Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cwe): add cwe into sarif report and KICS CLI results #6845

Merged
merged 58 commits into from
Feb 6, 2024
Merged

feat(cwe): add cwe into sarif report and KICS CLI results #6845

merged 58 commits into from
Feb 6, 2024

Conversation

ArturRibeiro-CX
Copy link
Contributor

Proposed Changes

  • add cwe into sarif report and KICS CLI results.

I submit this contribution under the Apache-2.0 license.

@github-actions github-actions bot added the feature New feature label Jan 4, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 4, 2024
edited

kics-logo

KICS version: v1.7.11

Category Results
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 49
Queries failed to execute placeholder 0
Execution time placeholder 1

@ArturRibeiro-CX ArturRibeiro-CX self-assigned this Jan 5, 2024
JoaoCxMartins
JoaoCxMartins requested changes Jan 8, 2024
View reviewed changes
Copy link
Collaborator

@JoaoCxMartins JoaoCxMartins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove development of cyclonedx to another branch

pkg/report/model/cyclonedx_test.go Outdated Show resolved Hide resolved
@gabriel-cx gabriel-cx mentioned this pull request Jan 8, 2024
Merged
JoaoCxMartins
JoaoCxMartins previously approved these changes Jan 9, 2024
View reviewed changes
gabriel-cx
gabriel-cx reviewed Jan 9, 2024
View reviewed changes
pkg/report/model/sarif.go Outdated
@@ -43,6 +43,7 @@ type ruleCISMetadata struct {
type sarifMessage struct {
Text string `json:"text"`
MessageProperties sarifProperties `json:"properties,omitempty"`
CWE string `json:"cwe,omitempty"`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we really need this item?

gabriel-cx
gabriel-cx previously approved these changes Jan 9, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 19, 2024
View reviewed changes
pkg/report/model/sarif.go Fixed Show fixed Hide fixed
pkg/report/model/sarif.go Fixed Show fixed Hide fixed
ArturRibeiro-CX and others added 14 commits January 23, 2024 15:05
@ArturRibeiro-CX
relationship target changed from array to object
8770998
@ArturRibeiro-CX
fix to index being required in relationships as CWE does not require …
7786f26 
…index
@ArturRibeiro-CX
fix to name and guid not being required and lenght of this parameters
1cd8a84
@ArturRibeiro-CX
fix id lenght when parameters are empty in relationships
ffebe5b
@ArturRibeiro-CX
changes to sarif report cwe field empty or not and according files
8ba89af
@ArturRibeiro-CX
change to name being required on toolComponent and not target in rela…
655febf 
…tionships
@ArturRibeiro-CX
add test to printer with CWE field
9c48780
@ArturRibeiro-CX
Merge branch 'master' into cwe
0e4a197
@ArturRibeiro-CX
add test case for vulnerability builder test with CWE field
9da0e25
@ArturRibeiro-CX
add test to summary_test
6138693
@ArturRibeiro-CX
changes to summary_test to have CWE complete
86ef7e0
@ArturRibeiro-CX
add tests for taxonomies and taxa fields in sarif report
f5ca9b6
@ArturRibeiro-CX
add one more test to taxonomies definition with no CWE field
8f40e37
@ArturRibeiro-CX
added test for reading the csv file with CWE info correctly
5634af0
gabriel-cx
gabriel-cx requested changes Jan 26, 2024
View reviewed changes
Dockerfile Outdated
@@ -66,6 +66,7 @@ RUN wget https://github.com/GoogleCloudPlatform/terraformer/releases/download/0.
# kics-scan ignore-line
COPY --from=build_env /app/bin/kics /app/bin/kics
COPY --from=build_env /app/assets/queries /app/bin/assets/queries
COPY --from=build_env /app/assets/cwe_csv/* /app/bin/assets/cwe_csv
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kindly perform this same update into this dockerfiles if needed

@Jeeppler
Copy link
Contributor

Relates to: #6373

JoaoCxMartins
JoaoCxMartins previously approved these changes Jan 29, 2024
View reviewed changes
cxMiguelSilva
cxMiguelSilva previously approved these changes Jan 29, 2024
View reviewed changes
Copy link
Collaborator

@cxMiguelSilva cxMiguelSilva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work @ArturRibeiro-CX 🙌
Just make sure the dockerfiles work as expected for the ones not tested in workflows as @gabriel-cx mentioned.

@asofsilva asofsilva merged commit 730aa82 into master Feb 6, 2024
20 checks passed
@asofsilva asofsilva deleted the cwe branch February 6, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gabriel-cx gabriel-cx gabriel-cx approved these changes

@JoaoCxMartins JoaoCxMartins JoaoCxMartins left review comments

@cxMiguelSilva cxMiguelSilva cxMiguelSilva left review comments

Assignees

@ArturRibeiro-CX ArturRibeiro-CX

Labels
feature New feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@ArturRibeiro-CX @Jeeppler @JoaoCxMartins @cxMiguelSilva @gabriel-cx @asofsilva