Pdf consumer (smithy-security#52)

* add the ability to enrich sbom document with security scorecard score

* lint:

* fix logging

* fix depsdev + tests

* dependency track owner tagging

* Update components/consumers/dependency-track/main.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/enrichers/depsdev/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/enrichers/depsdev/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/enrichers/depsdev/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/enrichers/depsdev/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/enrichers/depsdev/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/enrichers/depsdev/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update components/consumers/dependency-track/main_test.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* add ability to run zap without automation framework

* wip pdf consumer

* nit

* pdf-consumer

* make default template legible

* lint

* lint

* cleanup

* Update components/consumers/pdf/main.go

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* cleanup

* nosec

* lint

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Pavlos Tzianos <[email protected]>

components/consumers/dependency-track/main.go

@@ -157,6 +157,7 @@ func addOwnersTags(owners []string) error {
 	_, err = client.Project.Update(context.Background(), project)
 	return err
 }
+
 func uploadBOM(bom string, projectVersion string) (string, error) {
 	if projectVersion == "" {
 		projectVersion = "Unknown"

components/consumers/pdf/BUILD

@@ -0,0 +1,55 @@
+subinclude(
+    "//build/defs:buildkit",
+    "///k8s//build/defs:k8s",
+    "//build/defs:dracon",
+)
+
+go_binary(
+    name = "pdf",
+    srcs = [
+        "main.go",
+    ],
+    static = True,
+    deps = [
+        "//api/proto/v1",
+        "//components/consumers",
+        "//pkg/enumtransformers",
+        "//pkg/templating",
+        "//third_party/go/github.com/aws/aws-sdk-go",
+        "//third_party/go/github.com/playwright-community/playwright-go",
+        "//third_party/go/google.golang.org/protobuf",
+    ],
+)
+
+filegroup(
+    name = "template",
+    srcs = ["default.html"],
+)
+# buildkit_distroless_image(
+#     name = "image",
+#     srcs = [":pdf"],
+#     visibility = [
+#         "//examples/...",
+#     ],
+# )
+
+buildkit_image(
+    name = "image",
+    srcs = [
+        ":pdf",
+        ":template",
+    ],
+    dockerfile = "Dockerfile",
+    visibility = [
+        "//examples/...",
+    ],
+)
+
+dracon_component(
+    name = "pdf",
+    images = [
+        ":image",
+    ],
+    task = "task.yaml",
+    visibility = ["//examples/pipelines/..."],
+)

components/consumers/pdf/Dockerfile

@@ -0,0 +1,11 @@
+FROM golang:latest
+
+WORKDIR /playwright
+RUN go mod init github.com/ocurity/pdf-consumer &&\
+    go get -u github.com/playwright-community/playwright-go &&\ 
+    go run github.com/playwright-community/playwright-go/cmd/playwright@latest install --with-deps
+
+ENV PATH="${PATH}:/go/pkg/mod/github.com/playwright-community"
+COPY components/consumers/pdf/pdf /playwright/pdf
+COPY components/consumers/pdf/default.html /playwright/default.html
+ENTRYPOINT ["/playwright/pdf"]

components/consumers/pdf/default.html

@@ -0,0 +1,183 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Vulnerability Scan Results</title>
+    <style>
+        body {
+            font-family: 'Arial', sans-serif;
+            background-color: #f4f4f4;
+            color: #333;
+            margin: 20px;
+        }
+
+        header {
+            text-align: center;
+            margin-bottom: 20px;
+        }
+
+        header img {
+            max-width: 100px;
+            height: auto;
+        }
+
+        .report {
+            max-width: 800px;
+            margin: 0 auto;
+            padding: 20px;
+            background-color: #fff;
+            border: 1px solid #ddd;
+            border-radius: 8px;
+            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+        }
+
+        .report-title {
+            font-size: 24px;
+            font-weight: bold;
+            color: #333;
+            text-align: center;
+            margin-bottom: 20px;
+        }
+
+        .scan {
+            margin-bottom: 20px;
+        }
+
+        .scan-title {
+            font-size: 20px;
+            font-weight: bold;
+            color: #007bff;
+            margin-bottom: 10px;
+        }
+
+        .scan-details {
+            margin-top: 10px;
+            color: #555;
+        }
+
+        .finding {
+            border: 1px solid #eee;
+            border-radius: 5px;
+            margin: 15px 0;
+            padding: 15px;
+            background-color: #f9f9f9;
+            /* Alternating background color */
+        }
+
+        .finding:nth-child(even) {
+            background-color: #f5f5f5;
+            /* Alternating background color for even elements */
+        }
+
+        .finding-title {
+            font-size: 18px;
+            font-weight: bold;
+            color: #333;
+            margin-bottom: 10px;
+        }
+
+        .finding-details {
+            color: #777;
+        }
+
+        .introduction {
+            margin-bottom: 20px;
+        }
+
+        .summary {
+            margin-top: 20px;
+            border-top: 1px solid #ddd;
+            padding-top: 20px;
+            color: #555;
+        }
+
+        .placeholder-metrics {
+            display: flex;
+            justify-content: space-around;
+            margin-bottom: 20px;
+        }
+
+        .placeholder-graph {
+            height: 200px;
+            background-color: #eaeaea;
+            border-radius: 5px;
+        }
+    </style>
+</head>
+
+<body>
+
+    <header>
+        <img src="https://github.com/ocurity/dracon/raw/main/assets/dracon-logo-light.svg#gh-dark-mode-only" alt="Logo">
+        <h1>Dracon Report</h1>
+    </header>
+
+    <div class="report">
+        <div class="report-title">Scan Results</div>
+
+        <!-- Introduction -->
+        <div class="introduction">
+            <p>This report summarizes the results of running Dracon.</p>
+        </div>
+        <!-- Summary -->
+        <div class="summary">
+            <h2>Summary</h2>
+
+            <!-- Placeholder Metrics -->
+            <div class="placeholder-metrics">
+                <div>
+                    <h3>Total Number of Findings</h3>
+                    <p>10</p>
+                </div>
+                <div>
+                    <h3>Total High Severity Findings</h3>
+                    <p>10</p>
+                </div>
+            </div>
+
+            <!-- Placeholder Graph -->
+            <div class="placeholder-graph"></div>
+
+            <p>The vulnerability scans have identified potential issues that need attention. It is recommended to review
+                and address the findings promptly to enhance the security of our systems.</p>
+        </div>
+
+        <!-- Scan -->
+        {{range .}}
+        <div class="scan">
+            <div class="scan-title">{{.OriginalResults.ScanInfo.ScanUuid}} - {{.OriginalResults.ToolName}}</div>
+            <div class="scan-details">
+                <div><strong>Start Time:</strong> {{.OriginalResults.ScanInfo.ScanStartTime}}</div>
+            </div>
+            {{range .Issues}}
+            <div class="finding">
+                <div class="finding-title">{{.RawIssue.Title}}</div>
+                <div class="finding-details">
+                    <div>Target: {{.RawIssue.Target}} </div>
+                    <div>Type: {{.RawIssue.Type}} </div>
+                    <div>CVSS: {{.RawIssue.Cvss}} </div>
+                    <div>CVE: {{.RawIssue.Cve}} </div>
+                    <div>Confidence: {{.RawIssue.Confidence}} </div>
+                    <div>Severity: {{.RawIssue.Severity}} </div>
+                    <div>Description: {{.RawIssue.Description}} </div>
+                    <div>First Seen: {{.FirstSeen}} </div>
+                    <div>Seen Before Times: {{.Count}} </div>
+                    <div>False Positive?:{{.FalsePositive}} </div>
+                    <div>Last Updated: {{.UpdatedAt}} </div>
+                    {{ range $key,$element := .Annotations }}
+                    <p><b>{{$key}}</b>:{{$element}}</p>
+                    {{end}}
+                    <div>SBOM<pre>{{.RawIssue.CycloneDXSBOM}}</pre></div>
+                </div>
+            </div>
+            {{end}}
+
+            <!-- Add more scans as needed -->
+
+        </div>
+        {{end}}
+</body>
+
+</html>

components/consumers/pdf/kustomization.yaml

@@ -0,0 +1,91 @@
+# DO NOT EDIT. Code generated by:
+# github.com/ocurity/dracon//build/tools/kustomize-component-generator.
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - task.yaml
+patches:
+  # Add the Task to the Tekton Pipeline.
+  - patch: |
+      apiVersion: tekton.dev/v1beta1
+      kind: Pipeline
+      metadata:
+        name: unused
+      spec:
+        workspaces:
+          - name: source-code-ws
+        tasks:
+          - name: consumer-pdf
+            taskRef:
+              name: consumer-pdf
+            workspaces:
+              - name: source-code-ws
+                workspace: source-code-ws
+            params:
+              - name: consumer-pdf-s3-access-key-id
+                value: $(params.consumer-pdf-s3-access-key-id)
+              - name: consumer-pdf-s3-secret-access-key
+                value: $(params.consumer-pdf-s3-secret-access-key)
+              - name: consumer-pdf-s3-bucket-name
+                value: $(params.consumer-pdf-s3-bucket-name)
+              - name: consumer-pdf-s3-bucket-region
+                value: $(params.consumer-pdf-s3-bucket-region)
+              - name: consumer-pdf-template-location
+                value: $(params.consumer-pdf-template-location)
+        params:
+          - name: consumer-pdf-s3-access-key-id
+            type: string
+          - name: consumer-pdf-s3-secret-access-key
+            type: string
+          - name: consumer-pdf-s3-bucket-name
+            type: string
+          - name: consumer-pdf-s3-bucket-region
+            type: string
+          - name: consumer-pdf-template-location
+            type: string
+            default: /playwright/default.html
+    target:
+      kind: Pipeline
+  # Add anchors to Task.
+  - patch: |
+      apiVersion: tekton.dev/v1beta1
+      kind: Task
+      metadata:
+        name: consumer-pdf
+        labels:
+          v1.dracon.ocurity.com/component: consumer
+      spec:
+        params:
+          - name: anchors
+            type: array
+            description: A list of tasks that this task depends on using their anchors.
+            default: []
+        results:
+          - name: anchor
+            description: An anchor to allow other tasks to depend on this task.
+        steps:
+          - name: anchor
+            image: docker.io/busybox:1.35.0
+            script: echo "$(context.task.name)" > "$(results.anchor.path)"
+    target:
+      kind: Task
+      name: consumer-pdf
+  # If we have an enricher-aggregator task in the pipeline (added by the
+  # enricher-aggregator component), make the consumer depend on the completion of
+  # it.
+  - patch: |
+      apiVersion: tekton.dev/v1beta1
+      kind: Pipeline
+      metadata:
+        name: unused
+      spec:
+        tasks:
+          - name: consumer-pdf
+            params:
+              - name: anchors
+                value:
+                  - $(tasks.enricher-aggregator.results.anchor)
+    target:
+      kind: Pipeline
+      annotationSelector: v1.dracon.ocurity.com/has-enricher-aggregator=true