO.