Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scan repository - show license violation on Github security issues #575

Merged
merged 11 commits into from
Nov 16, 2023
Merged

Scan repository - show license violation on Github security issues #575

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
ef437c6
Scan repository - show license violation on Github security issues
attiasas Nov 14, 2023
c29f983
cleanup
attiasas Nov 14, 2023
96c1c7f
add option to specify allow license
attiasas Nov 15, 2023
32719cf
edit lic get condition
attiasas Nov 15, 2023
03caada
cleanup tests
attiasas Nov 15, 2023
fe6e463
cleanup
attiasas Nov 15, 2023
0c556c5
fix tests
attiasas Nov 15, 2023
af17250
Merge branch 'dev' into add_license_violations_scan_repo
omerzi Nov 16, 2023
11ddadd
fix tests
attiasas Nov 16, 2023
c29e164
use core dev
attiasas Nov 16, 2023
422c3d8
Merge remote-tracking branch 'upstream/dev' into add_license_violatio…
attiasas Nov 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
cleanup tests
  • Loading branch information
@attiasas
attiasas committed Nov 15, 2023
commit 03caadab05546d7eeb4702856b25e54ccef151cf
61 changes: 0 additions & 61 deletions scanpullrequest/scanpullrequest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,67 +220,6 @@ func TestGetNewViolationsCaseNoNewViolations(t *testing.T) {
assert.Len(t, licenseViolations, 0)
}

func TestGetAllVulnerabilities(t *testing.T) {
// Current scan with 2 vulnerabilities - XRAY-1 and XRAY-2
currentScan := services.ScanResponse{
Vulnerabilities: []services.Vulnerability{
{
IssueId: "XRAY-1",
Summary: "summary-1",
Severity: "high",
Components: map[string]services.Component{"component-A": {}, "component-B": {}},
},
{
IssueId: "XRAY-2",
Summary: "summary-2",
Severity: "low",
Components: map[string]services.Component{"component-C": {}, "component-D": {}},
},
},
}

expected := []formats.VulnerabilityOrViolationRow{
{
Summary: "summary-1",
IssueId: "XRAY-1",
ImpactedDependencyDetails: formats.ImpactedDependencyDetails{
SeverityDetails: formats.SeverityDetails{Severity: "high"},
ImpactedDependencyName: "component-A",
},
},
{
Summary: "summary-1",
IssueId: "XRAY-1",
ImpactedDependencyDetails: formats.ImpactedDependencyDetails{
SeverityDetails: formats.SeverityDetails{Severity: "high"},
ImpactedDependencyName: "component-B",
},
},
{
Summary: "summary-2",
IssueId: "XRAY-2",
ImpactedDependencyDetails: formats.ImpactedDependencyDetails{
SeverityDetails: formats.SeverityDetails{Severity: "low"},
ImpactedDependencyName: "component-C",
},
},
{
Summary: "summary-2",
IssueId: "XRAY-2",
ImpactedDependencyDetails: formats.ImpactedDependencyDetails{
SeverityDetails: formats.SeverityDetails{Severity: "low"},
ImpactedDependencyName: "component-D",
},
},
}
// Run createAllIssuesRows and make sure that XRAY-1 and XRAY-2 vulnerabilities exists in the results
vulnerabilities, licenses, err := getScanVulnerabilitiesRows(&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{xrayutils.ScaScanResult{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, nil)
assert.NoError(t, err)
assert.Len(t, vulnerabilities, 4)
assert.Len(t, licenses, 0)
assert.ElementsMatch(t, expected, vulnerabilities)
}

func TestGetNewVulnerabilities(t *testing.T) {
// Previous scan with only one vulnerability - XRAY-1
previousScan := services.ScanResponse{
Expand Down
Loading