@@ -568,7 +568,7 @@ def read_checks(issues: List[Json]) -> Dict[str, SecurityIssue]:
568568
569569 def update_security_section (
570570 existing_issues : List [Json ], actual_issues : List [SecurityIssue ]
571- ) -> Tuple [List [Json ], HistoryChange , ReportSeverity , bool , Json ]:
571+ ) -> Tuple [List [Json ], ReportSeverity , bool , Json ]:
572572 existing = read_checks (existing_issues )
573573 updated : Dict [str , SecurityIssue ] = {} # check id -> issue
574574 diff_compliant : List [Json ] = []
@@ -597,21 +597,22 @@ def update_security_section(
597597 # the node severity is the highest severity of all issues
598598 previous = max ((a .severity for a in existing .values ()), default = ReportSeverity .info )
599599 severity = max ((a .severity for a in updated .values ()), default = ReportSeverity .info )
600- # the node is still vulnerable: the change marks either improvement or worsening
601- change = (
602- HistoryChange . node_compliant
603- # better #1: severity is lower, #2: severity is the same, but less issues
604- if ( severity < previous or ( severity == previous and len ( existing ) > len ( updated )))
605- else HistoryChange . node_vulnerable
606- )
600+ # the node is still vulnerable: the progress marks either improvement (+1), no change (0), or worsening (-1)
601+ if severity < previous or ( severity == previous and len ( existing ) > len ( updated )):
602+ progress = 1
603+ elif severity == previous and len ( existing ) == len ( updated ):
604+ progress = 0
605+ else :
606+ progress = - 1
607607 diff : Json = {
608608 HistoryChange .node_compliant .value : diff_compliant ,
609609 HistoryChange .node_vulnerable .value : diff_vulnerable ,
610+ "progress" : progress ,
610611 }
611612 if existing :
612613 diff ["previous" ] = previous .value
613614 changed = bool (diff_compliant or diff_vulnerable )
614- return [a .to_json () for a in updated .values ()], change , severity , changed , diff
615+ return [a .to_json () for a in updated .values ()], severity , changed , diff
615616
616617 async def update_chunk (chunk : Dict [NodeId , List [SecurityIssue ]]) -> None :
617618 nonlocal nodes_vulnerable_new , nodes_vulnerable_updated
@@ -623,7 +624,7 @@ async def update_chunk(chunk: Dict[NodeId, List[SecurityIssue]]) -> None:
623624 node_id = NodeId (node .pop ("_key" , "" ))
624625 node ["id" ] = node_id # store the id in the id column (not _key)
625626 existing : List [Json ] = value_in_path_get (node , NodePath .security_issues , [])
626- updated , change , severity , changed , diff = update_security_section (existing , chunk .get (node_id , []))
627+ updated , severity , changed , diff = update_security_section (existing , chunk .get (node_id , []))
627628 security_section = dict (
628629 issues = updated ,
629630 opened_at = value_in_path_get (node , NodePath .security_opened_at , now ),
@@ -634,17 +635,16 @@ async def update_chunk(chunk: Dict[NodeId, List[SecurityIssue]]) -> None:
634635 )
635636 node ["security" ] = security_section
636637 node ["changed_at" ] = now
638+ node ["change" ] = "node_vulnerable"
637639 if not existing : # no issues before, but now
638640 nodes_vulnerable_new += 1
639641 security_section ["opened_at" ] = now
640642 security_section ["reopen_counter" ] = security_section ["reopen_counter" ] + 1 # type: ignore
641- node ["change" ] = "node_vulnerable"
642643 node ["diff" ] = diff
643644 nodes_to_insert .append (dict (action = "node_vulnerable" , node_id = node_id , data = node ))
644645 elif changed :
645646 nodes_vulnerable_updated += 1
646647 nodes_to_insert .append (dict (action = "node_vulnerable" , node_id = node_id , data = node ))
647- node ["change" ] = change .value
648648 node ["diff" ] = diff
649649 else : # no change
650650 nodes_to_insert .append (dict (action = "mark" , node_id = node_id , run_id = report_run_id ))
0 commit comments