Skip to content

Commit 642d8bf

Browse files
pedrobpereirapedrobpereira
authored
feature: adds trivy new patterns, high and critical, config mappings CF-1860 (#171)
1 parent 3e35fe8 commit 642d8bf

File tree

3 files changed

+145
-45
lines changed

3 files changed

+145
-45
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ go.work.sum
2828
cli-v2
2929
codacy-cli
3030
**/.codacy/logs/
31+
.codacy/
3132

3233

3334
#Ignore cursor AI rules

tools/trivyConfigCreator.go

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,13 @@ import (
88

99
// CreateTrivyConfig generates a Trivy configuration based on the tool configuration
1010
func CreateTrivyConfig(config []domain.PatternConfiguration) string {
11+
1112
// Default settings - include all severities and scanners
12-
includeLow := true
13-
includeMedium := true
14-
includeHigh := true
15-
includeCritical := true
16-
includeSecret := true
13+
includeLow := false
14+
includeMedium := false
15+
includeHigh := false
16+
includeCritical := false
17+
includeSecret := false
1718

1819
// Process patterns from Codacy API
1920
for _, pattern := range config {
@@ -32,11 +33,18 @@ func CreateTrivyConfig(config []domain.PatternConfiguration) string {
3233
if pattern.PatternDefinition.Id == "Trivy_vulnerability_medium" {
3334
includeMedium = patternEnabled
3435
}
35-
if pattern.PatternDefinition.Id == "Trivy_vulnerability" {
36-
// This covers HIGH and CRITICAL
36+
if pattern.PatternDefinition.Id == "Trivy_vulnerability_high" {
3737
includeHigh = patternEnabled
38+
}
39+
if pattern.PatternDefinition.Id == "Trivy_vulnerability_critical" {
3840
includeCritical = patternEnabled
3941
}
42+
if pattern.PatternDefinition.Id == "Trivy_vulnerability" {
43+
// This covers HIGH and CRITICAL
44+
// Now there are other patterns that turn these severities on
45+
includeHigh = patternEnabled || includeHigh
46+
includeCritical = patternEnabled || includeCritical
47+
}
4048
if pattern.PatternDefinition.Id == "Trivy_secret" {
4149
includeSecret = patternEnabled
4250
}

tools/trivyConfigCreator_test.go

Lines changed: 129 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,10 @@ func TestCreateTrivyConfigEmptyConfig(t *testing.T) {
1616
testTrivyConfig(t,
1717
[]domain.PatternConfiguration{},
1818
`severity:
19-
- LOW
20-
- MEDIUM
21-
- HIGH
22-
- CRITICAL
2319
2420
scan:
2521
scanners:
2622
- vuln
27-
- secret
2823
`)
2924
}
3025

@@ -53,6 +48,28 @@ func TestCreateTrivyConfigAllEnabled(t *testing.T) {
5348
},
5449
},
5550
},
51+
{
52+
PatternDefinition: domain.PatternDefinition{
53+
Id: "Trivy_vulnerability_high",
54+
},
55+
Parameters: []domain.ParameterConfiguration{
56+
{
57+
Name: "enabled",
58+
Value: "true",
59+
},
60+
},
61+
},
62+
{
63+
PatternDefinition: domain.PatternDefinition{
64+
Id: "Trivy_vulnerability_critical",
65+
},
66+
Parameters: []domain.ParameterConfiguration{
67+
{
68+
Name: "enabled",
69+
Value: "true",
70+
},
71+
},
72+
},
5673
{
5774
PatternDefinition: domain.PatternDefinition{
5875
Id: "Trivy_vulnerability",
@@ -94,12 +111,56 @@ func TestCreateTrivyConfigNoLow(t *testing.T) {
94111
[]domain.PatternConfiguration{
95112
{
96113
PatternDefinition: domain.PatternDefinition{
97-
Id: "Trivy_vulnerability_minor",
114+
Id: "Trivy_vulnerability_medium",
115+
},
116+
Parameters: []domain.ParameterConfiguration{
117+
{
118+
Name: "enabled",
119+
Value: "true",
120+
},
121+
},
122+
},
123+
{
124+
PatternDefinition: domain.PatternDefinition{
125+
Id: "Trivy_vulnerability_high",
126+
},
127+
Parameters: []domain.ParameterConfiguration{
128+
{
129+
Name: "enabled",
130+
Value: "true",
131+
},
132+
},
133+
},
134+
{
135+
PatternDefinition: domain.PatternDefinition{
136+
Id: "Trivy_vulnerability_critical",
137+
},
138+
Parameters: []domain.ParameterConfiguration{
139+
{
140+
Name: "enabled",
141+
Value: "true",
142+
},
143+
},
144+
},
145+
{
146+
PatternDefinition: domain.PatternDefinition{
147+
Id: "Trivy_vulnerability",
148+
},
149+
Parameters: []domain.ParameterConfiguration{
150+
{
151+
Name: "enabled",
152+
Value: "true",
153+
},
154+
},
155+
},
156+
{
157+
PatternDefinition: domain.PatternDefinition{
158+
Id: "Trivy_secret",
98159
},
99160
Parameters: []domain.ParameterConfiguration{
100161
{
101162
Name: "enabled",
102-
Value: "false",
163+
Value: "true",
103164
},
104165
},
105166
},
@@ -116,54 +177,56 @@ scan:
116177
`)
117178
}
118179

119-
func TestCreateTrivyConfigOnlyHigh(t *testing.T) {
180+
func TestCreateTrivyConfigOnlyHighAndCritical(t *testing.T) {
120181
testTrivyConfig(t,
121182
[]domain.PatternConfiguration{
122183
{
123184
PatternDefinition: domain.PatternDefinition{
124-
Id: "Trivy_vulnerability_minor",
125-
},
126-
Parameters: []domain.ParameterConfiguration{
127-
{
128-
Name: "enabled",
129-
Value: "false",
130-
},
131-
},
132-
},
133-
{
134-
PatternDefinition: domain.PatternDefinition{
135-
Id: "Trivy_vulnerability_medium",
185+
Id: "Trivy_vulnerability",
136186
},
137187
Parameters: []domain.ParameterConfiguration{
138188
{
139189
Name: "enabled",
140-
Value: "false",
190+
Value: "true",
141191
},
142192
},
143193
},
194+
},
195+
`severity:
196+
- HIGH
197+
- CRITICAL
198+
199+
scan:
200+
scanners:
201+
- vuln
202+
`)
203+
}
204+
205+
func TestCreateTrivyConfigNoVulnerabilitiesWithSecret(t *testing.T) {
206+
testTrivyConfig(t,
207+
[]domain.PatternConfiguration{
144208
{
145209
PatternDefinition: domain.PatternDefinition{
146210
Id: "Trivy_secret",
147211
},
148212
Parameters: []domain.ParameterConfiguration{
149213
{
150214
Name: "enabled",
151-
Value: "false",
215+
Value: "true",
152216
},
153217
},
154218
},
155219
},
156220
`severity:
157-
- HIGH
158-
- CRITICAL
159221
160222
scan:
161223
scanners:
162224
- vuln
225+
- secret
163226
`)
164227
}
165228

166-
func TestCreateTrivyConfigNoVulnerabilities(t *testing.T) {
229+
func TestCreateTrivyConfigOnlyLowWithSecrets(t *testing.T) {
167230
testTrivyConfig(t,
168231
[]domain.PatternConfiguration{
169232
{
@@ -173,48 +236,62 @@ func TestCreateTrivyConfigNoVulnerabilities(t *testing.T) {
173236
Parameters: []domain.ParameterConfiguration{
174237
{
175238
Name: "enabled",
176-
Value: "false",
239+
Value: "true",
177240
},
178241
},
179242
},
180243
{
181244
PatternDefinition: domain.PatternDefinition{
182-
Id: "Trivy_vulnerability_medium",
245+
Id: "Trivy_secret",
183246
},
184247
Parameters: []domain.ParameterConfiguration{
185248
{
186249
Name: "enabled",
187-
Value: "false",
250+
Value: "enabled",
188251
},
189252
},
190253
},
254+
},
255+
`severity:
256+
- LOW
257+
258+
scan:
259+
scanners:
260+
- vuln
261+
- secret
262+
`)
263+
}
264+
265+
func TestCreateTrivyConfigOnlyHigh(t *testing.T) {
266+
testTrivyConfig(t,
267+
[]domain.PatternConfiguration{
191268
{
192269
PatternDefinition: domain.PatternDefinition{
193-
Id: "Trivy_vulnerability",
270+
Id: "Trivy_vulnerability_high",
194271
},
195272
Parameters: []domain.ParameterConfiguration{
196273
{
197274
Name: "enabled",
198-
Value: "false",
275+
Value: "true",
199276
},
200277
},
201278
},
202279
},
203280
`severity:
281+
- HIGH
204282
205283
scan:
206284
scanners:
207285
- vuln
208-
- secret
209286
`)
210287
}
211288

212-
func TestCreateTrivyConfigOnlySecretsLow(t *testing.T) {
289+
func TestCreateTrivyConfigOnlyCriticalWithSecrets(t *testing.T) {
213290
testTrivyConfig(t,
214291
[]domain.PatternConfiguration{
215292
{
216293
PatternDefinition: domain.PatternDefinition{
217-
Id: "Trivy_vulnerability_minor",
294+
Id: "Trivy_vulnerability_critical",
218295
},
219296
Parameters: []domain.ParameterConfiguration{
220297
{
@@ -225,33 +302,47 @@ func TestCreateTrivyConfigOnlySecretsLow(t *testing.T) {
225302
},
226303
{
227304
PatternDefinition: domain.PatternDefinition{
228-
Id: "Trivy_vulnerability_medium",
305+
Id: "Trivy_secret",
229306
},
230307
Parameters: []domain.ParameterConfiguration{
231308
{
232309
Name: "enabled",
233-
Value: "false",
310+
Value: "true",
234311
},
235312
},
236313
},
314+
},
315+
`severity:
316+
- CRITICAL
317+
318+
scan:
319+
scanners:
320+
- vuln
321+
- secret
322+
`)
323+
}
324+
325+
func TestCreateTrivyConfigOnlyHighAndCriticalEventIfPatternsOverlap(t *testing.T) {
326+
testTrivyConfig(t,
327+
[]domain.PatternConfiguration{
237328
{
238329
PatternDefinition: domain.PatternDefinition{
239330
Id: "Trivy_vulnerability",
240331
},
241332
Parameters: []domain.ParameterConfiguration{
242333
{
243334
Name: "enabled",
244-
Value: "false",
335+
Value: "true",
245336
},
246337
},
247338
},
248339
},
249340
`severity:
250-
- LOW
341+
- HIGH
342+
- CRITICAL
251343
252344
scan:
253345
scanners:
254346
- vuln
255-
- secret
256347
`)
257348
}

0 commit comments

Comments
 (0)