Add issue type dropdown and Save to Dashboard from lookup

- Replace issue type text input with dropdown of STEAM project types (Story default)
- Add Save to Dashboard button on lookup results to link existing Jira tickets locally
- Make cve_id and vendor optional on local POST /api/jira-tickets endpoint
- Fix: use normalized values in local ticket INSERT query

backend/routes/jiraTickets.js

@@ -522,11 +522,21 @@ function createJiraTicketsRouter() {
     router.post('/', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
         const { cve_id, vendor, ticket_key, url, summary, status } = req.body;
 
-        if (!cve_id || !isValidCveId(cve_id)) {
-            return res.status(400).json({ error: 'Valid CVE ID is required.' });
+        // CVE ID is optional — validate format only if provided and non-empty
+        let normalizedCveId = null;
+        if (cve_id && typeof cve_id === 'string' && cve_id.trim().length > 0) {
+            if (!isValidCveId(cve_id)) {
+                return res.status(400).json({ error: 'CVE ID format is invalid. Expected CVE-YYYY-NNNN+.' });
+            }
+            normalizedCveId = cve_id;
         }
-        if (!vendor || !isValidVendor(vendor)) {
-            return res.status(400).json({ error: 'Valid vendor is required.' });
+        // Vendor is optional — validate length only if provided and non-empty
+        let normalizedVendor = null;
+        if (vendor && typeof vendor === 'string' && vendor.trim().length > 0) {
+            if (vendor.trim().length > 200) {
+                return res.status(400).json({ error: 'Vendor exceeds maximum length of 200 characters.' });
+            }
+            normalizedVendor = vendor.trim();
         }
         if (!ticket_key || typeof ticket_key !== 'string' || ticket_key.trim().length === 0 || ticket_key.length > 50) {
             return res.status(400).json({ error: 'Ticket key is required (max 50 chars).' });
@@ -548,7 +558,7 @@ function createJiraTicketsRouter() {
                 `INSERT INTO jira_tickets (cve_id, vendor, ticket_key, url, summary, status, created_by)
                  VALUES ($1, $2, $3, $4, $5, $6, $7)
                  RETURNING id`,
-                [cve_id, vendor, ticket_key.trim(), url || null, summary || null, ticketStatus, req.user.id]
+                [normalizedCveId, normalizedVendor, ticket_key.trim(), url || null, summary || null, ticketStatus, req.user.id]
             );
 
             logAudit({
@@ -557,7 +567,7 @@ function createJiraTicketsRouter() {
                 action: 'jira_ticket_create',
                 entityType: 'jira_ticket',
                 entityId: rows[0].id.toString(),
-                details: { cve_id, vendor, ticket_key, status: ticketStatus },
+                details: { cve_id: normalizedCveId, vendor: normalizedVendor, ticket_key, status: ticketStatus },
                 ipAddress: req.ip
             });