From 0c77e6fc1e23e8c61b1b14e540760c84870c515d Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Tue, 13 Feb 2024 22:54:37 +0100
Subject: [PATCH] Fix test failures due to incorrect ordering assumption

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .../resources/v1/BomResourceTest.java         |   4 +
 .../resources/v1/FindingResourceTest.java     | 250 ++++++++++--------
 2 files changed, 144 insertions(+), 110 deletions(-)

diff --git a/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java
index a32b632d7..7240f9643 100644
--- a/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java
+++ b/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java
@@ -23,6 +23,7 @@
 import alpine.server.filters.AuthenticationFilter;
 import junitparams.JUnitParamsRunner;
 import junitparams.Parameters;
+import net.javacrumbs.jsonunit.core.Option;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpStatus;
@@ -185,6 +186,7 @@ public void exportProjectAsCycloneDxInventoryTest() {
 
         final String jsonResponse = getPlainTextBody(response);
         assertThatJson(jsonResponse)
+                .withOptions(Option.IGNORING_ARRAY_ORDER)
                 .withMatcher("projectUuid", equalTo(project.getUuid().toString()))
                 .withMatcher("componentWithoutVulnUuid", equalTo(componentWithoutVuln.getUuid().toString()))
                 .withMatcher("componentWithVulnUuid", equalTo(componentWithVuln.getUuid().toString()))
@@ -333,6 +335,7 @@ public void exportProjectAsCycloneDxInventoryWithVulnerabilitiesTest() {
 
         final String jsonResponse = getPlainTextBody(response);
         assertThatJson(jsonResponse)
+                .withOptions(Option.IGNORING_ARRAY_ORDER)
                 .withMatcher("vulnUuid", equalTo(vulnerability.getUuid().toString()))
                 .withMatcher("projectUuid", equalTo(project.getUuid().toString()))
                 .withMatcher("componentWithoutVulnUuid", equalTo(componentWithoutVuln.getUuid().toString()))
@@ -526,6 +529,7 @@ public void exportProjectAsCycloneDxVdrTest() {
 
         final String jsonResponse = getPlainTextBody(response);
         assertThatJson(jsonResponse)
+                .withOptions(Option.IGNORING_ARRAY_ORDER)
                 .withMatcher("vulnUuid", equalTo(vulnerability.getUuid().toString()))
                 .withMatcher("projectUuid", equalTo(project.getUuid().toString()))
                 .withMatcher("componentWithoutVulnUuid", equalTo(componentWithoutVuln.getUuid().toString()))
diff --git a/src/test/java/org/dependencytrack/resources/v1/FindingResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/FindingResourceTest.java
index 3b8154fb8..6a683a63f 100644
--- a/src/test/java/org/dependencytrack/resources/v1/FindingResourceTest.java
+++ b/src/test/java/org/dependencytrack/resources/v1/FindingResourceTest.java
@@ -21,7 +21,6 @@
 import alpine.Config;
 import alpine.server.filters.ApiFilter;
 import alpine.server.filters.AuthenticationFilter;
-import org.assertj.core.api.Assertions;
 import org.dependencytrack.ResourceTest;
 import org.dependencytrack.model.AnalyzerIdentity;
 import org.dependencytrack.model.Component;
@@ -49,6 +48,7 @@
 import java.util.Map;
 import java.util.UUID;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.dependencytrack.model.WorkflowStatus.PENDING;
 import static org.junit.Assert.assertEquals;
 
@@ -94,37 +94,47 @@ public void getFindingsByProjectTest() {
         assertEquals(String.valueOf(3), response.getHeaderString(TOTAL_COUNT_HEADER));
         JsonArray json = parseJsonArray(response);
         Assert.assertNotNull(json);
-        assertEquals(3, json.size());
-        assertEquals("Component A", json.getJsonObject(0).getJsonObject("component").getString("name"));
-        assertEquals("1.0", json.getJsonObject(0).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-1", json.getJsonObject(0).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.CRITICAL.name(), json.getJsonObject(0).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, json.getJsonObject(0).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, json.getJsonObject(0).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, json.getJsonObject(0).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, json.getJsonObject(0).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(json.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v1.getUuid().toString(), json.getJsonObject(0).getString("matrix"));
-        assertEquals("Component A", json.getJsonObject(1).getJsonObject("component").getString("name"));
-        assertEquals("1.0", json.getJsonObject(1).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-2", json.getJsonObject(1).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.HIGH.name(), json.getJsonObject(1).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, json.getJsonObject(1).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, json.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, json.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, json.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(json.getJsonObject(1).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v2.getUuid().toString(), json.getJsonObject(1).getString("matrix"));
-        assertEquals("Component B", json.getJsonObject(2).getJsonObject("component").getString("name"));
-        assertEquals("1.0", json.getJsonObject(2).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-3", json.getJsonObject(2).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.MEDIUM.name(), json.getJsonObject(2).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, json.getJsonObject(2).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, json.getJsonObject(2).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, json.getJsonObject(2).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, json.getJsonObject(2).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(json.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c2.getUuid().toString() + ":" + v3.getUuid().toString(), json.getJsonObject(2).getString("matrix"));
+        assertThat(json).satisfiesExactlyInAnyOrder(
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component A", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-1", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.CRITICAL.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v1.getUuid().toString(), finding.getString("matrix"));
+                },
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component A", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-2", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.HIGH.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v2.getUuid().toString(), finding.getString("matrix"));
+                },
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component B", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-3", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.MEDIUM.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c2.getUuid().toString() + ":" + v3.getUuid().toString(), finding.getString("matrix"));
+                }
+        );
     }
 
     @Test
@@ -171,37 +181,47 @@ public void exportFindingsByProjectTest() {
         assertEquals(p1.getUuid().toString(), json.getJsonObject("project").getString("uuid"));
         assertEquals("1.2", json.getString("version")); // FPF version
         JsonArray findings = json.getJsonArray("findings");
-        assertEquals(3, findings.size());
-        assertEquals("Component A", findings.getJsonObject(0).getJsonObject("component").getString("name"));
-        assertEquals("1.0", findings.getJsonObject(0).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-1", findings.getJsonObject(0).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.CRITICAL.name(), findings.getJsonObject(0).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(findings.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v1.getUuid().toString(), findings.getJsonObject(0).getString("matrix"));
-        assertEquals("Component A", findings.getJsonObject(1).getJsonObject("component").getString("name"));
-        assertEquals("1.0", findings.getJsonObject(1).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-2", findings.getJsonObject(1).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.HIGH.name(), findings.getJsonObject(1).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(findings.getJsonObject(1).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v2.getUuid().toString(), findings.getJsonObject(1).getString("matrix"));
-        assertEquals("Component B", findings.getJsonObject(2).getJsonObject("component").getString("name"));
-        assertEquals("1.0", findings.getJsonObject(2).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-3", findings.getJsonObject(2).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.MEDIUM.name(), findings.getJsonObject(2).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(findings.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c2.getUuid().toString() + ":" + v3.getUuid().toString(), findings.getJsonObject(2).getString("matrix"));
+        assertThat(findings).satisfiesExactlyInAnyOrder(
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component A", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-1", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.CRITICAL.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v1.getUuid().toString(), finding.getString("matrix"));
+                },
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component A", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-2", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.HIGH.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v2.getUuid().toString(), finding.getString("matrix"));
+                },
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component B", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-3", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.MEDIUM.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, findings.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(findings.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c2.getUuid().toString() + ":" + v3.getUuid().toString(), finding.getString("matrix"));
+                }
+        );
     }
 
     @Test
@@ -271,40 +291,50 @@ public void getFindingsByProjectWithComponentLatestVersionTest() {
         assertEquals(String.valueOf(3), response.getHeaderString(TOTAL_COUNT_HEADER));
         JsonArray json = parseJsonArray(response);
         Assert.assertNotNull(json);
-        assertEquals(3, json.size());
-        assertEquals("Component A", json.getJsonObject(0).getJsonObject("component").getString("name"));
-        assertEquals("1.0", json.getJsonObject(0).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-1", json.getJsonObject(0).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.CRITICAL.name(), json.getJsonObject(0).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, json.getJsonObject(0).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, json.getJsonObject(0).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, json.getJsonObject(0).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, json.getJsonObject(0).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(json.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v1.getUuid().toString(), json.getJsonObject(0).getString("matrix"));
-        assertEquals("2.0.0", json.getJsonObject(0).getJsonObject("component").getString("latestVersion"));
-        assertEquals("Component A", json.getJsonObject(1).getJsonObject("component").getString("name"));
-        assertEquals("1.0", json.getJsonObject(1).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-2", json.getJsonObject(1).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.HIGH.name(), json.getJsonObject(1).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, json.getJsonObject(1).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, json.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, json.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, json.getJsonObject(1).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(json.getJsonObject(1).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v2.getUuid().toString(), json.getJsonObject(1).getString("matrix"));
-        assertEquals("2.0.0", json.getJsonObject(1).getJsonObject("component").getString("latestVersion"));
-        assertEquals("Component B", json.getJsonObject(2).getJsonObject("component").getString("name"));
-        assertEquals("1.0", json.getJsonObject(2).getJsonObject("component").getString("version"));
-        assertEquals("Vuln-3", json.getJsonObject(2).getJsonObject("vulnerability").getString("vulnId"));
-        assertEquals(Severity.MEDIUM.name(), json.getJsonObject(2).getJsonObject("vulnerability").getString("severity"));
-        assertEquals(80, json.getJsonObject(2).getJsonObject("vulnerability").getInt("cweId"));
-        assertEquals(2, json.getJsonObject(2).getJsonObject("vulnerability").getJsonArray("cwes").size());
-        assertEquals(80, json.getJsonObject(2).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
-        assertEquals(666, json.getJsonObject(2).getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
-        Assert.assertFalse(json.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
-        assertEquals(p1.getUuid().toString() + ":" + c2.getUuid().toString() + ":" + v3.getUuid().toString(), json.getJsonObject(2).getString("matrix"));
-        assertEquals("3.0.0", json.getJsonObject(2).getJsonObject("component").getString("latestVersion"));
+        assertThat(json).satisfiesExactlyInAnyOrder(
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component A", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-1", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.CRITICAL.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v1.getUuid().toString(), finding.getString("matrix"));
+                    assertEquals("2.0.0", finding.getJsonObject("component").getString("latestVersion"));
+                },
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component A", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-2", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.HIGH.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(finding.getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c1.getUuid().toString() + ":" + v2.getUuid().toString(), finding.getString("matrix"));
+                    assertEquals("2.0.0", finding.getJsonObject("component").getString("latestVersion"));
+                },
+                jsonValue -> {
+                    final JsonObject finding = jsonValue.asJsonObject();
+                    assertEquals("Component B", finding.getJsonObject("component").getString("name"));
+                    assertEquals("1.0", finding.getJsonObject("component").getString("version"));
+                    assertEquals("Vuln-3", finding.getJsonObject("vulnerability").getString("vulnId"));
+                    assertEquals(Severity.MEDIUM.name(), finding.getJsonObject("vulnerability").getString("severity"));
+                    assertEquals(80, finding.getJsonObject("vulnerability").getInt("cweId"));
+                    assertEquals(2, finding.getJsonObject("vulnerability").getJsonArray("cwes").size());
+                    assertEquals(80, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(0).getInt("cweId"));
+                    assertEquals(666, finding.getJsonObject("vulnerability").getJsonArray("cwes").getJsonObject(1).getInt("cweId"));
+                    Assert.assertFalse(json.getJsonObject(0).getJsonObject("analysis").getBoolean("isSuppressed"));
+                    assertEquals(p1.getUuid().toString() + ":" + c2.getUuid().toString() + ":" + v3.getUuid().toString(), finding.getString("matrix"));
+                    assertEquals("3.0.0", finding.getJsonObject("component").getString("latestVersion"));
+                }
+        );
     }
 
     @Test
@@ -348,22 +378,22 @@ public void testWorkflowStepsShouldBeCreatedOnReanalyze() {
         Assert.assertEquals(200, response.getStatus(), 0);
 
         UUID uuid = UUID.fromString(responseMap.get("token"));
-        Assertions.assertThat(qm.getAllWorkflowStatesForAToken(uuid)).satisfiesExactlyInAnyOrder(
+        assertThat(qm.getAllWorkflowStatesForAToken(uuid)).satisfiesExactlyInAnyOrder(
                 workflowState -> {
-                    Assertions.assertThat(workflowState.getStep()).isEqualTo(WorkflowStep.VULN_ANALYSIS);
-                    Assertions.assertThat(workflowState.getToken()).isEqualTo(uuid);
-                    Assertions.assertThat(workflowState.getParent()).isNull();
-                    Assertions.assertThat(workflowState.getStatus()).isEqualTo(PENDING);
-                    Assertions.assertThat(workflowState.getUpdatedAt()).isNotNull();
-                    Assertions.assertThat(workflowState.getStartedAt()).isNull();
+                    assertThat(workflowState.getStep()).isEqualTo(WorkflowStep.VULN_ANALYSIS);
+                    assertThat(workflowState.getToken()).isEqualTo(uuid);
+                    assertThat(workflowState.getParent()).isNull();
+                    assertThat(workflowState.getStatus()).isEqualTo(PENDING);
+                    assertThat(workflowState.getUpdatedAt()).isNotNull();
+                    assertThat(workflowState.getStartedAt()).isNull();
                 },
                 workflowState -> {
-                    Assertions.assertThat(workflowState.getStep()).isEqualTo(WorkflowStep.POLICY_EVALUATION);
-                    Assertions.assertThat(workflowState.getToken()).isEqualTo(uuid);
-                    Assertions.assertThat(workflowState.getParent()).isNotNull();
-                    Assertions.assertThat(workflowState.getStatus()).isEqualTo(PENDING);
-                    Assertions.assertThat(workflowState.getUpdatedAt()).isNotNull();
-                    Assertions.assertThat(workflowState.getStartedAt()).isNull();
+                    assertThat(workflowState.getStep()).isEqualTo(WorkflowStep.POLICY_EVALUATION);
+                    assertThat(workflowState.getToken()).isEqualTo(uuid);
+                    assertThat(workflowState.getParent()).isNotNull();
+                    assertThat(workflowState.getStatus()).isEqualTo(PENDING);
+                    assertThat(workflowState.getUpdatedAt()).isNotNull();
+                    assertThat(workflowState.getStartedAt()).isNull();
                 }
         );
     }