jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-02-21 19:48:53 +02:00
Code Issues Releases Activity

Unification of audit status in blackduck sarif (#4450)

Browse Source 
* added unified status value

* added-unified-status

* added-unified-status

* added-unified-status
This commit is contained in:
Dmitrii Pavlukhin 2023-07-12 15:22:19 +03:00 committed by GitHub
parent c105b2129b
commit ef98a4351f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/blackduck/reporting.go
View File

@ -35,6 +35,27 @@ func CreateSarifResultFile(vulns *Vulnerabilities, projectName, projectVersion,
isAudited = false
}
unifiedStatusValue := "new"
switch v.RemediationStatus {
case "NEW":
unifiedStatusValue = "new"
case "NEEDS_REVIEW":
unifiedStatusValue = "inProcess"
case "REMEDIATION_COMPLETE":
unifiedStatusValue = "notRelevant"
case "PATCHED":
unifiedStatusValue = "notRelevant"
case "MITIGATED":
unifiedStatusValue = "notRelevant"
case "DUPLICATE":
unifiedStatusValue = "notRelevant"
case "IGNORED":
unifiedStatusValue = "notRelevant"
case "REMEDIATION_REQUIRED":
unifiedStatusValue = "relevant"
}
log.Entry().Debugf("Transforming alert %v on Package %v Version %v into SARIF format", v.VulnerabilityWithRemediation.VulnerabilityName, v.Component.Name, v.Component.Version)
result := format.Results{
RuleID: v.VulnerabilityWithRemediation.VulnerabilityName,
@ -54,6 +75,7 @@ func CreateSarifResultFile(vulns *Vulnerabilities, projectName, projectVersion,
ToolSeverityIndex: severityIndex[v.Severity],
ToolAuditMessage: v.VulnerabilityWithRemediation.RemediationComment,
ToolState: v.RemediationStatus,
UnifiedAuditState: unifiedStatusValue,
},
}