Improve error details and handle proxy connection errors

.github/workflows/security-audit.yml

@@ -0,0 +1,62 @@
+name: Security Audit
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  schedule:
+    # Every day at 9:00 UTC
+    - cron: "0 9 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run Trivy filesystem scan
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          scan-type: fs
+          scan-ref: .
+          format: sarif
+          output: trivy-fs-results.sarif
+
+      - name: Upload Trivy filesystem results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: trivy-fs-results.sarif
+          category: dependency-scan
+
+  docker-image-audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Pull latest image from ECR Public
+        run: docker pull public.ecr.aws/neptune/graph-explorer:latest-SNAPSHOT
+
+      - name: Scan Docker image for vulnerabilities
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          image-ref: public.ecr.aws/neptune/graph-explorer:latest-SNAPSHOT
+          format: sarif
+          output: trivy-image-results.sarif
+
+      - name: Upload Trivy image results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: trivy-image-results.sarif
+          category: docker-image-scan

.github/workflows/test_build_docker.yml

@@ -23,7 +23,7 @@ jobs:
           docker build -t test-image-neptune --build-arg NEPTUNE_NOTEBOOK=true .
 
       - name: Scan Docker image for vulnerabilities
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@v0.35.0
         with:
           image-ref: test-image
           severity: HIGH,CRITICAL

.github/workflows/unit.yml

@@ -13,6 +13,16 @@ permissions:
   contents: read
 
 jobs:
+  dependency-review:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Review dependencies for vulnerabilities
+        uses: actions/dependency-review-action@v4
+
   install-and-test:
     runs-on: ubuntu-latest
     steps:

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Graph Explorer, please report it through [GitHub's Private Vulnerability Reporting][pvr]. This ensures the issue stays private while we work on a fix.
+
+### What to Include
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- The potential impact
+- Any suggested fix (optional)
+
+## Response Process
+
+- We will acknowledge your report.
+- We will provide an initial assessment.
+- We will work with you on coordinated disclosure once a fix is available.
+
+## Supported Versions
+
+We provide security fixes for the latest release only.
+
+## Scope
+
+This policy applies to the Graph Explorer application itself. For vulnerabilities in third-party dependencies, please report them to the respective upstream projects.
+
+[pvr]: https://github.com/aws/graph-explorer/security/advisories/new

packages/graph-explorer/src/components/PanelError.tsx

@@ -85,12 +85,14 @@ function ErrorDetailsButton({ error }: { error: unknown }) {
               {errorName}
             </div>
           </FormItem>
-          <FormItem>
-            <Label>Error message</Label>
-            <div className="gx-wrap-break-word text-base leading-snug">
-              {errorMessage}
-            </div>
-          </FormItem>
+          {errorMessage ? (
+            <FormItem>
+              <Label>Error message</Label>
+              <div className="gx-wrap-break-word text-base leading-snug">
+                {errorMessage}
+              </div>
+            </FormItem>
+          ) : null}
           {errorData ? (
             <FormItem>
               <Label>Error data</Label>