feat: [DGP-789] group issues as "Security issues" and "License issues," and only if there are non-zero issues in that group

  - Example test summary

│   Total security issues: 1                              │
│   Ignored: 0 [ 0 CRITICAL  0 HIGH  0 MEDIUM  0 LOW ]    │
│   Open   : 1 [ 0 CRITICAL  1 HIGH  0 MEDIUM  0 LOW ]    │
│                                                         │
│   Total license issues: 1                               │
│   Ignored: 0 [ 0 CRITICAL  0 HIGH  0 MEDIUM  0 LOW ]    │
│   Open   : 1 [ 0 CRITICAL  0 HIGH  1 MEDIUM  0 LOW ]    │

  - adds tests for licenses without security issues, and vice versa

Author: bsalomon-snyk

internal/presenters/__snapshots__/presenter_unified_finding_test.snap

@@ -2,7 +2,7 @@
 
 Testing  ...
 
-Open issues: 1
+Security issues: 1
 
  ✗ [HIGH] High severity vulnerability
    Finding ID: SNYK-JS-VM2-5537100
@@ -17,17 +17,21 @@ License issues: 1
    Info: https://snyk.io/vuln/snyk:lic:npm:web3-core:LGPL-3.0
 
 
-╭────────────────────────────────────────────────────────────────╮
-│ Test Summary                                                   │
-│                                                                │
-│   Organization:                                                │
-│   Test type:         open-source                               │
-│   Project path:                                                │
-│                                                                │
-│   Total issues:   2                                            │
-│   Ignored issues: 0 [ 0 CRITICAL  0 HIGH  0 MEDIUM  0 LOW ]    │
-│   Open issues:    2 [ 0 CRITICAL  1 HIGH  1 MEDIUM  0 LOW ]    │
-╰────────────────────────────────────────────────────────────────╯
+╭─────────────────────────────────────────────────────────╮
+│ Test Summary                                            │
+│                                                         │
+│   Organization:                                         │
+│   Test type:         open-source                        │
+│   Project path:                                         │
+│                                                         │
+│   Total security issues: 1                              │
+│   Ignored: 0 [ 0 CRITICAL  0 HIGH  0 MEDIUM  0 LOW ]    │
+│   Open   : 1 [ 0 CRITICAL  1 HIGH  0 MEDIUM  0 LOW ]    │
+│                                                         │
+│   Total license issues: 1                               │
+│   Ignored: 0 [ 0 CRITICAL  0 HIGH  0 MEDIUM  0 LOW ]    │
+│   Open   : 1 [ 0 CRITICAL  0 HIGH  1 MEDIUM  0 LOW ]    │
+╰─────────────────────────────────────────────────────────╯
 💡 Tip
 
    To view ignored issues, use the --include-ignores option.

internal/presenters/funcs.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/snyk/go-application-framework/pkg/apiclients/testapi"
 	"github.com/snyk/go-application-framework/pkg/configuration"
+	"github.com/snyk/go-application-framework/pkg/local_workflows/json_schemas"
 	"github.com/snyk/go-application-framework/pkg/runtimeinfo"
 )
 
@@ -406,10 +407,108 @@ func getDefaultTemplateFuncMap(config configuration.Configuration, ri runtimeinf
 	defaultMap["isLicenseFinding"] = isLicenseFinding
 	defaultMap["hasPrefix"] = strings.HasPrefix
 	defaultMap["constructDisplayPath"] = constructDisplayPath(config)
+	defaultMap["filterByIssueType"] = filterByIssueType
+	defaultMap["getSummaryResultsByIssueType"] = getSummaryResultsByIssueType
+	defaultMap["getIssueCountsTotal"] = getIssueCountsTotal
+	defaultMap["getIssueCountsOpen"] = getIssueCountsOpen
+	defaultMap["getIssueCountsIgnored"] = getIssueCountsIgnored
 
 	return defaultMap
 }
 
+func getIssueCountsTotal(results []json_schemas.TestSummaryResult) (total int) {
+	for _, res := range results {
+		total += res.Total
+	}
+	return total
+}
+
+func getIssueCountsOpen(results []json_schemas.TestSummaryResult) (open int) {
+	for _, res := range results {
+		open += res.Open
+	}
+	return open
+}
+
+func getIssueCountsIgnored(results []json_schemas.TestSummaryResult) (ignored int) {
+	for _, res := range results {
+		ignored += res.Ignored
+	}
+	return ignored
+}
+
+// filterByIssueType filters a list of finding summary results by issue type.
+func filterByIssueType(issueType string, summary *json_schemas.TestSummary) []json_schemas.TestSummaryResult {
+	if summary.Type == issueType {
+		return summary.Results
+	}
+	return []json_schemas.TestSummaryResult{}
+}
+
+// getSummaryResultsByIssueType computes summary results for a specific issue type from findings.
+// issueType can be "vulnerability" or "license".
+func getSummaryResultsByIssueType(issueType string, findings []testapi.FindingData, orderAsc []string) []json_schemas.TestSummaryResult {
+	if len(findings) == 0 {
+		return []json_schemas.TestSummaryResult{}
+	}
+
+	// Prepare counters by severity
+	totalBySeverity := map[string]int{}
+	openBySeverity := map[string]int{}
+	ignoredBySeverity := map[string]int{}
+
+	for _, f := range findings {
+		// Determine category membership
+		isLicense := isLicenseFinding(f)
+		if issueType == "license" && !isLicense {
+			continue
+		}
+		if issueType == "vulnerability" && isLicense {
+			continue
+		}
+
+		severity := getFieldValueFrom(f, "Attributes.Rating.Severity")
+		if severity == "" {
+			// Skip if we cannot determine severity
+			continue
+		}
+
+		totalBySeverity[severity]++
+
+		// Determine suppression state
+		isIgnored := false
+		isOpen := true
+		if f.Attributes != nil && f.Attributes.Suppression != nil {
+			isOpen = false
+			isIgnored = f.Attributes.Suppression.Status == testapi.SuppressionStatusIgnored
+		}
+
+		if isOpen {
+			openBySeverity[severity]++
+		}
+		if isIgnored {
+			ignoredBySeverity[severity]++
+		}
+	}
+
+	// Build results in the provided order, but only include severities that appeared
+	results := make([]json_schemas.TestSummaryResult, 0, len(totalBySeverity))
+	for _, sev := range orderAsc {
+		total := totalBySeverity[sev]
+		if total == 0 {
+			continue
+		}
+		results = append(results, json_schemas.TestSummaryResult{
+			Severity: sev,
+			Total:    total,
+			Open:     openBySeverity[sev],
+			Ignored:  ignoredBySeverity[sev],
+		})
+	}
+
+	return results
+}
+
 // reverse reverses the order of elements in a slice.
 func reverse(v interface{}) []interface{} {
 	l, err := mustReverse(v)

internal/presenters/presenter_unified_finding_test.go

@@ -248,4 +248,86 @@ func TestUnifiedFindingPresenter_CliOutput(t *testing.T) {
 		assert.NoError(t, err)
 		snaps.MatchSnapshot(t, buffer.String())
 	})
+
+	// summary shows security only when there are vulnerability findings and no license findings
+	t.Run("summary shows only security when no license issues", func(t *testing.T) {
+		config := configuration.New()
+		buffer := &bytes.Buffer{}
+
+		vulnFinding := testapi.FindingData{
+			Id:   util.Ptr(uuid.New()),
+			Type: util.Ptr(testapi.Findings),
+			Attributes: &testapi.FindingAttributes{
+				Title:  "High severity vulnerability",
+				Rating: testapi.Rating{Severity: testapi.Severity("high")},
+			},
+		}
+
+		projectResult := &presenters.UnifiedProjectResult{
+			Findings: []testapi.FindingData{vulnFinding},
+			Summary: &json_schemas.TestSummary{
+				Type:             "open-source",
+				Path:             "test/path",
+				SeverityOrderAsc: []string{"low", "medium", "high", "critical"},
+				Results:          []json_schemas.TestSummaryResult{{Severity: "high", Open: 1, Total: 1}},
+			},
+		}
+
+		presenter := presenters.NewUnifiedFindingsRenderer(
+			[]*presenters.UnifiedProjectResult{projectResult},
+			config,
+			buffer,
+		)
+
+		err := presenter.RenderTemplate(presenters.DefaultTemplateFiles, presenters.DefaultMimeType)
+		assert.NoError(t, err)
+
+		out := buffer.String()
+		assert.Contains(t, out, "Total security issues: 1")
+		assert.NotContains(t, out, "Total license issues")
+	})
+
+	// summary shows license only when there are license findings and no vulnerability findings
+	t.Run("summary shows only license when no security issues", func(t *testing.T) {
+		config := configuration.New()
+		buffer := &bytes.Buffer{}
+
+		problemID := uuid.New().String()
+		licenseFinding := testapi.FindingData{
+			Id:   util.Ptr(uuid.New()),
+			Type: util.Ptr(testapi.Findings),
+			Attributes: &testapi.FindingAttributes{
+				Title:  "LGPL-3.0 license",
+				Rating: testapi.Rating{Severity: testapi.Severity("medium")},
+				Problems: func() []testapi.Problem {
+					var p testapi.Problem
+					_ = p.FromSnykLicenseProblem(testapi.SnykLicenseProblem{Id: problemID, License: string(testapi.SnykLicense)})
+					return []testapi.Problem{p}
+				}(),
+			},
+		}
+
+		projectResult := &presenters.UnifiedProjectResult{
+			Findings: []testapi.FindingData{licenseFinding},
+			Summary: &json_schemas.TestSummary{
+				Type:             "open-source",
+				Path:             "test/path",
+				SeverityOrderAsc: []string{"low", "medium", "high", "critical"},
+				Results:          []json_schemas.TestSummaryResult{{Severity: "medium", Open: 1, Total: 1}},
+			},
+		}
+
+		presenter := presenters.NewUnifiedFindingsRenderer(
+			[]*presenters.UnifiedProjectResult{projectResult},
+			config,
+			buffer,
+		)
+
+		err := presenter.RenderTemplate(presenters.DefaultTemplateFiles, presenters.DefaultMimeType)
+		assert.NoError(t, err)
+
+		out := buffer.String()
+		assert.Contains(t, out, "Total license issues: 1")
+		assert.NotContains(t, out, "Total security issues")
+	})
 }

internal/presenters/templates/unified_finding.tmpl

@@ -38,7 +38,7 @@
     {{- $hasPendingIgnoreFindings := gt (len $pendingIgnoreFindings) 0 }}
     {{- $hasIgnoredFindings := gt (len $ignoredFindings) 0 }}
 
-    {{- if $hasOpenFindings }}{{ printf "Open issues: %d" (len $openFindings) | title }}
+    {{- if $hasOpenFindings }}{{ printf "Security issues: %d" (len $openFindings) | title }}
 		{{- range $finding := $openFindings }}
 			{{- $severity := getFieldValueFrom $finding "Attributes.Rating.Severity" -}}
 			{{- $title := getFieldValueFrom $finding "Attributes.Title" -}}
@@ -91,35 +91,64 @@
   Test type:         {{ if eq .Summary.Type "sast" }}Static code analysis{{else}}{{ .Summary.Type }}{{ end}}
   Project path:      {{ getValueFromConfig "targetDirectory" }}
 
-  {{- $total := 0 }}{{- $open := 0 }}{{- $ignored := 0 }}
-  {{- range $res := .Summary.Results }}
-      {{- $total = add $total $res.Total }}
-      {{- $open = add $open $res.Open }}
-      {{- $ignored = add $ignored $res.Ignored }}
+  {{- $vulnResults := getSummaryResultsByIssueType "vulnerability" .Findings .Summary.SeverityOrderAsc }}
+  {{- $licenseResults := getSummaryResultsByIssueType "license" .Findings .Summary.SeverityOrderAsc }}
+
+  {{- if gt (len $vulnResults) 0 }}
+
+  Total security issues: {{ getIssueCountsTotal $vulnResults }}
+  {{- $total := getIssueCountsTotal $vulnResults }}
+  {{- $open := getIssueCountsOpen $vulnResults }}
+  {{- $ignored := getIssueCountsIgnored $vulnResults }}
+  Ignored: {{ $ignored }} [
+  {{- range $severity := .Summary.SeverityOrderAsc | reverse }}
+      {{- $count := 0 }}
+      {{- range $res := $vulnResults }}
+          {{- if eq $res.Severity $severity }}
+              {{- $count = $res.Ignored }}
+          {{- end }}
+      {{- end }}
+      {{- print " " $count " " $severity " " | toUpperCase | renderInSeverityColor }}
+  {{- end}}]
+  Open   : {{ $open }} [
+  {{- range $severity := .Summary.SeverityOrderAsc | reverse }}
+      {{- $count := 0 }}
+      {{- range $res := $vulnResults }}
+          {{- if eq $res.Severity $severity }}
+              {{- $count = $res.Open }}
+          {{- end }}
+      {{- end }}
+      {{- print " " $count " " $severity " " | toUpperCase | renderInSeverityColor }}
+  {{- end}}]
   {{- end }}
 
-  Total issues:   {{ $total }}
-  {{- if gt $total 0}}
-  Ignored issues: {{ print $ignored | bold }} [
+  {{- if gt (len $licenseResults) 0 }}
+
+  Total license issues: {{ getIssueCountsTotal $licenseResults }}
+  {{- $total := getIssueCountsTotal $licenseResults }}
+  {{- $open := getIssueCountsOpen $licenseResults }}
+  {{- $ignored := getIssueCountsIgnored $licenseResults }}
+  Ignored: {{ $ignored }} [
   {{- range $severity := .Summary.SeverityOrderAsc | reverse }}
-      {{- $countFound := 0 }}
-          {{- range $res := $.Summary.Results }}
-              {{- if eq $res.Severity $severity }}
-                  {{- $countFound = $res.Ignored }}
-              {{- end }}
-          {{- end}}
-      {{- print " " $countFound " " $severity " " | toUpperCase | renderInSeverityColor }}
+      {{- $count := 0 }}
+      {{- range $res := $licenseResults }}
+          {{- if eq $res.Severity $severity }}
+              {{- $count = $res.Ignored }}
+          {{- end }}
+      {{- end }}
+      {{- print " " $count " " $severity " " | toUpperCase | renderInSeverityColor }}
   {{- end}}]
-  Open issues:    {{ print $open | bold }} [
+  Open   : {{ $open }} [
   {{- range $severity := .Summary.SeverityOrderAsc | reverse }}
-      {{- $countFound := 0 }}
-          {{- range $res := $.Summary.Results }}
-              {{- if eq $res.Severity $severity }}
-                  {{- $countFound = $res.Open }}
-              {{- end }}
-          {{- end}}
-      {{- print " " $countFound " " $severity " " | toUpperCase | renderInSeverityColor }}
-  {{- end}}]{{- end}}
+      {{- $count := 0 }}
+      {{- range $res := $licenseResults }}
+          {{- if eq $res.Severity $severity }}
+              {{- $count = $res.Open }}
+          {{- end }}
+      {{- end }}
+      {{- print " " $count " " $severity " " | toUpperCase | renderInSeverityColor }}
+  {{- end}}]
+  {{- end }}
 {{- end }} {{/* end summary */}}
 
 {{- define "main" }}