Skip to content

Commit

Permalink
Dependency track mapper (#6307)
Browse files Browse the repository at this point in the history
Co-authored-by: Jace Barayuga <[email protected]>
  • Loading branch information
Amndeep7 and jbarayuga authored Oct 23, 2024
1 parent b083ac1 commit 9d5358c
Show file tree
Hide file tree
Showing 17 changed files with 14,784 additions and 20 deletions.
3 changes: 3 additions & 0 deletions apps/frontend/src/store/report_intake.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
ConveyorResults as ConveyorResultsMapper,
CycloneDXSBOMResults,
DBProtectMapper,
DependencyTrackMapper,
fingerprint,
FortifyMapper,
GosecMapper,
Expand Down Expand Up @@ -286,6 +287,8 @@ export class InspecIntake extends VuexModule {
return new AnchoreGrypeMapper(convertOptions.data).toHdf();
case INPUT_TYPES.NEUVECTOR:
return new NeuVectorMapper(convertOptions.data).toHdf();
case INPUT_TYPES.DEPENDENCY_TRACK:
return new DependencyTrackMapper(convertOptions.data).toHdf();
default:
return SnackbarModule.failure(
`Invalid file uploaded (${filename}), no fingerprints matched.`
Expand Down
41 changes: 21 additions & 20 deletions libs/hdf-converters/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,26 +15,27 @@ OHDF Converters supplies several methods to convert various types of security to
7. [**conveyor-mapper**] - Conveyor JSON file
8. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file
9. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format
10. [**fortify-mapper**] - Fortify results FVDL file
11. [**gosec-mapper**] - gosec results JSON file
12. [**ionchannel-mapper**] - SBOM data from Ion Channel
13. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
14. [**msft-secure-mapper**] - Microsoft Secure Score results file
15. [**nessus-mapper**] - Nessus XML results file
16. [**netsparker-mapper**] - Netsparker XML results file
17. [**neuvector-mapper**] - NeuVector JSON results file
18. [**nikto-mapper**] - Nikto results JSON file
19. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
20. [**sarif-mapper**] - SARIF JSON file
21. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
22. [**snyk-mapper**] - Snyk results JSON file
23. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
24. [**splunk-mapper**] - Splunk instance
25. [**trufflehog-mapper**] - Trufflehog results json file
26. [**twistlock-mapper**] - Twistlock CLI output file
27. [**veracode-mapper**] - Veracode Scan Results XML file
28. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
29. [**zap-mapper**] - OWASP ZAP results JSON
10. [**dependency-track-mapper**] - OWASP Dependency-Track Finding Packaging Format (FPF)
11. [**fortify-mapper**] - Fortify results FVDL file
12. [**gosec-mapper**] - gosec results JSON file
13. [**ionchannel-mapper**] - SBOM data from Ion Channel
14. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
15. [**msft-secure-mapper**] - Microsoft Secure Score results file
16. [**nessus-mapper**] - Nessus XML results file
17. [**netsparker-mapper**] - Netsparker XML results file
18. [**neuvector-mapper**] - NeuVector JSON results file
19. [**nikto-mapper**] - Nikto results JSON file
20. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
21. [**sarif-mapper**] - SARIF JSON file
22. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
23. [**snyk-mapper**] - Snyk results JSON file
24. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
25. [**splunk-mapper**] - Splunk instance
26. [**trufflehog-mapper**] - Trufflehog results json file
27. [**twistlock-mapper**] - Twistlock CLI output file
28. [**veracode-mapper**] - Veracode Scan Results XML file
29. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
30. [**zap-mapper**] - OWASP ZAP results JSON

### NOTICE

Expand Down
1 change: 1 addition & 0 deletions libs/hdf-converters/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ export * from './src/converters-from-hdf/xccdf/reverse-xccdf-mapper';
export * from './src/conveyor-mapper';
export * from './src/cyclonedx-sbom-mapper';
export * from './src/dbprotect-mapper';
export * from './src/dependency-track-mapper';
export * from './src/fortify-mapper';
export * from './src/gosec-mapper';
export * from './src/ionchannel-mapper';
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,253 @@
{
"platform": {
"name": "Dependency-Track",
"release": "1.1 4.5.0",
"target_id": "http://dtrack.example.org"
},
"version": "2.10.3",
"statistics": {},
"profiles": [
{
"name": "ca4f2da9-0fad-4a13-92d7-f627f3168a56",
"version": "1.0",
"title": "Acme Example",
"summary": "A sample application",
"supports": [],
"attributes": [],
"groups": [],
"status": "loaded",
"controls": [
{
"tags": {
"cweIds": [
400
],
"cweNames": [
"Uncontrolled Resource Consumption ('Resource Exhaustion')"
],
"nist": [
"SI-10"
],
"cci": [
"CCI-001310"
],
"componentUuid": "b815b581-fec1-4374-a871-68862a8f8d52",
"componentName": "timespan",
"componentGroup": "",
"componentVersion": "2.3.0",
"componentLatestVersion": "3.2.0",
"componentPurl": "pkg:npm/[email protected]",
"componentCpe": "",
"componentProject": "",
"vulnerabilityUuid": "115b80bb-46c4-41d1-9f10-8a175d4abb46",
"vulnerabilitySource": "NPM",
"vulnerabilityVulnId": "533",
"vulnerabilityTitle": "Regular Expression Denial of Service",
"vulnerabilitySubtitle": "timespan",
"vulnerabilityAliases": "\"\"",
"vulnerabilityCvssV2BaseScore": "",
"vulnerabilityCvssV3BaseScore": "",
"vulnerabilityOwaspLikelihoodScore": "",
"vulnerabilityOwaspTechnicalImpactScore": "",
"vulnerabilityOwaspBusinessImpactScore": "",
"vulnerabilitySeverityRank": 3,
"vulnerabilityEpssScore": "",
"vulnerabilityEpssPercentile": "",
"vulnerabilityCweId": 400,
"vulnerabilityCweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')",
"attributionAnalyzerIdentity": "",
"attributionAttributedOn": "",
"attributionAlternateIdentifier": "",
"attributionReferenceUrl": "",
"analysisState": "NOT_SET",
"analysisIsSuppressed": ""
},
"refs": [],
"source_location": {},
"title": "pkg:npm/[email protected] - Regular Expression Denial of Service",
"id": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46",
"desc": "Affected versions of `timespan`...",
"descriptions": [
{
"data": "Affected versions of `timespan`...",
"label": "check"
},
{
"data": "No direct patch is available...",
"label": "fix"
}
],
"impact": 0.3,
"code": "{\n \"component\": {\n \"uuid\": \"b815b581-fec1-4374-a871-68862a8f8d52\",\n \"name\": \"timespan\",\n \"version\": \"2.3.0\",\n \"purl\": \"pkg:npm/[email protected]\",\n \"latestVersion\": \"3.2.0\"\n },\n \"vulnerability\": {\n \"uuid\": \"115b80bb-46c4-41d1-9f10-8a175d4abb46\",\n \"source\": \"NPM\",\n \"vulnId\": \"533\",\n \"title\": \"Regular Expression Denial of Service\",\n \"subtitle\": \"timespan\",\n \"severity\": \"LOW\",\n \"severityRank\": 3,\n \"cweId\": 400,\n \"cweName\": \"Uncontrolled Resource Consumption ('Resource Exhaustion')\",\n \"cwes\": [\n {\n \"cweId\": 400,\n \"name\": \"Uncontrolled Resource Consumption ('Resource Exhaustion')\"\n }\n ],\n \"description\": \"Affected versions of `timespan`...\",\n \"recommendation\": \"No direct patch is available...\"\n },\n \"analysis\": {\n \"state\": \"NOT_SET\",\n \"isSuppressed\": false\n },\n \"matrix\": \"ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46\"\n}",
"results": [
{
"status": "failed",
"code_desc": "No direct patch is available...",
"start_time": "2022-02-18T23:31:42Z"
}
]
},
{
"tags": {
"cweIds": [
400
],
"cweNames": [
"Uncontrolled Resource Consumption ('Resource Exhaustion')"
],
"nist": [
"SI-10"
],
"cci": [
"CCI-001310"
],
"componentUuid": "979f87f5-eaf5-4095-9d38-cde17bf9228e",
"componentName": "uglify-js",
"componentGroup": "",
"componentVersion": "2.4.24",
"componentLatestVersion": "",
"componentPurl": "pkg:npm/[email protected]",
"componentCpe": "",
"componentProject": "",
"vulnerabilityUuid": "701a3953-666b-4b7a-96ca-e1e6a3e1def3",
"vulnerabilitySource": "NPM",
"vulnerabilityVulnId": "48",
"vulnerabilityTitle": "Regular Expression Denial of Service",
"vulnerabilitySubtitle": "uglify-js",
"vulnerabilityAliases": "[\n {\n \"cveId\": \"CVE-2022-2053\",\n \"ghsaId\": \"GHSA-95rf-557x-44g5\"\n }\n]",
"vulnerabilityCvssV2BaseScore": "",
"vulnerabilityCvssV3BaseScore": "",
"vulnerabilityOwaspLikelihoodScore": "",
"vulnerabilityOwaspTechnicalImpactScore": "",
"vulnerabilityOwaspBusinessImpactScore": "",
"vulnerabilitySeverityRank": 3,
"vulnerabilityEpssScore": "",
"vulnerabilityEpssPercentile": "",
"vulnerabilityCweId": 400,
"vulnerabilityCweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')",
"attributionAnalyzerIdentity": "",
"attributionAttributedOn": "",
"attributionAlternateIdentifier": "",
"attributionReferenceUrl": "",
"analysisState": "",
"analysisIsSuppressed": ""
},
"refs": [],
"source_location": {},
"title": "pkg:npm/[email protected] - Regular Expression Denial of Service",
"id": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:979f87f5-eaf5-4095-9d38-cde17bf9228e:701a3953-666b-4b7a-96ca-e1e6a3e1def3",
"desc": "Versions of `uglify-js` prior to...",
"descriptions": [
{
"data": "Versions of `uglify-js` prior to...",
"label": "check"
},
{
"data": "Update to version 2.6.0 or later.",
"label": "fix"
}
],
"impact": 0.3,
"code": "{\n \"component\": {\n \"uuid\": \"979f87f5-eaf5-4095-9d38-cde17bf9228e\",\n \"name\": \"uglify-js\",\n \"version\": \"2.4.24\",\n \"purl\": \"pkg:npm/[email protected]\"\n },\n \"vulnerability\": {\n \"uuid\": \"701a3953-666b-4b7a-96ca-e1e6a3e1def3\",\n \"source\": \"NPM\",\n \"vulnId\": \"48\",\n \"aliases\": [\n {\n \"cveId\": \"CVE-2022-2053\",\n \"ghsaId\": \"GHSA-95rf-557x-44g5\"\n }\n ],\n \"title\": \"Regular Expression Denial of Service\",\n \"subtitle\": \"uglify-js\",\n \"severity\": \"LOW\",\n \"severityRank\": 3,\n \"cweId\": 400,\n \"cweName\": \"Uncontrolled Resource Consumption ('Resource Exhaustion')\",\n \"cwes\": [\n {\n \"cweId\": 400,\n \"name\": \"Uncontrolled Resource Consumption ('Resource Exhaustion')\"\n }\n ],\n \"description\": \"Versions of `uglify-js` prior to...\",\n \"recommendation\": \"Update to version 2.6.0 or later.\"\n },\n \"analysis\": {\n \"isSuppressed\": false\n },\n \"matrix\": \"ca4f2da9-0fad-4a13-92d7-f627f3168a56:979f87f5-eaf5-4095-9d38-cde17bf9228e:701a3953-666b-4b7a-96ca-e1e6a3e1def3\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Update to version 2.6.0 or later.",
"start_time": "2022-02-18T23:31:42Z"
}
]
}
],
"sha256": "5bbda4b1d386b05957e95e2701d9cf675ecec96aa07ca3e043edd565794c8277"
}
],
"passthrough": {
"raw": {
"version": "1.1",
"meta": {
"application": "Dependency-Track",
"version": "4.5.0",
"timestamp": "2022-02-18T23:31:42Z",
"baseUrl": "http://dtrack.example.org"
},
"project": {
"uuid": "ca4f2da9-0fad-4a13-92d7-f627f3168a56",
"name": "Acme Example",
"version": "1.0",
"description": "A sample application"
},
"findings": [
{
"component": {
"uuid": "b815b581-fec1-4374-a871-68862a8f8d52",
"name": "timespan",
"version": "2.3.0",
"purl": "pkg:npm/[email protected]",
"latestVersion": "3.2.0"
},
"vulnerability": {
"uuid": "115b80bb-46c4-41d1-9f10-8a175d4abb46",
"source": "NPM",
"vulnId": "533",
"title": "Regular Expression Denial of Service",
"subtitle": "timespan",
"severity": "LOW",
"severityRank": 3,
"cweId": 400,
"cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')",
"cwes": [
{
"cweId": 400,
"name": "Uncontrolled Resource Consumption ('Resource Exhaustion')"
}
],
"description": "Affected versions of `timespan`...",
"recommendation": "No direct patch is available..."
},
"analysis": {
"state": "NOT_SET",
"isSuppressed": false
},
"matrix": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46"
},
{
"component": {
"uuid": "979f87f5-eaf5-4095-9d38-cde17bf9228e",
"name": "uglify-js",
"version": "2.4.24",
"purl": "pkg:npm/[email protected]"
},
"vulnerability": {
"uuid": "701a3953-666b-4b7a-96ca-e1e6a3e1def3",
"source": "NPM",
"vulnId": "48",
"aliases": [
{
"cveId": "CVE-2022-2053",
"ghsaId": "GHSA-95rf-557x-44g5"
}
],
"title": "Regular Expression Denial of Service",
"subtitle": "uglify-js",
"severity": "LOW",
"severityRank": 3,
"cweId": 400,
"cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')",
"cwes": [
{
"cweId": 400,
"name": "Uncontrolled Resource Consumption ('Resource Exhaustion')"
}
],
"description": "Versions of `uglify-js` prior to...",
"recommendation": "Update to version 2.6.0 or later."
},
"analysis": {
"isSuppressed": false
},
"matrix": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:979f87f5-eaf5-4095-9d38-cde17bf9228e:701a3953-666b-4b7a-96ca-e1e6a3e1def3"
}
]
}
}
}
Loading

0 comments on commit 9d5358c

Please sign in to comment.