diff --git a/testdata/messages/summarycomment/violations/security/security_violation_simplified.md b/testdata/messages/summarycomment/violations/security/security_violation_simplified.md
index 159980804..88dfe72a5 100644
--- a/testdata/messages/summarycomment/violations/security/security_violation_simplified.md
+++ b/testdata/messages/summarycomment/violations/security/security_violation_simplified.md
@@ -35,11 +35,8 @@
---
| | |
| --------------------- | :-----------------------------------: |
-| **Contextual Analysis:** | Undetermined |
-| **Direct Dependencies:** | github.com/nats-io/nats-streaming-server:v0.21.0 |
-| **Impacted Dependency:** | github.com/nats-io/nats-streaming-server:v0.21.0 |
-| **Fixed Versions:** | [0.24.1] |
| **CVSS V3:** | - |
+| **Dependency Path:** | github.com/nats-io/nats-streaming-server: v0.21.0 (Direct): Fix Version: [0.24.1] |
Summary XRAY-122345
@@ -68,10 +65,8 @@ some remediation
| | |
| --------------------- | :-----------------------------------: |
| **Contextual Analysis:** | Applicable |
-| **Direct Dependencies:** | component-D:v0.21.0 |
-| **Impacted Dependency:** | component-D:v0.21.0 |
-| **Fixed Versions:** | [0.24.3] |
| **CVSS V3:** | - |
+| **Dependency Path:** | component-D: v0.21.0 (Direct): Fix Version: [0.24.3] |
---
@@ -97,10 +92,7 @@ some remediation
---
| | |
| --------------------- | :-----------------------------------: |
-| **Contextual Analysis:** | Undetermined |
-| **Direct Dependencies:** | github.com/mholt/archiver/v3:v3.5.1 |
-| **Impacted Dependency:** | github.com/mholt/archiver/v3:v3.5.1 |
-| **Fixed Versions:** | - |
| **CVSS V3:** | - |
+| **Dependency Path:** | github.com/mholt/archiver/v3: v3.5.1 (Direct): |
Summary
\ No newline at end of file
diff --git a/testdata/messages/summarycomment/violations/security/security_violation_standard.md b/testdata/messages/summarycomment/violations/security/security_violation_standard.md
index 55b1d196b..9fe90e1c3 100644
--- a/testdata/messages/summarycomment/violations/security/security_violation_standard.md
+++ b/testdata/messages/summarycomment/violations/security/security_violation_standard.md
@@ -22,11 +22,8 @@
### Violation Details
| | |
| --------------------- | :-----------------------------------: |
-| **Contextual Analysis:** | Undetermined |
-| **Direct Dependencies:** | github.com/nats-io/nats-streaming-server:v0.21.0 |
-| **Impacted Dependency:** | github.com/nats-io/nats-streaming-server:v0.21.0 |
-| **Fixed Versions:** | [0.24.1] |
| **CVSS V3:** | - |
+| **Dependency Path:** | github.com/nats-io/nats-streaming-server: v0.21.0 (Direct)
Fix Version: [0.24.1]
component-D: v0.21.0 (Direct)
Fix Version: [0.24.3]
github.com/mholt/archiver/v3: v3.5.1 (Direct)
\ No newline at end of file
diff --git a/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_simplified.md b/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_simplified.md
index 899a11a99..4c5cb3643 100644
--- a/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_simplified.md
+++ b/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_simplified.md
@@ -6,6 +6,6 @@
---
-| Severity | ID | Direct Dependencies | Impacted Dependency | Fixed Versions |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| Medium | CVE-2022-26652 | github.com/nats-io/nats-streaming-server:v0.21.0 | github.com/nats-io/nats-streaming-server v0.21.0 | [0.24.3] |
\ No newline at end of file
+| Severity | ID | Dependency Path |
+| :---------------------: | :-----------------------------------: | ----------------------------------- |
+| Medium | CVE-2022-26652 | 1 Direct: github.com/nats-io/nats-streaming-server:v0.21.0 |
\ No newline at end of file
diff --git a/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_standard.md b/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_standard.md
index 09cfb721e..2f6217aaf 100644
--- a/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_standard.md
+++ b/testdata/messages/summarycomment/vulnerabilities/one_vulnerability_no_details_standard.md
@@ -2,10 +2,6 @@
### 📦 Vulnerable Dependencies
-
-
-| Severity | ID | Direct Dependencies | Impacted Dependency | Fixed Versions |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| Medium | CVE-2022-26652 | github.com/nats-io/nats-streaming-server:v0.21.0 | github.com/nats-io/nats-streaming-server v0.21.0 | [0.24.3] |
-
-
+| Severity | ID | Dependency Path |
+| :---------------------: | :-----------------------------------: | ----------------------------------- |
+| Medium | CVE-2022-26652 | 1 Direct
github.com/nats-io/nats-streaming-server:v0.21.0
-
-| Severity | ID | Direct Dependencies | Impacted Dependency | Fixed Versions |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| Medium | CVE-2022-26652 | github.com/nats-io/nats-streaming-server:v0.21.0 | github.com/nats-io/nats-streaming-server v0.21.0 | [0.24.3] |
-
-
-
+| Severity | ID | Dependency Path |
+| :---------------------: | :-----------------------------------: | ----------------------------------- |
+| Medium | CVE-2022-26652 | 1 Direct
github.com/nats-io/nats-streaming-server:v0.21.0
github.com/nats-io/nats-streaming-server: v0.21.0 (Direct)
Fix Version: [0.24.3]
-
-| Severity | ID | Contextual Analysis | Direct Dependencies | Impacted Dependency | Fixed Versions |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| 
Critical | CVE-1111-11111 | Not Applicable | dep1:1.0.0
dep2:2.0.0 | impacted 3.0.0 | 4.0.0
5.0.0 |
-| 
High | XRAY-122345 | Undetermined | github.com/nats-io/nats-streaming-server:v0.21.0 | github.com/nats-io/nats-streaming-server v0.21.0 | [0.24.1] |
-| 
Medium | CVE-2022-26652
CVE-2023-4321 | Applicable | component-D:v0.21.0 | component-D v0.21.0 | [0.24.3] |
-| 
Low | - | Undetermined | github.com/mholt/archiver/v3:v3.5.1 | github.com/mholt/archiver/v3 v3.5.1 | - |
-
-
-
+| Severity | ID | Contextual Analysis | Dependency Path |
+| :---------------------: | :-----------------------------------: | :-----------------------------------: | ----------------------------------- |
+| 
Critical | CVE-1111-11111 | Not Applicable | 1 Transitive
impacted:3.0.0
High | XRAY-122345 | Undetermined | 1 Direct
github.com/nats-io/nats-streaming-server:v0.21.0
Medium | CVE-2022-26652
CVE-2023-4321 | Applicable | 1 Direct
component-D:v0.21.0
Low | - | Undetermined | 1 Direct
github.com/mholt/archiver/v3:v3.5.1
github.com/nats-io/nats-streaming-server: v0.21.0 (Direct)
Fix Version: [0.24.1]
component-D: v0.21.0 (Direct)
Fix Version: [0.24.3]
github.com/mholt/archiver/v3: v3.5.1 (Direct)
\ No newline at end of file
diff --git a/testdata/messages/summarycomment/vulnerabilities/vulnerabilities_standard_split1.md b/testdata/messages/summarycomment/vulnerabilities/vulnerabilities_standard_split1.md
index 11e307420..b14d62921 100644
--- a/testdata/messages/summarycomment/vulnerabilities/vulnerabilities_standard_split1.md
+++ b/testdata/messages/summarycomment/vulnerabilities/vulnerabilities_standard_split1.md
@@ -2,13 +2,9 @@
### 📦 Vulnerable Dependencies
-
-
-| Severity | ID | Contextual Analysis | Direct Dependencies | Impacted Dependency | Fixed Versions |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| 
Critical | CVE-1111-11111 | Not Applicable | dep1:1.0.0
dep2:2.0.0 | impacted 3.0.0 | 4.0.0
5.0.0 |
-| 
High | XRAY-122345 | Undetermined | github.com/nats-io/nats-streaming-server:v0.21.0 | github.com/nats-io/nats-streaming-server v0.21.0 | [0.24.1] |
-| 
Medium | CVE-2022-26652
CVE-2023-4321 | Applicable | component-D:v0.21.0 | component-D v0.21.0 | [0.24.3] |
-| 
Low | - | Undetermined | github.com/mholt/archiver/v3:v3.5.1 | github.com/mholt/archiver/v3 v3.5.1 | - |
-
-
+| Severity | ID | Contextual Analysis | Dependency Path |
+| :---------------------: | :-----------------------------------: | :-----------------------------------: | ----------------------------------- |
+| 
Critical | CVE-1111-11111 | Not Applicable | 1 Transitive
impacted:3.0.0
High | XRAY-122345 | Undetermined | 1 Direct
github.com/nats-io/nats-streaming-server:v0.21.0
Medium | CVE-2022-26652
CVE-2023-4321 | Applicable | 1 Direct
component-D:v0.21.0
Low | - | Undetermined | 1 Direct
github.com/mholt/archiver/v3:v3.5.1
github.com/nats-io/nats-streaming-server: v0.21.0 (Direct)
Fix Version: [0.24.1]
component-D: v0.21.0 (Direct)
Fix Version: [0.24.3]
github.com/mholt/archiver/v3: v3.5.1 (Direct)
\ No newline at end of file
diff --git a/utils/outputwriter/outputcontent.go b/utils/outputwriter/outputcontent.go
index 9476702a6..5503185f1 100644
--- a/utils/outputwriter/outputcontent.go
+++ b/utils/outputwriter/outputcontent.go
@@ -5,7 +5,6 @@ import (
"sort"
"strings"
- "github.com/jfrog/frogbot/v2/utils/issues"
"github.com/jfrog/froggit-go/vcsutils"
"github.com/jfrog/jfrog-cli-security/utils"
"github.com/jfrog/jfrog-cli-security/utils/formats"
@@ -13,6 +12,8 @@ import (
"github.com/jfrog/jfrog-cli-security/utils/results"
"github.com/jfrog/jfrog-cli-security/utils/severityutils"
"golang.org/x/exp/maps"
+
+ "github.com/jfrog/frogbot/v2/utils/issues"
)
const (
@@ -424,7 +425,7 @@ func GetVulnerabilitiesContent(vulnerabilities []formats.VulnerabilityOrViolatio
if len(vulnerabilities) == 0 {
return []string{}
}
- content = append(content, writer.MarkInCenter(getVulnerabilitiesSummaryTable(vulnerabilities, writer)))
+ content = append(content, getVulnerabilitiesSummaryTable(vulnerabilities, writer))
content = append(content, getScaSecurityIssueDetailsContent(vulnerabilities, false, writer)...)
return ConvertContentToComments(content, writer, getDecoratorWithScaVulnerabilitiesTitle(writer))
}
@@ -445,14 +446,9 @@ func getVulnerabilitiesSummaryTable(vulnerabilities []formats.VulnerabilityOrVio
if writer.IsShowingCaColumn() {
columns = append(columns, "Contextual Analysis")
}
- columns = append(columns, "Direct Dependencies", "Impacted Dependency", "Fixed Versions")
+ columns = append(columns, "Dependency Path")
table := NewMarkdownTable(columns...).SetDelimiter(writer.Separator())
- if _, ok := writer.(*SimplifiedOutput); ok {
- // The values in this cell can be potentially large, since SimplifiedOutput does not support tags, we need to show each value in a separate row.
- // It means that the first row will show the full details, and the following rows will show only the direct dependency.
- // It makes it easier to read the table and less crowded with text in a single cell that could be potentially large.
- table.GetColumnInfo("Direct Dependencies").ColumnType = MultiRowColumn
- }
+ table.GetColumnInfo("Dependency Path").Centered = false
// Construct rows
for _, vulnerability := range vulnerabilities {
row := []CellData{{writer.FormattedSeverity(vulnerability.Severity, vulnerability.Applicable)}, getCveIdsCellData(vulnerability.Cves, vulnerability.IssueId)}
@@ -460,9 +456,7 @@ func getVulnerabilitiesSummaryTable(vulnerabilities []formats.VulnerabilityOrVio
row = append(row, NewCellData(vulnerability.Applicable))
}
row = append(row,
- getDirectDependenciesCellData(vulnerability.Components),
- NewCellData(fmt.Sprintf("%s %s", vulnerability.ImpactedDependencyName, vulnerability.ImpactedDependencyVersion)),
- NewCellData(vulnerability.FixedVersions...),
+ getDependencyPathCellData(vulnerability.ImpactPaths, writer),
)
table.AddRowWithCellData(row...)
}
@@ -596,6 +590,82 @@ func getCveIdsCellData(cveRows []formats.CveRow, issueId string) (ids CellData)
return
}
+func getFinalApplicabilityStatus(cves []formats.CveRow) string {
+ if len(cves) == 0 {
+ return ""
+ }
+
+ statuses := []jasutils.ApplicabilityStatus{}
+ for _, cve := range cves {
+ if cve.Applicability != nil && cve.Applicability.Status != "" {
+ statuses = append(statuses, jasutils.ConvertToApplicabilityStatus(cve.Applicability.Status))
+ }
+ }
+ if len(statuses) == 0 {
+ return ""
+ }
+ return results.GetFinalApplicabilityStatus(true, statuses).String()
+}
+
+func getDependencyPathCellData(impactPaths [][]formats.ComponentRow, writer OutputWriter) CellData {
+ if len(impactPaths) == 0 {
+ return NewCellData()
+ }
+
+ // key: "name:version"
+ directDeps := make(map[string]formats.ComponentRow)
+ transitiveDeps := make(map[string]formats.ComponentRow)
+ extractDependenciesFromImpactPaths(impactPaths, directDeps, transitiveDeps)
+
+ var parts []string
+ if len(directDeps) > 0 {
+ directList := make([]string, 0, len(directDeps))
+ for _, dep := range directDeps {
+ directList = append(directList, results.GetDependencyId(dep.Name, dep.Version))
+ }
+ sort.Strings(directList)
+ directCount := len(directList)
+ directContent := strings.Join(directList, writer.Separator())
+ directSummary := fmt.Sprintf("%d Direct", directCount)
+ directSection := writer.MarkAsDetails(directSummary, 0, directContent)
+ parts = append(parts, directSection)
+ }
+
+ if len(transitiveDeps) > 0 {
+ transitiveList := make([]string, 0, len(transitiveDeps))
+ for _, dep := range transitiveDeps {
+ transitiveList = append(transitiveList, results.GetDependencyId(dep.Name, dep.Version))
+ }
+ sort.Strings(transitiveList)
+ transitiveCount := len(transitiveList)
+ transitiveContent := strings.Join(transitiveList, writer.Separator())
+ transitiveSummary := fmt.Sprintf("%d Transitive", transitiveCount)
+ transitiveSection := writer.MarkAsDetails(transitiveSummary, 0, transitiveContent)
+ parts = append(parts, transitiveSection)
+ }
+
+ if len(parts) == 0 {
+ return NewCellData()
+ }
+ content := strings.Join(parts, "")
+ return NewCellData(content)
+}
+
+func extractDependenciesFromImpactPaths(impactPaths [][]formats.ComponentRow, directDeps map[string]formats.ComponentRow, transitiveDeps map[string]formats.ComponentRow) {
+ for _, path := range impactPaths {
+ if len(path) == 2 {
+ direct := path[1]
+ key := fmt.Sprintf("%s:%s", direct.Name, direct.Version)
+ directDeps[key] = direct
+
+ } else if len(path) > 2 {
+ transitive := path[len(path)-1]
+ key := fmt.Sprintf("%s:%s", transitive.Name, transitive.Version)
+ transitiveDeps[key] = transitive
+ }
+ }
+}
+
func getScaSecurityIssueDetailsContent(issues []formats.VulnerabilityOrViolationRow, violations bool, writer OutputWriter) (content []string) {
issuesWithDetails := getIssuesWithDetails(issues)
if len(issuesWithDetails) == 0 {
@@ -643,16 +713,70 @@ func getComponentIssueIdentifier(key, compName, version, watch string) (id strin
return strings.Join(parts, " ")
}
+func getDependencyPathDetailsContent(impactPaths [][]formats.ComponentRow, fixedVersions []string, writer OutputWriter) string {
+ if len(impactPaths) == 0 {
+ return ""
+ }
+
+ type packageInfo struct {
+ component formats.ComponentRow
+ isDirect bool
+ }
+ packages := make(map[string]packageInfo) // key: "name:version"
+
+ for _, path := range impactPaths {
+ if len(path) == 2 {
+ direct := path[1]
+ key := fmt.Sprintf("%s:%s", direct.Name, direct.Version)
+ packages[key] = packageInfo{component: direct, isDirect: true}
+ } else if len(path) > 2 {
+ transitive := path[len(path)-1]
+ key := fmt.Sprintf("%s:%s", transitive.Name, transitive.Version)
+ packages[key] = packageInfo{component: transitive, isDirect: false}
+ }
+ }
+
+ if len(packages) == 0 {
+ return ""
+ }
+
+ var directEntries []string
+ var transitiveEntries []string
+
+ for _, pkgInfo := range packages {
+ depType := "(Transitive)"
+ if pkgInfo.isDirect {
+ depType = "(Direct)"
+ }
+
+ packageSummary := fmt.Sprintf("%s: %s %s", pkgInfo.component.Name, pkgInfo.component.Version, depType)
+
+ var packageContentParts []string
+ if len(fixedVersions) > 0 {
+ packageContentParts = append(packageContentParts, fmt.Sprintf("Fix Version: %s", fixedVersions[0]))
+ }
+ packageContent := strings.Join(packageContentParts, writer.Separator())
+ packageEntry := writer.MarkAsDetails(packageSummary, 0, packageContent)
+
+ if pkgInfo.isDirect {
+ directEntries = append(directEntries, packageEntry)
+ } else {
+ transitiveEntries = append(transitiveEntries, packageEntry)
+ }
+ }
+ sort.Strings(directEntries)
+ sort.Strings(transitiveEntries)
+ allEntries := make([]string, 0, len(directEntries)+len(transitiveEntries))
+ allEntries = append(allEntries, directEntries...)
+ allEntries = append(allEntries, transitiveEntries...)
+
+ return strings.Join(allEntries, "")
+}
+
func getScaSecurityIssueDetails(issue formats.VulnerabilityOrViolationRow, violations bool, writer OutputWriter) (content string) {
var contentBuilder strings.Builder
- // Title
WriteNewLine(&contentBuilder)
WriteContent(&contentBuilder, writer.MarkAsTitle(fmt.Sprintf("%s Details", getIssueType(violations)), 3))
- // Details Table
- directComponent := []string{}
- for _, component := range issue.ImpactedDependencyDetails.Components {
- directComponent = append(directComponent, results.GetDependencyId(component.Name, component.Version))
- }
noHeaderTable := NewNoHeaderMarkdownTable(2, false)
if len(issue.Policies) > 0 {
noHeaderTable.AddRowWithCellData(NewCellData(MarkAsBold("Policies:")), NewCellData(issue.Policies...))
@@ -664,18 +788,19 @@ func getScaSecurityIssueDetails(issue formats.VulnerabilityOrViolationRow, viola
severity := severityutils.Severity(issue.JfrogResearchInformation.Severity)
noHeaderTable.AddRow(MarkAsBold("Jfrog Research Severity:"), fmt.Sprintf("%s %s", writer.SeverityIcon(severity), severity.String()))
}
- if issue.Applicable != "" {
- noHeaderTable.AddRow(MarkAsBold("Contextual Analysis:"), issue.Applicable)
+ applicableStatus := getFinalApplicabilityStatus(issue.Cves)
+ if applicableStatus != "" {
+ noHeaderTable.AddRow(MarkAsBold("Contextual Analysis:"), applicableStatus)
}
- noHeaderTable.AddRowWithCellData(NewCellData(MarkAsBold("Direct Dependencies:")), NewCellData(directComponent...))
- noHeaderTable.AddRow(MarkAsBold("Impacted Dependency:"), results.GetDependencyId(issue.ImpactedDependencyName, issue.ImpactedDependencyVersion))
- noHeaderTable.AddRowWithCellData(NewCellData(MarkAsBold("Fixed Versions:")), NewCellData(issue.FixedVersions...))
cvss := []string{}
for _, cve := range issue.Cves {
cvss = append(cvss, cve.CvssV3)
}
noHeaderTable.AddRowWithCellData(NewCellData(MarkAsBold("CVSS V3:")), NewCellData(cvss...))
+ if dependencyPathDetails := getDependencyPathDetailsContent(issue.ImpactPaths, issue.FixedVersions, writer); dependencyPathDetails != "" {
+ noHeaderTable.AddRowWithCellData(NewCellData(MarkAsBold("Dependency Path:")), NewCellData(dependencyPathDetails))
+ }
WriteContent(&contentBuilder, noHeaderTable.Build())
// Summary
diff --git a/utils/outputwriter/outputcontent_test.go b/utils/outputwriter/outputcontent_test.go
index 36981740e..9f8ad6e36 100644
--- a/utils/outputwriter/outputcontent_test.go
+++ b/utils/outputwriter/outputcontent_test.go
@@ -4,7 +4,6 @@ import (
"path/filepath"
"testing"
- "github.com/jfrog/frogbot/v2/utils/issues"
"github.com/jfrog/froggit-go/vcsutils"
"github.com/jfrog/jfrog-cli-security/utils"
"github.com/jfrog/jfrog-cli-security/utils/formats"
@@ -13,6 +12,8 @@ import (
"github.com/jfrog/jfrog-cli-security/utils/severityutils"
xrayApi "github.com/jfrog/jfrog-client-go/xray/services/utils"
"github.com/stretchr/testify/assert"
+
+ "github.com/jfrog/frogbot/v2/utils/issues"
)
func TestGetMainCommentContent(t *testing.T) {
@@ -320,6 +321,12 @@ func TestVulnerabilitiesContent(t *testing.T) {
},
Applicable: "Undetermined",
FixedVersions: []string{"[0.24.3]"},
+ ImpactPaths: [][]formats.ComponentRow{
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "github.com/nats-io/nats-streaming-server", Version: "v0.21.0"},
+ },
+ },
JfrogResearchInformation: &formats.JfrogResearchInformation{
Details: "Research CVE-2022-26652 details",
Remediation: "some remediation",
@@ -357,7 +364,13 @@ func TestVulnerabilitiesContent(t *testing.T) {
},
Applicable: "Undetermined",
FixedVersions: []string{"[0.24.3]"},
- Cves: []formats.CveRow{{Id: "CVE-2022-26652"}},
+ ImpactPaths: [][]formats.ComponentRow{
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "github.com/nats-io/nats-streaming-server", Version: "v0.21.0"},
+ },
+ },
+ Cves: []formats.CveRow{{Id: "CVE-2022-26652"}},
},
},
cases: []OutputTestCase{
@@ -483,7 +496,19 @@ func getTestScaIssues(violations bool) []formats.VulnerabilityOrViolationRow {
},
Applicable: "Not Applicable",
FixedVersions: []string{"4.0.0", "5.0.0"},
- Cves: []formats.CveRow{{Id: "CVE-1111-11111", Applicability: &formats.Applicability{Status: "Not Applicable"}}},
+ ImpactPaths: [][]formats.ComponentRow{
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "dep1", Version: "1.0.0"},
+ {Name: "impacted", Version: "3.0.0"},
+ },
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "dep2", Version: "2.0.0"},
+ {Name: "impacted", Version: "3.0.0"},
+ },
+ },
+ Cves: []formats.CveRow{{Id: "CVE-1111-11111", Applicability: &formats.Applicability{Status: "Not Applicable"}}},
},
{
Summary: "Summary XRAY-122345",
@@ -500,7 +525,13 @@ func getTestScaIssues(violations bool) []formats.VulnerabilityOrViolationRow {
},
Applicable: "Undetermined",
FixedVersions: []string{"[0.24.1]"},
- IssueId: "XRAY-122345",
+ ImpactPaths: [][]formats.ComponentRow{
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "github.com/nats-io/nats-streaming-server", Version: "v0.21.0"},
+ },
+ },
+ IssueId: "XRAY-122345",
JfrogResearchInformation: &formats.JfrogResearchInformation{
Remediation: "some remediation",
},
@@ -520,6 +551,12 @@ func getTestScaIssues(violations bool) []formats.VulnerabilityOrViolationRow {
},
Applicable: "Applicable",
FixedVersions: []string{"[0.24.3]"},
+ ImpactPaths: [][]formats.ComponentRow{
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "component-D", Version: "v0.21.0"},
+ },
+ },
JfrogResearchInformation: &formats.JfrogResearchInformation{
Remediation: "some remediation",
},
@@ -542,7 +579,13 @@ func getTestScaIssues(violations bool) []formats.VulnerabilityOrViolationRow {
},
},
Applicable: "Undetermined",
- Cves: []formats.CveRow{},
+ ImpactPaths: [][]formats.ComponentRow{
+ {
+ {Name: "root", Version: "1.0.0"},
+ {Name: "github.com/mholt/archiver/v3", Version: "v3.5.1"},
+ },
+ },
+ Cves: []formats.CveRow{},
},
}
if violations {