Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend SecHub CodeScan report parts to have an explanation field inside JSON report #474

Closed
de-jcup opened this issue Dec 7, 2020 · 2 comments
Closed

Extend SecHub CodeScan report parts to have an explanation field inside JSON report #474

de-jcup opened this issue Dec 7, 2020 · 2 comments
Labels
duplicate This issue or pull request already exists enhancement New feature or request report server

Comments

@de-jcup
Copy link
Member

de-jcup commented Dec 7, 2020
edited
Loading

As a developer having a SecHub JSON report, I want to have an explanation field in JSON about the finding.

TODOs

  • change the internal sereco report model
  • provide explanation field(s) also in sechub report JSON model

Still to DECIDE

  • decide which kind of format we will put in (e.g. many products provide a HTML explanation - do we really want to insert HTML here?!?!)
  • decide structure e.g. just a
 "explanation" : "i am the explanation"

or something like

"explanation": {
         "text": "plain text" , 
         "html" : "html content", 
         "links": ["https://owasp.org/topten/xyz"]
 }

the latter one would be nice because we could provide different possibilities (of course those should be optional).
But it would be easier to implement and use - e.g. in plugins - so prefereable

Albert Tregnaghi albert.tregnaghi@daimler.com, Daimler TSS GmbH, imprint
@de-jcup de-jcup added enhancement New feature or request server report labels Dec 7, 2020
This was referenced Dec 7, 2020
Open
Open
Open
@Jeeppler Jeeppler mentioned this issue Dec 17, 2020
Closed
2 tasks
@Jeeppler
Copy link
Member

In my opinion, we should not support HTML itself. However, besides plain text we could support massages in AsciiDoc and/or markdown. For an inspiration: the SARIF format supports messages in plain text and markdown: https://github.com/microsoft/sarif-tutorials/blob/main/docs/3-Beyond-basics.md#more-about-messages

In addition, it would be nice to have an optional language field, for both the explanation text (description) and the links. Maybe, the explanation can look like this:

"explanation": {
         "descriptions": [
                {
                  "text": "plain text" , 
                  "asciidoc" : "asciidoc content",
                  "markdown": "markdown content",
                  "language": "de"
                },
                {
                  "text": "by default we assume English as language for a message"
                }
          ],
         "links": [
                 {
                   "link": "https://owasp.org/de/topten/xyz",
                   "language": "de",
                },
                {
                   "link": "https://owasp.org/topten/xyz"
                }
          ]
 }

@de-jcup de-jcup added this to the Next release planning milestone Jan 21, 2021
@de-jcup
Copy link
Member Author

de-jcup commented Jan 28, 2021

Will be solved with #510

@de-jcup de-jcup closed this as completed Jan 28, 2021
@de-jcup de-jcup added the duplicate This issue or pull request already exists label Jan 28, 2021
@de-jcup de-jcup removed this from the Next release planning milestone Jan 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists enhancement New feature or request report server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jeeppler @de-jcup