-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify Collection; Add prefetch vulnerabilities step #124
Conversation
const assetEntity = createIntegrationEntity({ | ||
entityData: { | ||
source: {}, | ||
source: { | ||
vulnerabilities: asset.vulnerabilities, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding just the vulnerabilities part to rawData will simplify data collection later allowing us to not build the assetVulnCountMap
@@ -33,16 +31,13 @@ export async function fetchSiteAssets({ | |||
await apiClient.iterateSiteAssets( | |||
siteEntity.id as string, | |||
async (assets) => { | |||
const siteAssetRelationships: ReturnType< | |||
typeof createDirectRelationship | |||
>[] = []; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No longer keeping these in memory. Just writing them like normal to the jobState.
return { | ||
_key: getAssetVulnerabilityKey(assetId, finding.id), | ||
_type: entities.FINDING._type, | ||
_class: entities.FINDING._class, | ||
id: `${finding.id}`, | ||
name: finding.id, | ||
category: 'host', | ||
open: finding.status === VulnerabilityState.VULNERABLE ? true : undefined, | ||
severity: vulnerability.severity, | ||
numericSeverity: vulnerability.numericSeverity, | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Creating entity manually to avoid the extra allocation that createIntegrationEntity does. Also dropping rawData for the moment.
} | ||
|
||
export async function fetchAssetVulnerabilityFindings( | ||
export async function prefetchVulnerabilities( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefetch vulnerabilities is designed to be able to run as soon as the integration starts and alongside any other steps. It will collect and store the vulnerabilities as entities on disk. It's results will be used later by the vulnerabilities step where it will first try to get it from the cache and then collect it individually if it isn't found.
if (severityMask === 0 && asset.vulnerabilities.total) { | ||
return true; | ||
} else if ( | ||
severityMask === 1 && | ||
(asset.vulnerabilities.critical || asset.vulnerabilities.severe) | ||
) { | ||
return true; | ||
} else if (severityMask === 2 && asset.vulnerabilities.critical) { | ||
return true; | ||
} | ||
return false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If someone picks Critical & Moderate this will fail.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@jupiterone/integration-sdk-core@12.7.0-alpha.0, npm/@jupiterone/integration-sdk-dev-tools@12.7.0-alpha.0, npm/@jupiterone/integration-sdk-testing@12.7.0-alpha.0 |
Description
This PR is intended to simplify collection of data by: