aws-actions
diff --git a/‎entrypoint/entrypoint/pkg_vuln.py‎
Lines changed: 17 additions & 6 deletions b/‎entrypoint/entrypoint/pkg_vuln.py‎
Lines changed: 17 additions & 6 deletions
diff --git a/‎entrypoint/tests/test_data/scan_results/amazonlinux:latest.json.scan.csv‎
Lines changed: 10 additions & 10 deletions b/‎entrypoint/tests/test_data/scan_results/amazonlinux:latest.json.scan.csv‎
Lines changed: 10 additions & 10 deletions
@@ -177,17 +177,18 @@ def get_affected_packages(v, components) -> AffectedPackages:
     if not affected_bom_refs:
         return AffectedPackages()
 
-    for each_bomref in affected_bom_refs:
-        for each_component in components:
-            ref = each_component.get("bom-ref")
+    flattened_components = flatten_nested_components(components)
+    for component in flattened_components:
+        for bom_ref in affected_bom_refs:
+            ref = component.get("bom-ref")
             if not ref:
                 continue
-            if ref == each_bomref["ref"]:
-                purl = each_component.get("purl")
+            if ref == bom_ref["ref"]:
+                purl = component.get("purl")
                 if purl:
                     purl = urllib.parse.unquote(purl)
                     affected_package_urls.append(purl)
-                pkg_path = getPropertyValueFromKey(each_component, "amazon:inspector:sbom_scanner:path")
+                pkg_path = getPropertyValueFromKey(component, "amazon:inspector:sbom_scanner:path")
                 if pkg_path:
                     affected_package_paths.append(pkg_path)
 
@@ -282,6 +283,16 @@ def get_epss_score(ratings):
     return None
 
 
+def flatten_nested_components(components):
+    flattened_components = []
+    for each_component in components:
+        flattened_components.append(each_component)
+        if "components" in each_component:
+            nested_components = flatten_nested_components(each_component["components"])
+            flattened_components.extend(nested_components)
+    return flattened_components
+
+
 def combine_str_list_into_one_str(str_list: list[str]) -> str:
     str_element = ";".join(str_list)
     if str_element == "":
 
@@ -1,20 +1,20 @@
 "#artifact_name:null","artifact_type:null","artifact_hash:null","build_id:null"
 "#critical_vulnerabilities:null","high_vulnerabilities:null","medium_vulnerabilities:null","low_vulnerabilities:null","other_vulnerabilities:null"
 "ID","Severity","Source","CVSS","Installed Package","Fixed Package","Path","EPSS","Exploit Available","Exploit Last Seen","CWEs"
-"CVE-2023-46218","medium","NVD","6.5","pkg:rpm/amazon/curl[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/libcurl-minimal@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2","null","0.00071","true","2024-05-20T13:08:30Z","null"
-"CVE-2023-45918","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/ncurses-base@6.2-4.20200222.amzn2023.0.5?arch=noarch&distro=2023&epoch=0","0:6.2-4.20200222.amzn2023.0.6;0:6.2-4.20200222.amzn2023.0.6;0:6.2-4.20200222.amzn2023.0.6","null","0.00043","null","null","null"
-"CVE-2021-35939","medium","NVD","6.7","pkg:rpm/amazon/rpm-build-[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/rpm-libs@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-[email protected]?arch=x86_64&distro=2023&epoch=0","0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6","null","0.00075","null","null","CWE-59"
+"CVE-2023-46218","medium","NVD","6.5","pkg:rpm/amazon/libcurl[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/curl@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/curl-minimal@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2","null","0.00071","true","2024-05-20T13:08:30Z","null"
+"CVE-2023-45918","untriaged","NVD","null","pkg:rpm/amazon/ncurses-base@6.2-4.20200222.amzn2023.0.5?arch=noarch&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:6.2-4.20200222.amzn2023.0.6;0:6.2-4.20200222.amzn2023.0.6;0:6.2-4.20200222.amzn2023.0.6","null","0.00043","null","null","null"
+"CVE-2021-35939","medium","NVD","6.7","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-rpm@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/rpm-build-libs@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0","0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6","null","0.00075","null","null","CWE-59"
 "CVE-2024-2398","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.4;0:8.5.0-1.amzn2023.0.4;0:8.5.0-1.amzn2023.0.4","null","0.00044","null","null","null"
-"CVE-2024-2961","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/glibc-common@2.34-52.amzn2023.0.7?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:2.34-52.amzn2023.0.10;0:2.34-52.amzn2023.0.10;0:2.34-52.amzn2023.0.10","null","0.00044","true","2024-05-20T21:13:25Z","CWE-787"
+"CVE-2024-2961","untriaged","NVD","null","pkg:rpm/amazon/glibc-common@2.34-52.amzn2023.0.7?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:2.34-52.amzn2023.0.10;0:2.34-52.amzn2023.0.10;0:2.34-52.amzn2023.0.10","null","0.00044","true","2024-05-20T21:13:25Z","CWE-787"
 "CVE-2024-26462","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:1.21-3.amzn2023.0.4","null","0.00043","null","null","null"
 "CVE-2024-26461","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:1.21-3.amzn2023.0.4","null","0.00043","null","null","null"
-"CVE-2021-35938","medium","NVD","6.7","pkg:rpm/amazon/rpm-build-[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/rpm-libs@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-[email protected]?arch=x86_64&distro=2023&epoch=0","0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6","null","0.00075","null","null","CWE-59"
+"CVE-2021-35938","medium","NVD","6.7","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-rpm@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/rpm-build-libs@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0","0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6","null","0.00075","null","null","CWE-59"
 "CVE-2024-2004","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.4;0:8.5.0-1.amzn2023.0.4;0:8.5.0-1.amzn2023.0.4","null","0.00044","null","null","null"
-"CVE-2024-0853","medium","NVD","5.3","pkg:rpm/amazon/curl@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/curl-minimal@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/libcurl[email protected]?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.3;0:8.5.0-1.amzn2023.0.3;0:8.5.0-1.amzn2023.0.3","null","0.00058","true","2024-05-18T20:41:40Z","CWE-295"
+"CVE-2024-0853","medium","NVD","5.3","pkg:rpm/amazon/libcurl-minimal@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/curl[email protected]?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.3;0:8.5.0-1.amzn2023.0.3;0:8.5.0-1.amzn2023.0.3","null","0.00058","true","2024-05-18T20:41:40Z","CWE-295"
 "CVE-2024-28757","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:2.5.0-1.amzn2023.0.4","null","0.00044","true","2024-05-17T01:55:59Z","null"
 "CVE-2023-6597","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:3.9.16-1.amzn2023.0.8;0:3.9.16-1.amzn2023.0.8","null","0.00044","null","null","null"
-"CVE-2024-28182","untriaged","NVD","null","pkg:rpm/amazon/nghttp2@1.57.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/libnghttp2@1.57.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0","0:1.59.0-3.amzn2023.0.1;0:1.59.0-3.amzn2023.0.1","null","0.00044","true","2024-05-20T15:47:49Z","CWE-770"
+"CVE-2024-28182","untriaged","NVD","null","pkg:rpm/amazon/libnghttp2@1.57.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/nghttp2@1.57.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0","0:1.59.0-3.amzn2023.0.1;0:1.59.0-3.amzn2023.0.1","null","0.00044","true","2024-05-20T15:47:49Z","CWE-770"
 "CVE-2024-26458","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:1.21-3.amzn2023.0.4","null","0.00043","null","null","null"
-"CVE-2021-35937","medium","NVD","6.4","pkg:rpm/amazon/rpm-build-[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/rpm-libs@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-[email protected]?arch=x86_64&distro=2023&epoch=0","0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6","null","0.00086","null","null","CWE-367;CWE-59"
-"CVE-2024-0450","untriaged","NVD","null","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-libs@3.9.16-1.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0","0:3.9.16-1.amzn2023.0.7;0:3.9.16-1.amzn2023.0.7","null","0.00046","null","null","CWE-405"
-"ALAS2023-2024-558","low","AMAZON_INSPECTOR","null","pkg:rpm/amazon/curl[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/libcurl-minimal@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2","null","null","null","null","null"
+"CVE-2021-35937","medium","NVD","6.4","pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/python3-rpm@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/rpm-build-libs@4.16.1.3-12.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0","0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6;0:4.16.1.3-29.amzn2023.0.6","null","0.00086","null","null","CWE-367;CWE-59"
+"CVE-2024-0450","untriaged","NVD","null","pkg:rpm/amazon/python3-libs@3.9.16-1.amzn2023.0.6?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/[email protected]?arch=x86_64&distro=2023&epoch=0","0:3.9.16-1.amzn2023.0.7;0:3.9.16-1.amzn2023.0.7","null","0.00046","null","null","CWE-405"
+"ALAS2023-2024-558","low","AMAZON_INSPECTOR","null","pkg:rpm/amazon/libcurl[email protected]?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/curl@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0;pkg:rpm/amazon/curl-minimal@8.5.0-1.amzn2023.0.1?arch=x86_64&distro=2023&epoch=0","0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2;0:8.5.0-1.amzn2023.0.2","null","null","null","null","null"