Skip to content
This repository was archived by the owner on May 24, 2025. It is now read-only.

Commit 56040d7

Browse files
rm3lrm3l
committed
Handle duplicates in reports via SARIF partial fingerprints
See https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317655
1 parent 8e0398f commit 56040d7

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

sarif/sarif.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,10 +49,11 @@ type SarifReportRunToolDriverRuleDescription struct {
4949
Text string `json:"text,omitempty"`
5050
}
5151
type SarifReportRunResult struct {
52-
RuleId string `json:"ruleId"`
53-
Level string `json:"level"`
54-
Message SarifReportRunResultMessage `json:"message"`
55-
Locations []SarifReportRunResultLocation `json:"locations,omitempty"`
52+
RuleId string `json:"ruleId"`
53+
Level string `json:"level"`
54+
Message SarifReportRunResultMessage `json:"message"`
55+
Locations []SarifReportRunResultLocation `json:"locations,omitempty"`
56+
PartialFingerprints map[string]string `json:"partialFingerprints,omitempty"`
5657
}
5758
type SarifReportRunResultMessage struct {
5859
Text string `json:"text"`
@@ -98,6 +99,7 @@ func FromContainerScan(containerScanReport containerscan.ContainerScan) (SarifRe
9899
})
99100
containerImageNameToPathUri := toPathUri(containerScanReport.ImageName)
100101
var rulesMap = map[string]SarifReportRunToolDriverRule{}
102+
var partialFingerPrintsMap = map[string]string{}
101103
//Trivy Vulnerabilities
102104
for _, vulnerability := range containerScanReport.Vulnerabilities {
103105
var level string
@@ -152,6 +154,11 @@ func FromContainerScan(containerScanReport containerscan.ContainerScan) (SarifRe
152154
},
153155
},
154156
})
157+
sarifRunResult.PartialFingerprints = make(map[string]string)
158+
if _, exists := partialFingerPrintsMap[vulnerability.VulnerabilityId]; !exists {
159+
partialFingerPrintsMap[vulnerability.VulnerabilityId] = vulnerability.VulnerabilityId
160+
sarifRunResult.PartialFingerprints[vulnerability.VulnerabilityId] = vulnerability.VulnerabilityId
161+
}
155162
sarifReportRun.Results = append(sarifReportRun.Results, sarifRunResult)
156163
}
157164

@@ -209,6 +216,11 @@ func FromContainerScan(containerScanReport containerscan.ContainerScan) (SarifRe
209216
},
210217
},
211218
})
219+
sarifRunResult.PartialFingerprints = make(map[string]string)
220+
if _, exists := partialFingerPrintsMap[bestPracticeViolation.Code]; !exists {
221+
partialFingerPrintsMap[bestPracticeViolation.Code] = bestPracticeViolation.Code
222+
sarifRunResult.PartialFingerprints[bestPracticeViolation.Code] = bestPracticeViolation.Code
223+
}
212224
sarifReportRun.Results = append(sarifReportRun.Results, sarifRunResult)
213225
}
214226
sarifReportRun.Tool.Driver = sarifReportRunDriver

0 commit comments

Comments
 (0)