diff --git a/.github/workflows/security-ci.yml b/.github/workflows/security-ci.yml index d4ff7fe32..98d354137 100644 --- a/.github/workflows/security-ci.yml +++ b/.github/workflows/security-ci.yml @@ -91,26 +91,32 @@ jobs: output_file_path = './license-scan-result.txt' results = [] vulnerabilities = data['vulnerabilities'] + flagged_license = ["GPL", "MPL", "AGPL", "OSL", "EUPL", "LGPL", "CDDL", "CC-BY"] for vulnerability in vulnerabilities: - if 'type' in vulnerability and vulnerability['type'] == 'license': + if 'type' in vulnerability and vulnerability['type'] == 'license' and any(map(vulnerability['license'].__contains__, flagged_license)): title = vulnerability['title'] package_name = vulnerability['name'] version = vulnerability['version'] severity = vulnerability['severity'] license = vulnerability['license'] introduced = vulnerability['from'] + if len(introduced) < 3: + type = "Direct" + else: + type = "Indirect" result = { 'Title': title, 'Package Name': package_name, 'Package Version': version, 'Severity': severity, 'License Info': license, - 'Introduced': introduced + 'Introduced': introduced, + 'Dependency' : type } results.append(result) with open(output_file_path, 'w') as file: - file.write("|Title|Package Name|Package Version|Severity|License Info|Introduced|\n") - file.write("|---|---|---|---|---|---|\n") + file.write("|Title|Package Name|Package Version|Severity|License Info|Introduced|Dependency Type|\n") + file.write("|---|---|---|---|---|---|---|\n") for result in results: file.write(f"{result['Title']} | ") file.write(f"{result['Package Name']} | ") @@ -118,6 +124,7 @@ jobs: file.write(f"{result['Severity']} | ") file.write(f"{result['License Info']} | ") file.write(f"{result['Introduced']} |") + file.write(f"{result['Dependency']} |") file.write("\n") file.write(f"\nTotal License Issues: {len(results)}") file.close() @@ -155,4 +162,4 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: body - }); \ No newline at end of file + });