Search in sources :

Example 1 with FindingSeverity

use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.

the class AnalyticsSteps method createFakeSCAScanResults.

private static ScanResults createFakeSCAScanResults(Map<FindingSeverity, Integer> findingsPerSeverity, int scanId) {
    Map<Filter.Severity, Integer> findingCounts = new HashMap<>();
    SCAResults scaResults = new SCAResults();
    scaResults.setScanId("" + scanId);
    List<Finding> findings = new LinkedList<>();
    addFinding(findingsPerSeverity.get(FindingSeverity.HIGH), findingCounts, findings, Severity.HIGH, Filter.Severity.HIGH);
    addFinding(findingsPerSeverity.get(FindingSeverity.MEDIUM), findingCounts, findings, Severity.MEDIUM, Filter.Severity.MEDIUM);
    addFinding(findingsPerSeverity.get(FindingSeverity.LOW), findingCounts, findings, Severity.LOW, Filter.Severity.LOW);
    Summary summary = new Summary();
    summary.setFindingCounts(findingCounts);
    scaResults.setFindings(findings);
    scaResults.setSummary(summary);
    scaResults.setPackages(new LinkedList<>());
    return ScanResults.builder().scaResults(scaResults).xIssues(new ArrayList<>()).build();
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) FindingSeverity(com.checkmarx.flow.config.FindingSeverity) Severity(com.checkmarx.sdk.dto.scansummary.Severity) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)

Example 2 with FindingSeverity

use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.

the class ThresholdValidatorImpl method setFindingCount.

private static void setFindingCount(Map<FindingSeverity, Integer> target, Map.Entry<?, ?> entry) {
    String rawSeverity = entry.getKey().toString().toUpperCase(Locale.ROOT);
    if (EnumUtils.isValidEnum(FindingSeverity.class, rawSeverity) && entry.getValue() instanceof Integer) {
        FindingSeverity severity = FindingSeverity.valueOf(rawSeverity);
        Integer findingCount = (Integer) entry.getValue();
        target.put(severity, findingCount);
    }
}
Also used : FindingSeverity(com.checkmarx.flow.config.FindingSeverity)

Example 3 with FindingSeverity

use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.

the class ThresholdValidatorImpl method isExceedsSastThreshold.

private static boolean isExceedsSastThreshold(Map.Entry<FindingSeverity, Integer> findingCountEntry, Map<FindingSeverity, Integer> thresholds) {
    boolean exceedsThreshold = false;
    if (findingCountEntry != null && thresholds != null) {
        FindingSeverity severity = findingCountEntry.getKey();
        Integer threshold = thresholds.get(severity);
        int findingCount = Optional.ofNullable(findingCountEntry.getValue()).orElse(0);
        exceedsThreshold = threshold != null && findingCount > threshold;
        logSastThresholdCheck(exceedsThreshold, severity, threshold, findingCount);
    }
    return exceedsThreshold;
}
Also used : FindingSeverity(com.checkmarx.flow.config.FindingSeverity)

Example 4 with FindingSeverity

use of com.checkmarx.flow.config.FindingSeverity in project cx-flow by checkmarx-ltd.

the class GitHubService method logPullRequestWithSastOsa.

private void logPullRequestWithSastOsa(ScanRequest request, ScanResults results, ScanDetails scanDetails) {
    // Otherwise it would be only SCA
    if (hasSastOsaScan(results)) {
        PullRequestReport report = new PullRequestReport(scanDetails, request);
        Map<FindingSeverity, Integer> findings = ThresholdValidatorImpl.getSastFindingCountPerSeverity(results);
        report.setFindingsPerSeverity(findings);
        report.setPullRequestResult(OperationResult.successful());
        report.log();
    }
}
Also used : PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport) FindingSeverity(com.checkmarx.flow.config.FindingSeverity)

Aggregations

FindingSeverity (com.checkmarx.flow.config.FindingSeverity)4 PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)1 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)1 SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)1 Summary (com.checkmarx.sdk.dto.sca.Summary)1 Finding (com.checkmarx.sdk.dto.sca.report.Finding)1 Severity (com.checkmarx.sdk.dto.scansummary.Severity)1