Skip to content

Commit

Permalink
feat(#2439): populate CVSS scores in SARIF files
Browse files Browse the repository at this point in the history
  • Loading branch information
@schottsfired
schottsfired committed Mar 4, 2024
1 parent b64d765 commit 13da263
Show file tree
Hide file tree
Showing 7 changed files with 13 additions and 4 deletions.
3 changes: 2 additions & 1 deletion src/lib/formatters/open-source-sarif-output.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,8 @@ ${vuln.description}`.replace(/##\s/g, '# '),
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
testResult.packageManager!,
],
cvssv3_baseScore: vuln.cvssScore,
cvssv3_baseScore: vuln.cvssScore, // AWS
'security-severity': vuln.cvssScore, // GitHub
},
};
},
Expand Down
3 changes: 2 additions & 1 deletion src/lib/formatters/sarif-output.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,8 @@ export function getTool(testResult): sarif.Tool {
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
testResult.packageManager!,
],
cvssv3_baseScore: vuln.cvssScore,
cvssv3_baseScore: vuln.cvssScore, // AWS
'security-severity': vuln.cvssScore, // GitHub
},
};
})
Expand Down
3 changes: 2 additions & 1 deletion test/fixtures/docker/sarif-container-result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"security",
"deb"
],
"cvssv3_baseScore": 6.5
"cvssv3_baseScore": 6.5,
"security-severity": 6.5
}
}
]
Expand Down
3 changes: 2 additions & 1 deletion test/fixtures/docker/sarif-with-file-container-result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"security",
"deb"
],
"cvssv3_baseScore": 6.5
"cvssv3_baseScore": 6.5,
"security-severity": 6.5
}
}
]
Expand Down
1 change: 1 addition & 0 deletions test/jest/acceptance/snyk-test/output-formats/sarif.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ describe('snyk test --sarif', () => {

expect(stdout).toContain('"artifactsScanned": 1');
expect(stdout).toContain('"cvssv3_baseScore": 5.3');
expect(stdout).toContain('"security-severity": 5.3');
expect(stdout).toContain('"fullyQualifiedName": "[email protected]"');
expect(stdout).toContain('Upgrade to [email protected]');
});
Expand Down
1 change: 1 addition & 0 deletions test/jest/unit/lib/formatters/__snapshots__/open-source-sarif-output.spec.ts.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ Object {
"id": "SNYK-JS-AJV-584908",
"properties": Object {
"cvssv3_baseScore": 7.5,
"security-severity": 7.5,
"tags": Array [
"security",
"CWE-400",
Expand Down
3 changes: 3 additions & 0 deletions test/jest/unit/lib/formatters/__snapshots__/sarif-output.spec.ts.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
"id": "SNYK-LINUX-EXPAT-450908",
"properties": Object {
"cvssv3_baseScore": 7.5,
"security-severity": 7.5,
"tags": Array [
"security",
"CWE-611",
Expand Down Expand Up @@ -161,6 +162,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
"id": "SNYK-LINUX-EXPAT-450908",
"properties": Object {
"cvssv3_baseScore": 7.5,
"security-severity": 7.5,
"tags": Array [
"security",
"npm",
Expand Down Expand Up @@ -250,6 +252,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
"id": "SNYK-LINUX-EXPAT-450908",
"properties": Object {
"cvssv3_baseScore": 7.5,
"security-severity": 7.5,
"tags": Array [
"security",
"CWE-611",
Expand Down

0 comments on commit 13da263

Please sign in to comment.