Write CSV with no vulns (#86)

bluesentinelsec · Michael Long · web-flow · commit 3aa7bb236da1 · 2024-08-30T14:45:08.000-04:00
* reproducing issue - test 1

* resolve issue 85 - test 2

* test 3

* test fix

---------

Co-authored-by: Michael Long &lt;mlongii@amazon.com&gt;
diff --git a/.github/workflows/test_containers.yml b/.github/workflows/test_containers.yml
@@ -35,12 +35,12 @@ jobs:
         uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.3
         with:
           artifact_type: 'container'
-          artifact_path: 'ubuntu:14.04'
+          artifact_path: 'alpine:latest'
           display_vulnerability_findings: "enabled"
-          sbomgen_version: "1.3.1"
+          sbomgen_version: "1.4.0"
 
-      - name: Display scan results
-        run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
+      - name: Display scan results (CSV)
+        run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
 
       - name: Validate scan content
         run: python3 validator/validate_inspector_scan.py --file ${{ steps.inspector.outputs.inspector_scan_results }}
diff --git a/entrypoint/entrypoint/orchestrator.py b/entrypoint/entrypoint/orchestrator.py
@@ -344,10 +344,6 @@ def install_sbomgen(args):
 
 
 def write_pkg_vuln_report_csv(out_scan_csv, scan_result: exporter.InspectorScanResult):
-    if scan_result.total_vulns() == 0:
-        logging.info("skipping package vulnerability CSV report because no vulnerabilities were detected")
-        return
-
     csv_output = exporter.to_csv(scan_result)
 
     logging.info(f"writing package vulnerability CSV report to: {out_scan_csv}")
