feat: added adapter for osv scanner #35
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- osv scanner adapter generates KPIs by using the existing CveAdapter - Additional data models for osv detail results are provided, however they are not parsed by default to keep the parsing logic as small as possible to be robust against changes
|
Code Coverage
Files
|
AnakinRaW
requested changes
Nov 13, 2024
| import kotlinx.serialization.json.decodeFromStream | ||
|
|
||
| object OsvAdapter { | ||
| private val jsonParser = Json { |
There was a problem hiding this comment.
Is this something we can make global for the library, or should this be adapter specific?
There was a problem hiding this comment.
it might become adapter specific.
However, as long as the config is the same we could use a global object for that I guess. I'll consider this in a dedicated PR
| @@ -91,9 +91,13 @@ object TrivyAdapter { | |||
| val cvssData = it.cvss!!.values.map { jsonParser.decodeFromJsonElement<CVSSData>(it) } | |||
|
|
|||
| val score = getHighestCvssScore(cvssData) | |||
| val packageID = "${it.pkgName}@${it.installedVersion}" | |||
|
|
||
| @Test | ||
| fun testResultDto() { | ||
| Files.newInputStream(Path("src/test/resources/osv-scanner.json")).use { |
There was a problem hiding this comment.
what about the other test files?
AnakinRaW
approved these changes
Nov 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Additionally, I extended the data format for
VulnerabilityDtoto explicitly contain aversionstring. From what I've seen all vulnerability scanners report this information and it is very important to understand the provided results.