Merge pull request DependencyTrack#2585 from Citi/Issue-2571-map-snyk…

…-remedies

Issue-2571 : map Snyk remedies to recommendation

Closes DependencyTrack#2571

src/main/java/org/dependencytrack/parser/snyk/SnykParser.java

@@ -82,6 +82,16 @@ public Vulnerability parse(JSONArray data, QueryManager qm, String purl, int cou
                     } else {
                         vsList = parseVersionRanges(qm, purl, representation);
                     }
+
+                    JSONArray remedies = coordinates.getJSONObject(countCoordinates).optJSONArray("remedies");
+                    if (remedies != null) {
+                        var recommendation = "";
+                        for (int remedyCount = 0; remedyCount < remedies.length(); remedyCount++) {
+                            var remedy = remedies.getJSONObject(remedyCount).optString("description");
+                            recommendation += remedy + System.lineSeparator();
+                        }
+                        vulnerability.setRecommendation(recommendation);
+                    }
                 }
             }
             final List<VulnerableSoftware> vsListOld = qm.detach(qm.getVulnerableSoftwareByVulnId(vulnerability.getSource(), vulnerability.getVulnId()));

src/test/java/org/dependencytrack/tasks/scanners/SnykAnalysisTaskTest.java

@@ -302,6 +302,7 @@ public void testAnalyzeWithRateLimiting() {
         assertThat(vulnerability.getSeverity()).isEqualTo(Severity.HIGH);
         assertThat(vulnerability.getCreated()).isInSameDayAs("2022-10-31");
         assertThat(vulnerability.getUpdated()).isInSameDayAs("2022-11-26");
+        assertThat(vulnerability.getRecommendation()).contains("Upgrade the package version to 5.0.4,6.0.4 to fix this vulnerability");
         assertThat(vulnerability.getAliases()).satisfiesExactly(
                 alias -> {
                     assertThat(alias.getSnykId()).isEqualTo("SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135");