use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.
the class AnalyticsSteps method createFakeSCAScanResults.
private static ScanResults createFakeSCAScanResults(Map<FindingSeverity, Integer> findingsPerSeverity, int scanId) {
Map<Filter.Severity, Integer> findingCounts = new HashMap<>();
SCAResults scaResults = new SCAResults();
scaResults.setScanId("" + scanId);
List<Finding> findings = new LinkedList<>();
addFinding(findingsPerSeverity.get(FindingSeverity.HIGH), findingCounts, findings, Severity.HIGH, Filter.Severity.HIGH);
addFinding(findingsPerSeverity.get(FindingSeverity.MEDIUM), findingCounts, findings, Severity.MEDIUM, Filter.Severity.MEDIUM);
addFinding(findingsPerSeverity.get(FindingSeverity.LOW), findingCounts, findings, Severity.LOW, Filter.Severity.LOW);
Summary summary = new Summary();
summary.setFindingCounts(findingCounts);
scaResults.setFindings(findings);
scaResults.setSummary(summary);
scaResults.setPackages(new LinkedList<>());
return ScanResults.builder().scaResults(scaResults).xIssues(new ArrayList<>()).build();
}
use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.
the class ThresholdValidatorImpl method setFindingCount.
private static void setFindingCount(Map<FindingSeverity, Integer> target, Map.Entry<?, ?> entry) {
String rawSeverity = entry.getKey().toString().toUpperCase(Locale.ROOT);
if (EnumUtils.isValidEnum(FindingSeverity.class, rawSeverity) && entry.getValue() instanceof Integer) {
FindingSeverity severity = FindingSeverity.valueOf(rawSeverity);
Integer findingCount = (Integer) entry.getValue();
target.put(severity, findingCount);
}
}
use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.
the class ThresholdValidatorImpl method isExceedsSastThreshold.
private static boolean isExceedsSastThreshold(Map.Entry<FindingSeverity, Integer> findingCountEntry, Map<FindingSeverity, Integer> thresholds) {
boolean exceedsThreshold = false;
if (findingCountEntry != null && thresholds != null) {
FindingSeverity severity = findingCountEntry.getKey();
Integer threshold = thresholds.get(severity);
int findingCount = Optional.ofNullable(findingCountEntry.getValue()).orElse(0);
exceedsThreshold = threshold != null && findingCount > threshold;
logSastThresholdCheck(exceedsThreshold, severity, threshold, findingCount);
}
return exceedsThreshold;
}
use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.
the class GitHubService method logPullRequestWithSastOsa.
private void logPullRequestWithSastOsa(ScanRequest request, ScanResults results, ScanDetails scanDetails) {
// Otherwise it would be only SCA
if (hasSastOsaScan(results)) {
PullRequestReport report = new PullRequestReport(scanDetails, request);
Map<FindingSeverity, Integer> findings = ThresholdValidatorImpl.getSastFindingCountPerSeverity(results);
report.setFindingsPerSeverity(findings);
report.setPullRequestResult(OperationResult.successful());
report.log();
}
}
Aggregations