Skip to content

Commit

Permalink
Adds enrich flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@djschleen
djschleen authored Mar 21, 2024
1 parent b9b5c00 commit cee8ba7
Show file tree
Hide file tree
Showing 3 changed files with 140 additions and 28 deletions.
151 changes: 129 additions & 22 deletions .vscode/launch.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,159 +3,266 @@
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
"configurations": [
{
"name": "Debug File (ossindex - railsgoat - AI Output)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=ossindex", "--debug=true", "--output=ai", "scan", "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"]
"args": [
"--provider=ossindex",
"--debug=true",
"--output=ai",
"scan",
"./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
]
},
{
"name": "Debug Folder (OSV)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "scan", "./_TESTDATA_/sbom"]
"args": [
"--debug=true",
"scan",
"--enrich",
"epss",
"./_TESTDATA_/sbom"
]
},
{
"name": "Debug Expression License (OSV)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "scan", "./_TESTDATA_/sbom/expression-license.json"]
"args": [
"--debug=true",
"scan",
"./_TESTDATA_/sbom/expression-license.json"
]
},
{
"name": "Debug Folder (ossindex)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=ossindex", "--debug=true", "scan", "./_TESTDATA_/sbom"]
"args": [
"--provider=ossindex",
"--debug=true",
"scan",
"./_TESTDATA_/sbom"
]
},
{
"name": "Debug File (OSS Index - juiceshop, severity = moderate)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--severity=moderate", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--debug=true",
"--severity=moderate",
"--provider=ossindex",
"--enrich=epss",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "Debug File (OSS Index - juiceshop, severity = critical)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--exitcode","--severity=moderate", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--debug=true",
"--exitcode",
"--severity=moderate",
"--provider=ossindex",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "> Debug File (OSS Index - railsgoat, severity = critical, exitcode)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--exitcode","--severity=critical", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"]
"args": [
"--debug=true",
"--exitcode",
"--severity=critical",
"--provider=ossindex",
"scan",
"./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
]
},
{
"name": "Debug File (OSS Index - juiceshop, severity = moderate, exitcode)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--severity=moderate", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--debug=true",
"--severity=moderate",
"--provider=ossindex",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "Debug File (OSV- cargo-valid)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/cargo-valid-bom-1.3.json"]
"args": [
"--debug=true",
"--provider=ossindex",
"scan",
"./_TESTDATA_/sbom/cargo-valid-bom-1.3.json"
]
},
{
"name": "Debug File (Snyk - juiceshop)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=snyk", "--debug=true", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--provider=snyk",
"--debug=true",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "Debug File (OSV - juiceshop)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=osv", "--debug=true", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--provider=osv",
"--debug=true",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "Debug File (OSV - ubuntu-latest.cyclonedx.json)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=osv", "--debug=true", "scan", "./_TESTDATA_/sbom/ubuntu-latest.cyclonedx.json"]
"args": [
"--provider=osv",
"--debug=true",
"scan",
"./_TESTDATA_/sbom/ubuntu-latest.cyclonedx.json"
]
},
{
"name": "Debug File, Output HTML (ossindex - juiceshop)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=ossindex", "--debug=true", "--output=html", "--severity=high", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--provider=ossindex",
"--debug=true",
"--output=html",
"--severity=high",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "Debug File, Output HTML (osv - juiceshop)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--output=html", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": [
"--debug=true",
"--output=html",
"scan",
"./_TESTDATA_/sbom/juiceshop.cyclonedx.json"
]
},
{
"name": "Debug File (ossindex - merged)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=ossindex", "--debug=true", "scan", "./_TESTDATA_/sbom/merged.json"]
"args": [
"--provider=ossindex",
"--debug=true",
"scan",
"./_TESTDATA_/sbom/merged.json"
]
},
{
"name": "Debug File (ossindex - railsgoat)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=ossindex", "--debug=true", "scan", "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"]
"args": [
"--provider=ossindex",
"--debug=true",
"scan",
"./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
]
},
{
"name": "Debug File (osv - railsgoat)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=osv", "--debug=true", "scan", "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"]
"args": [
"--provider=osv",
"--debug=true",
"scan",
"./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
]
},
{
"name": "Debug File, Output JSON (ossindex - railsgoat)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=ossindex", "--debug=true", "--output=json", "scan", "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"]
"args": [
"--provider=ossindex",
"--debug=true",
"--output=json",
"scan",
"./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
]
},
{
"name": "Debug File, Ignore, Output JSON (osv - railsgoat)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--provider=osv", "--debug=true", "--output=json", "--ignore-file=./_TESTDATA_/ignore/bomber.ignore", "scan", "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"]
"args": [
"--provider=osv",
"--debug=true",
"--output=json",
"--ignore-file=./_TESTDATA_/ignore/bomber.ignore",
"scan",
"./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
]
},

]
}
}
4 changes: 4 additions & 0 deletions cmd/scan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package cmd
import (
"log"
"os"
"slices"

"github.com/devops-kung-fu/common/util"
"github.com/gookit/color"
Expand All @@ -21,6 +22,9 @@ var (
Use: "scan",
Short: "Scans a provided SBOM file or folder containing SBOMs for vulnerabilities.",
PreRun: func(cmd *cobra.Command, args []string) {
if output == "ai" && !slices.Contains(scanner.Enrichment, "openai") {
scanner.Enrichment = append(scanner.Enrichment, "openai")

Check warning on line 26 in cmd/scan.go

View check run for this annotation

Codecov / codecov/patch

cmd/scan.go#L25-L26 

Added lines #L25 - L26 were not covered by tests
}
r, err := renderers.NewRenderer(output)
if err != nil {
color.Red.Printf("%v\n\n", err)
Expand Down
13 changes: 7 additions & 6 deletions lib/scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ func (s *Scanner) Scan(args []string) (exitCode int, err error) {
log.Print(err)
return
}
if slices.Contains(s.Enrichment, "openai") {
util.PrintWarning("OpenAI enrichment is experimental and may increase scanning time significantly")

Check warning on line 51 in lib/scanner.go

View check run for this annotation

Codecov / codecov/patch

lib/scanner.go#L51 

Added line #L51 was not covered by tests
}
if len(scanned) > 0 {
util.PrintInfo("Scanning Files:")
for _, f := range scanned {
Expand Down Expand Up @@ -170,14 +173,12 @@ func (s *Scanner) enrichAndIgnoreVulnerabilities(response []models.Package, igno
filteredVulnerabilities := filters.Ignore(p.Vulnerabilities, ignoredCVE)
response[i].Vulnerabilities = filteredVulnerabilities
}
var enrichedVulnerabilities, aienrichedVulnerabilities
if s.Enrichment.Contains("epss") {
enrichedVulnerabilities, _ := epssEnricher.Enrich(p.Vulnerabilities, &s.Credentials)
if slices.Contains(s.Enrichment, "epss") {
response[i].Vulnerabilities, _ = epssEnricher.Enrich(p.Vulnerabilities, &s.Credentials)

Check warning on line 177 in lib/scanner.go

View check run for this annotation

Codecov / codecov/patch

lib/scanner.go#L177 

Added line #L177 was not covered by tests
}
if s.Enrichment.Contains("openai") {
aienrichedVulnerabilities, _ := openaiEnricher.Enrich(enrichedVulnerabilities, &s.Credentials)
if slices.Contains(s.Enrichment, "openai") {
response[i].Vulnerabilities, _ = openaiEnricher.Enrich(response[i].Vulnerabilities, &s.Credentials)

Check warning on line 180 in lib/scanner.go

View check run for this annotation

Codecov / codecov/patch

lib/scanner.go#L180 

Added line #L180 was not covered by tests
}
response[i].Vulnerabilities = aienrichedVulnerabilities
}
}

Expand Down

0 comments on commit cee8ba7

Please sign in to comment.