Skip to content

Write CSV with no vulns #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 30, 2024
Merged

Write CSV with no vulns #86

merged 4 commits into from
Aug 30, 2024

Conversation

bluesentinelsec
Copy link
Contributor

@bluesentinelsec bluesentinelsec commented Aug 30, 2024
edited
Loading

Currently this action does not write CSV files if no vulns are found; however, the JSON and markdown files are written regardless, causing inconsistency that raises confusion for users (#85).

After this change, the CSV file is written regardless if there are vulns or not.

@bluesentinelsec bluesentinelsec changed the title WIP: investigate issue 85 Write CSV with no vulns Aug 30, 2024
@bluesentinelsec
Copy link
Contributor Author

Merging to main because the code changes aren't propagating to the actions, and I cannot determine if the change is successful.

@bluesentinelsec bluesentinelsec merged commit 3aa7bb2 into main Aug 30, 2024
11 of 12 checks passed
@bluesentinelsec bluesentinelsec deleted the issue85_csv_write branch August 30, 2024 18:45
bluesentinelsec added a commit that referenced this pull request Jul 1, 2025
@bluesentinelsec @clueleaf @CarolMebiom
Sync 1.x to branch v1.3.0 (#124)
8a46d20 
* replace scanner example (#84)

* Write CSV with no vulns (#86)

* reproducing issue - test 1

* resolve issue 85 - test 2

* test 3

* test fix

---------

Co-authored-by: Michael Long <mlongii@amazon.com>

* testing CSV with no vulns

* test against main branch

* Write Dockerfile CSV and Markdown on no vulns (#88)

Co-authored-by: Michael Long <mlongii@amazon.com>

* Set example workflows to main branch for testing

* Display 'no vulns found' for Dockerfiles (#92)

Co-authored-by: Michael Long <mlongii@amazon.com>

* Tweak dockerfile report (#93)

Co-authored-by: Michael Long <mlongii@amazon.com>

* Omit Dockerfile table on no vulns (#94)

Co-authored-by: Michael Long <mlongii@amazon.com>

* Updated workflows to v1.x - testing auto-updates (#96)

Co-authored-by: Michael Long <mlongii@amazon.com>

* update README (#97)

Co-authored-by: Michael Long <mlongii@amazon.com>

* Extend vulnerability severity providers (#98)

* Add severity providers: GHSA, GitLab

* Add severity providers: GHSA, GitLab

* Add REDHAT_CVE and UBUNTU_CVE providers

* rename GHSA to GITHUB

---------

Co-authored-by: Michael Long <mlongii@amazon.com>

* Add platform argument for container image scans (#102)

* add --platform support for multi-arch containers

* test multi-arch images on current branch

* test actions against sbomgen 1.5.1-beta

* fix --platform parsing error

* fix platform parsing bug

* test workflows on sbomgen latest (1.5.2)

* Validate --platform input

* Add more test cases, and revert workflow definitions

* fix typo in platform arg

---------

Co-authored-by: Michael Long <mlongii@amazon.com>

* Improve severity rating consistency (#112)

* fix severity rating mismatch

* temporarily add a test workflow

* Fix type issue: float provided, expected string

* Rename workflow / job name

* Add severity comparison logic

* Revise severity sorting and selection logic

* return default values on error

* skip EPSS ratings for severity column

* debugging unknown ratings

* fix ratings with unknown name

* Verify AMAZON_INSPECTOR renders correctly

* fix failing test

* temporarily disable failing tests

* pass unit test: test_parse_inspector_scan_result

* pass unit tests

* change '-f' to '--failfast' for clarity

* Remove unused type cast

* refactor csv test

* severity is rendered as 'other' not 'unknown'

* test build on all actions

* normalize dockerfile findings severity rating

* debugging dockerfile severity

* debugging

* Normalize Dockerfile severity 'info' to 'other'

* restore test actions

* minor comment update

* Remove develop workflow

* Address PR feedback

* test workflows against refactor

* handle edge case CVE-2025-22871

* fix missing severity edge case

* debugging epss

* debugging

* fix flawed test

* added test case for absent severity rating

* revert workflows to v1

---------

Co-authored-by: Michael Long <mlongii@amazon.com>

* Feature request 91 (#115)

* FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts

* Revert "FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts"

This reverts commit bc532d4.

* FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts

* FR-91: Fix unit tests

* FR-91: Fix typo in unit tests

* Revert "FR-91: Fix typo in unit tests"

This reverts commit e645542.

* Revert "FR-91: Fix unit tests"

This reverts commit f9157c9.

* Revert "FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts"

This reverts commit 812c685.

* FR-91: Change orchestrator to only find fixed vulnerabilities if flag show-only-fixed-vulnerabilities is present

* FR-91: Fixed missing variable

* FR-91: Fixed typo

* FR-91: Fixed typo

* FR-91: Another fix

* FR-91: Another fix

* FR-91: Another fix

* FR-91: Another fix

* FR-91: Another fix

* FR-91: Another fix

* FR-91: Another fix

* Add unit test for get_vuln_count

* Fix unit test for get_vuln_count

---------

Co-authored-by: Maria Carolina Conceição <carolina.bento@floy.com>

* Clarify license of inspector-sbomgen dependency (#121)

Co-authored-by: Michael Long <mlongii@amazon.com>

* [v1.3.0] Only trigger vuln threshold on fixable vulns (#122)

* Add --threshold-fixable-only to CLI

* implemented business logic

* changed 'threshold_fixable_only' from str to bool

* Added more test coverage and CLI refinements

* debugging failing unit test

* test threshold-fixable-only in workflow

* test threshold-fixable-only in workflow

* debugging CI/CD

* debugging CI/CD

* debugging

* debugging

* debugging

* debugging

* removed debug log showing CLI arguments

* add missing argument, fixed_vuln_counts

* simplify get_fixed_vuln_counts() return values

* refactor return types in get_scan_result()

* refactor

* refine get_fixed_vuln_counts()

* update test_get_fixed_vuln_counts()

* testing case sensitivity

* revert 'TRUE' to 'true'

* use debug log when vuln doesnt have rating

* integrate --show-only-fixable-vulns (part 1)

* integrate only show fixable vulns

* test example workflows

* fix CLI input arguments

* remove leading '-' character for conditional inclusion

* add a no-op CLI arg (workaround)

* enable new arguments in workflows

* fix failing test

* update workflows for prod

---------

Co-authored-by: Michael Long <mlongii@amazon.com>

* set workflows to v1.3.0 for burn-in

---------

Co-authored-by: clueleaf <10379303+clueleaf@users.noreply.github.com>
Co-authored-by: Michael Long <mlongii@amazon.com>
Co-authored-by: CarolMebiom <59604360+CarolMebiom@users.noreply.github.com>
Co-authored-by: Maria Carolina Conceição <carolina.bento@floy.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bluesentinelsec