Update dependency_scanner.py

vmware · Feb 18, 2025 · 53ac815 · 53ac815
1 parent b25082b
commit 53ac815
Showing 1 changed file with 35 additions and 15 deletions.
diff --git a/scripts/dependency_scanner.py b/scripts/dependency_scanner.py
@@ -208,7 +208,7 @@ def generate_csv_report(self, filename=None):
         os.makedirs(reports_dir, exist_ok=True)
         filepath = os.path.join(reports_dir, filename)
 
-        all_vulnerabilities = []  # We'll still use this, even in the simplified version
+        all_vulnerabilities = []
         repositories = self.client.get_repositories(self.org_name, self.repo_list)
         if not repositories:
             logging.warning("No repositories found to scan.")
@@ -230,31 +230,46 @@ def generate_csv_report(self, filename=None):
 
                     for alert in alerts:
                         try:
-                            # --- EXTREME DEBUGGING: Simplify everything ---
+                            dependency = alert.get("dependency", {})
+                            pkg = dependency.get("package", {})
+                            package_name = pkg.get("name", "N/A")
+                            manifest_path = dependency.get("manifest_path", "N/A")
+                            current_version = self.client.get_dependency_version(repo['owner'], repo['name'], manifest_path)
+
                             security_advisory = alert.get("security_advisory", {})
                             vulnerable_ranges = []
                             for vulnerability in security_advisory.get("vulnerabilities", []):
                                 vulnerable_range_str = vulnerability.get("vulnerable_version_range", "N/A")
                                 vulnerable_ranges.append(vulnerable_range_str)
-                                print(f"DEBUG: Individual vulnerable_range: {vulnerable_range_str}") # Debug each one
+                                print(f"DEBUG: Individual vulnerable_range: {vulnerable_range_str}")  # KEEP THIS
 
                             vulnerable_range = ", ".join(vulnerable_ranges)
-                            print(f"DEBUG: Combined vulnerable_range: {vulnerable_range}")
+                            print(f"DEBUG: Combined vulnerable_range: {vulnerable_range}")  # KEEP THIS
+
+                            severity = security_advisory.get("severity", "N/A")
+                            security_vulnerability = alert.get("security_vulnerability", {})
+                            first_patched = security_vulnerability.get("first_patched_version", {})
+                            update_available = first_patched.get("identifier", "N/A") if first_patched else "N/A"
+
+                            # --- NEW DEBUG PRINT ---
+                            print(f"DEBUG: Data before append: {repo['owner']}/{repo['name']}, {package_name}, {current_version}, {vulnerable_range}, {severity}, {update_available}")
 
-                            # Temporarily just append a simplified dictionary
                             all_vulnerabilities.append({
-                                "Repository Name": repo['name'],  # Use a simple value
-                                "Vulnerable Versions": vulnerable_range, # ONLY this field
+                                "Repository Name": f"{repo['owner']}/{repo['name']}",
+                                "Package Name": package_name,
+                                "Current Version": current_version,
+                                "Vulnerable Versions": vulnerable_range,
+                                "Severity": severity,
+                                "Update Available": update_available
                             })
-                            # --- END EXTREME DEBUGGING ---
-
+                            self.total_vulnerabilities += 1
                         except KeyError as e:
                             logging.warning(f"Missing key in alert data for repo {repo['owner']}/{repo['name']}: {e}. Skipping.")
-                            print(f"KeyError: {e}")
+                            print(f"KeyError: {e}") #KEEP
                             continue
                         except Exception as e:
                             logging.exception(f"Error processing alert data for repo {repo['owner']}/{repo['name']}: {e}. Skipping.")
-                            print(f"Other Exception: {e}")
+                            print(f"Other Exception: {e}") #KEEP
                             continue
                 except Exception as e:
                     logging.exception(f"Error processing repo {repo['owner']}/{repo['name']}: {e}")
@@ -263,15 +278,20 @@ def generate_csv_report(self, filename=None):
             logging.info("No vulnerabilities found.")
             return
 
-        # Simplified writing for debugging
         with open(filepath, "w", newline="", encoding="utf-8") as csvfile:
-            fieldnames = ["Repository Name", "Vulnerable Versions"]  # Only these two columns
+            fieldnames = [
+                "Repository Name",
+                "Package Name",
+                "Current Version",
+                "Vulnerable Versions",
+                "Severity",
+                "Update Available",
+            ]
             writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
             writer.writeheader()
             writer.writerows(all_vulnerabilities)
         logging.info(f"CSV report generated: {filepath}")
-
-
+
     def run_scan(self, filename=None):
         """Runs the complete scan and report generation."""
         self.generate_csv_report(filename)