Skip to content

Commit 50634e4

Browse files
pedrobpereirapedrobpereira
committed
feature: adds trivy new patterns, high and critical, config mappings CF-1860
1 parent 3e35fe8 commit 50634e4

File tree

3 files changed

+219
-3
lines changed

3 files changed

+219
-3
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ go.work.sum
2828
cli-v2
2929
codacy-cli
3030
**/.codacy/logs/
31+
.codacy/
3132

3233

3334
#Ignore cursor AI rules

tools/trivyConfigCreator.go

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,18 @@ func CreateTrivyConfig(config []domain.PatternConfiguration) string {
3232
if pattern.PatternDefinition.Id == "Trivy_vulnerability_medium" {
3333
includeMedium = patternEnabled
3434
}
35-
if pattern.PatternDefinition.Id == "Trivy_vulnerability" {
36-
// This covers HIGH and CRITICAL
35+
if pattern.PatternDefinition.Id == "Trivy_vulnerability_high" {
3736
includeHigh = patternEnabled
37+
}
38+
if pattern.PatternDefinition.Id == "Trivy_vulnerability_critical" {
3839
includeCritical = patternEnabled
3940
}
41+
if pattern.PatternDefinition.Id == "Trivy_vulnerability" {
42+
// This covers HIGH and CRITICAL
43+
// Now there are other patterns that turn these severities on
44+
includeHigh = patternEnabled || includeHigh
45+
includeCritical = patternEnabled || includeCritical
46+
}
4047
if pattern.PatternDefinition.Id == "Trivy_secret" {
4148
includeSecret = patternEnabled
4249
}

tools/trivyConfigCreator_test.go

Lines changed: 209 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ scan:
116116
`)
117117
}
118118

119-
func TestCreateTrivyConfigOnlyHigh(t *testing.T) {
119+
func TestCreateTrivyConfigOnlyHighAndCritical(t *testing.T) {
120120
testTrivyConfig(t,
121121
[]domain.PatternConfiguration{
122122
{
@@ -255,3 +255,211 @@ scan:
255255
- secret
256256
`)
257257
}
258+
259+
func TestCreateTrivyConfigOnlyHigh(t *testing.T) {
260+
testTrivyConfig(t,
261+
[]domain.PatternConfiguration{
262+
{
263+
PatternDefinition: domain.PatternDefinition{
264+
Id: "Trivy_vulnerability_minor",
265+
},
266+
Parameters: []domain.ParameterConfiguration{
267+
{
268+
Name: "enabled",
269+
Value: "false",
270+
},
271+
},
272+
},
273+
{
274+
PatternDefinition: domain.PatternDefinition{
275+
Id: "Trivy_vulnerability_medium",
276+
},
277+
Parameters: []domain.ParameterConfiguration{
278+
{
279+
Name: "enabled",
280+
Value: "false",
281+
},
282+
},
283+
},
284+
{
285+
PatternDefinition: domain.PatternDefinition{
286+
Id: "Trivy_vulnerability_high",
287+
},
288+
Parameters: []domain.ParameterConfiguration{
289+
{
290+
Name: "enabled",
291+
Value: "true",
292+
},
293+
},
294+
},
295+
{
296+
PatternDefinition: domain.PatternDefinition{
297+
Id: "Trivy_vulnerability_critical",
298+
},
299+
Parameters: []domain.ParameterConfiguration{
300+
{
301+
Name: "enabled",
302+
Value: "false",
303+
},
304+
},
305+
},
306+
{
307+
PatternDefinition: domain.PatternDefinition{
308+
Id: "Trivy_vulnerability",
309+
},
310+
Parameters: []domain.ParameterConfiguration{
311+
{
312+
Name: "enabled",
313+
Value: "false",
314+
},
315+
},
316+
},
317+
},
318+
`severity:
319+
- HIGH
320+
321+
scan:
322+
scanners:
323+
- vuln
324+
- secret
325+
`)
326+
}
327+
328+
func TestCreateTrivyConfigOnlyCritical(t *testing.T) {
329+
testTrivyConfig(t,
330+
[]domain.PatternConfiguration{
331+
{
332+
PatternDefinition: domain.PatternDefinition{
333+
Id: "Trivy_vulnerability_minor",
334+
},
335+
Parameters: []domain.ParameterConfiguration{
336+
{
337+
Name: "enabled",
338+
Value: "false",
339+
},
340+
},
341+
},
342+
{
343+
PatternDefinition: domain.PatternDefinition{
344+
Id: "Trivy_vulnerability_medium",
345+
},
346+
Parameters: []domain.ParameterConfiguration{
347+
{
348+
Name: "enabled",
349+
Value: "false",
350+
},
351+
},
352+
},
353+
{
354+
PatternDefinition: domain.PatternDefinition{
355+
Id: "Trivy_vulnerability_high",
356+
},
357+
Parameters: []domain.ParameterConfiguration{
358+
{
359+
Name: "enabled",
360+
Value: "false",
361+
},
362+
},
363+
},
364+
{
365+
PatternDefinition: domain.PatternDefinition{
366+
Id: "Trivy_vulnerability_critical",
367+
},
368+
Parameters: []domain.ParameterConfiguration{
369+
{
370+
Name: "enabled",
371+
Value: "true",
372+
},
373+
},
374+
},
375+
{
376+
PatternDefinition: domain.PatternDefinition{
377+
Id: "Trivy_vulnerability",
378+
},
379+
Parameters: []domain.ParameterConfiguration{
380+
{
381+
Name: "enabled",
382+
Value: "false",
383+
},
384+
},
385+
},
386+
},
387+
`severity:
388+
- CRITICAL
389+
390+
scan:
391+
scanners:
392+
- vuln
393+
- secret
394+
`)
395+
}
396+
397+
func TestCreateTrivyConfigOnlyHighAndCriticalEventIfPatternsOverlap(t *testing.T) {
398+
testTrivyConfig(t,
399+
[]domain.PatternConfiguration{
400+
{
401+
PatternDefinition: domain.PatternDefinition{
402+
Id: "Trivy_vulnerability_minor",
403+
},
404+
Parameters: []domain.ParameterConfiguration{
405+
{
406+
Name: "enabled",
407+
Value: "false",
408+
},
409+
},
410+
},
411+
{
412+
PatternDefinition: domain.PatternDefinition{
413+
Id: "Trivy_vulnerability_medium",
414+
},
415+
Parameters: []domain.ParameterConfiguration{
416+
{
417+
Name: "enabled",
418+
Value: "false",
419+
},
420+
},
421+
},
422+
{
423+
PatternDefinition: domain.PatternDefinition{
424+
Id: "Trivy_vulnerability_high",
425+
},
426+
Parameters: []domain.ParameterConfiguration{
427+
{
428+
Name: "enabled",
429+
Value: "false",
430+
},
431+
},
432+
},
433+
{
434+
PatternDefinition: domain.PatternDefinition{
435+
Id: "Trivy_vulnerability_critical",
436+
},
437+
Parameters: []domain.ParameterConfiguration{
438+
{
439+
Name: "enabled",
440+
Value: "false",
441+
},
442+
},
443+
},
444+
{
445+
PatternDefinition: domain.PatternDefinition{
446+
Id: "Trivy_vulnerability",
447+
},
448+
Parameters: []domain.ParameterConfiguration{
449+
{
450+
Name: "enabled",
451+
Value: "true",
452+
},
453+
},
454+
},
455+
},
456+
`severity:
457+
- HIGH
458+
- CRITICAL
459+
460+
scan:
461+
scanners:
462+
- vuln
463+
- secret
464+
`)
465+
}

0 commit comments

Comments
 (0)