Skip to content

Commit

Permalink
importer: trivy_operator: provide more details on package vulnerabili…
Browse files Browse the repository at this point in the history
…ties and config issues
  • Loading branch information
pna-nca committed Jul 31, 2024
1 parent 29ad25e commit 5c7874e
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 3 deletions.
30 changes: 28 additions & 2 deletions dojo/tools/trivy_operator/checks_handler.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
from dojo.models import Finding

CHECK_DESCRIPTION_TEMPLATE = """{description}
**Category**: {category}
**Scope**: {scope}
**Details**:
{details}
"""

TRIVY_SEVERITIES = {
"CRITICAL": "Critical",
"HIGH": "High",
Expand All @@ -22,17 +29,36 @@ def handle_checks(self, endpoint, service, checks, test):
"https://avd.aquasec.com/misconfig/kubernetes/"
+ check_id.lower()
)
check_description = check.get("description", "")
title = f"{check_id} - {check_title}"
mitigation = check.get("remediation")

details = ""
for message in check.get("messages"):
details += f"{message}\n"

scope = "undefined"
if check.get("scope"):
scope_type = check.get("scope").get("type")
scope_value = check.get("scope").get("value")
scope = f"{scope_type} {scope_value}"

description = CHECK_DESCRIPTION_TEMPLATE.format(
category=check.get("category"),
description=check.get("description"),
details=details,
scope=scope
)

finding = Finding(
test=test,
title=title,
severity=check_severity,
references=check_references,
description=check_description,
description=description,
static_finding=True,
dynamic_finding=False,
service=service,
mitigation=mitigation,
)
if check_id:
finding.unsaved_vulnerability_ids = [check_id]
Expand Down
12 changes: 11 additions & 1 deletion dojo/tools/trivy_operator/vulnerability_handler.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
from dojo.models import Finding

DESCRIPTION_TEMPLATE = """{title}
**Details:**
{description}
**Fixed version:** {fixed_version}
CVE published on: {published_date}
"""

TRIVY_SEVERITIES = {
Expand Down Expand Up @@ -54,8 +57,15 @@ def handle_vulns(self, endpoint, service, vulnerabilities, test):
else:
file_path = None

vuln_description = "no details"
if len(vulnerability.get("description", "")) > 0:
vuln_description = vulnerability.get("description")

description = DESCRIPTION_TEMPLATE.format(
title=vulnerability.get("title"), fixed_version=mitigation
title=vulnerability.get("title"),
fixed_version=mitigation,
published_date=vulnerability.get("publishedDate"),
description=vuln_description
)

title = f"{vuln_id} {package_name} {package_version}"
Expand Down

0 comments on commit 5c7874e

Please sign in to comment.