heimdall_tools 1.3.31 → 1.3.32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1587fb5ef791c957076dc7864b026672d2c77a602ceba619087bf680a7ac79f2
-  data.tar.gz: f5209e76e38bc08d68699e1239a88618b0332fc34b25b3b54ca647529556c851
+  metadata.gz: ba19125388e2eaa3aad2b463ee44c3345ce5ed7e0387da28ff1aea3337a633ca
+  data.tar.gz: dfcad55b16393918ff0d29017749a492c8c129045287cba87e33d54ac0ab20d6
 SHA512:
-  metadata.gz: 85f84e6ab53e0e04f397957fec62b87f04ec1dc31465aace772345de7648077d5a7480a7ccf0163309bc997e5f2b95d8ab79936f66779652a33c46f75b34e63b
-  data.tar.gz: 051ff77b344b0ba3123fedbe7d97692bf6311aec791236ccaabbd2a56b76a82f0d1fae7e9013b82c9041a42d436985bffe968eb763573d219e67d4b34b9a6245
+  metadata.gz: b0559ce058bf85ad8df3dc05520d0a59d63e8a2d384e1ff9f16fe71f2c66555920da5a9ab38fff129faaa6ba487c1dd4026bad29dd32e29610cf8e0608ef1cf8
+  data.tar.gz: 83f3806be04a555640f70b5ad3a97ffc5a2088e3736fdce4a74263c859d1e16313d39f01497438ea9c01d8862f54d6330b0880ac6ff38ab4f19671ce6a0f0135

data/README.md

@@ -10,6 +10,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
 - **burpsuite_mapper** - commercial dynamic analysis tool
 - **nessus_mapper** - commercial vulnerability scanner
+- **snyk_mapper** - commercial package vulnerability scanner
 
 Ruby 2.4 or higher (check using "ruby -v")
 
@@ -145,6 +146,23 @@ FLAGS:
 example: heimdall_tools nessus_mapper -x nessus-results.xml -o test-env
 ```
 
+## snyk_mapper
+
+snyk_mapper translates an Snyk results JSON file into HDF format json to be viewable in Heimdall
+  
+Note: A separate HDF JSON is generated for each project reported in the Snyk Report.
+
+```
+USAGE: heimdall_tools snyk_mapper [OPTIONS] -x <snyk-results-json> -o <hdf-file-prefix>
+
+FLAGS:
+    -j <snyk_results_jsonl>          : path to Snyk results JSON file.
+    -o --output_prefix <prefix>      : path to output scan-results json.
+    -V --verbose                     : verbose run [optional].
+
+example: heimdall_tools snyk_mapper -j snyk_results.json -o output-file-prefix
+```
+
 ## version  
 
 Prints out the gem version

data/lib/data/cwe-nist-mapping.csv

@@ -46,6 +46,7 @@
 170, Improper Null Termination,SI-10,4,Information Input Validation
 176, Improper Handling of Unicode Encoding,,4,
 185, Incorrect Regular Expression,,4,
+189, Numeric Errors,SA-11,4,Developer Security Testing and Evaluation
 190, Integer Overflow or Wraparound,SI-10,4,Information Input Validation
 195, Signed to Unsigned Conversion Error,,4,
 200, Information Exposure,SC-8,4,Transmission Confidentiality and Integrity
@@ -79,6 +80,7 @@
 305, Authentication Bypass by Primary Weakness,IA-8,4,Identification and Authentication (Non-Organizational Users)
 306, Missing Authentication for Critical Function,AC-3,4,Access Enforcement
 307, Improper Restriction of Excessive Authentication Attempts,AC-7,4,Unsuccessful Logon Attempts
+310, Cryptographic Issues,SC-13,4,Cryptographic Protection
 311, Missing Encryption of Sensitive Data,SC-8,4,Transmission Confidentiality and Integrity
 321, Use of Hard-coded Cryptographic Key,SC-12,4,Cryptographic Key Establishment and Management
 325, Missing Required Cryptographic Step,SC-13,4,Cryptographic Protection
@@ -113,15 +115,16 @@
 401, Improper Release of Memory Before Removing Last Reference,,4,
 404, Improper Resource Shutdown or Release,,4,
 415, Double Free,,4,
-416, Use after Free,,4,
+416, Use after Free,SC-4,4,Information in Shared Resources
 434, Unrestricted Upload of File with Dangerous Type,AC-6,4,Least Privilege: Privilege Levels for Code Execution
+444, Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling'),SI-10,4,Information Input Validation
 457, Use of Uninitialized Variable,,4,
 466, Return of Pointer Value Outside of Expected Range,,4,
 470, Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection'),SI-10,4,Information Input Validation
 471, Modification of Assumed-Immutable DATA (MAID),AC-3,4,Access Enforcement
 474, Use of Function with Inconsistent Implementations,,4,
 475, Undefined Behavior for Input to API,,4,
-476, NULL Pointer Dereference,,4,
+476, NULL Pointer Dereference,SI-10,4,Information Input Validation
 477, Use of Obsolete Functions,,4,
 478, Missing Default Case in Switch Statement,,4,
 492, Use of Inner Class Containing Sensitive Data,AC-3,4,Access Enforcement
@@ -130,6 +133,7 @@
 495, Private Array-Typed Field Returned From A Public Method,AC-3,4,Access Enforcement
 497, Exposure of System Data to an Unauthorized Control Sphere,SI-11,4,Error Handling
 501, Trust Boundary Violation,SI-10,4,Information Input Validation
+502, Deserialization of Untrusted Data,SI-10,4,Information Input Validation 
 521, Weak Password Requirements,IA-5,4,Authenticator Management : -1 Password-based Authentication
 522, Insufficiently Protected Credentials,SC-8,4,Transmission Confidentiality and Integrity
 539, Information Exposure Through Persistent Cookies,SC-23,4,Session Authenticity
@@ -159,7 +163,7 @@
 601, URL Redirection to Untrusted Site ('Open Redirect'),SI-10,4,Information Input Validation
 607, Public Static Final Field References Mutable Object,,4,
 609, Double-Checked Locking,,4,
-611, Improper Restriction of XML External Entity Reference ('XXE'),,4,
+611, Improper Restriction of XML External Entity Reference ('XXE'),SI-10,4,Information Input Validation
 613, Insufficient Session Expiration,AC-12,4,Session Termination
 614, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute,SC-8,4,Transmission Confidentiality and Integrity
 615, Information Exposure Through Comments,AC-3,4,Access Enforcement : -5 Security-Relevant Information
@@ -192,4 +196,4 @@
 863, Incorrect Authorization,AC-3,4,Access Enforcement
 915, Improperly Controlled Modification of Dynamically-Determined Object Attributes,SI-10,4,Information Input Validation
 916, Use of Password Hash With Insufficient Computational Effort,SC-13,4,Cryptographic Protection
-918, Server-Side Request Forgery (SSRF),SI-10,4,Information Input Validation
+918, Server-Side Request Forgery (SSRF),SI-10,4,Information Input Validation

data/lib/heimdall_tools.rb

@@ -10,4 +10,5 @@ module HeimdallTools
   autoload :SonarQubeMapper, 'heimdall_tools/sonarqube_mapper'
   autoload :BurpSuiteMapper, 'heimdall_tools/burpsuite_mapper'
   autoload :NessusMapper, 'heimdall_tools/nessus_mapper'
+  autoload :SnykMapper, 'heimdall_tools/snyk_mapper'
 end

data/lib/heimdall_tools/cli.rb

@@ -61,6 +61,20 @@ module HeimdallTools
       
     end
 
+    desc 'snyk_mapper', 'snyk_mapper translates Synk results Json to HDF format Json be viewed on Heimdall'
+    long_desc Help.text(:fortify_mapper)
+    option :json, required: true, aliases: '-j'
+    option :output_prefix, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def snyk_mapper
+      hdfs = HeimdallTools::SnykMapper.new(File.read(options[:json]), options[:name]).to_hdf
+      puts "\r\HDF Generated:\n"
+      hdfs.keys.each do | host |
+        File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
+        puts "#{options[:output_prefix]}-#{host}.json"
+      end
+    end
+
     desc 'version', 'prints version'
     def version
       puts VERSION

data/lib/heimdall_tools/help/snyk_mapper.md

@@ -0,0 +1,7 @@
+  snyk_mapper translates an Snyk results JSON file into HDF format json to be viewable in Heimdall
+  
+  A separate HDF JSON is generated for each project reported in the Snyk Report.
+
+Examples:
+
+  heimdall_tools snyk_mapper -j snyk_results.json -o output-file-prefix

data/lib/heimdall_tools/snyk_mapper.rb

@@ -0,0 +1,161 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+require 'utilities/xml_to_hash'
+
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+
+IMPACT_MAPPING = {
+  high: 0.7,
+  medium: 0.5,
+  low: 0.3,
+}.freeze
+
+SNYK_VERSION_REGEX = 'v(\d+.)(\d+.)(\d+)'.freeze
+
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+
+module HeimdallTools
+  class SnykMapper
+    def initialize(synk_json, name=nil, verbose = false)
+      @synk_json = synk_json
+      @verbose = verbose
+
+      begin
+        @cwe_nist_mapping = parse_mapper
+        @projects = JSON.parse(synk_json)
+
+        # Cover single and multi-project scan use cases.
+        unless @projects.kind_of?(Array)
+          @projects = [ @projects ]
+        end
+
+      rescue StandardError => e
+        raise "Invalid Snyk JSON file provided Exception: #{e}"
+      end
+    end
+
+    def extract_scaninfo(project)
+      info = {}
+      begin
+        info['policy'] = project['policy']
+        reg = Regexp.new(SNYK_VERSION_REGEX, Regexp::IGNORECASE)
+        info['version'] = info['policy'].scan(reg).join 
+        info['projectName'] = project['projectName']
+        info['summary'] = project['summary']
+
+        info
+      rescue StandardError => e
+        raise "Error extracting project info from Synk JSON file provided Exception: #{e}"
+      end
+    end
+
+    def finding(vulnerability)
+      finding = {}
+      finding['status'] = 'failed'
+      finding['code_desc'] = "From : [ #{vulnerability['from'].join(" , ").to_s } ]"
+      finding['run_time'] = NA_FLOAT
+
+      # Snyk results does not profile scan timestamp; using current time to satisfy HDF format
+      finding['start_time'] = NA_STRING
+      [finding]
+    end
+
+    def nist_tag(cweid)
+      entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
+      tags = entries.map { |x| x[:nistid] }
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+    end
+
+    def parse_identifiers(vulnerability, ref)
+      # Extracting id number from reference style CWE-297
+      vulnerability['identifiers'][ref].map { |e| e.split("#{ref}-")[1]  }
+      rescue
+        return []
+    end
+
+    def impact(severity)
+      IMPACT_MAPPING[severity.to_sym]
+    end
+
+    def parse_mapper
+      csv_data = CSV.read(CWE_NIST_MAPPING_FILE, **{ encoding: 'UTF-8',
+                                                   headers: true,
+                                                   header_converters: :symbol,
+                                                   converters: :all })
+      csv_data.map(&:to_hash)
+    end
+
+    def desc_tags(data, label)
+      { "data": data || NA_STRING, "label": label || NA_STRING }
+    end
+
+    # Snyk report could have multiple vulnerability entries for multiple findings of same issue type.
+    # The meta data is identical across entries 
+    # method collapse_duplicates return unique controls with applicable findings collapsed into it.
+    def collapse_duplicates(controls)
+      unique_controls = []
+
+      controls.map { |x| x['id'] }.uniq.each do |id|
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        unique_control = controls.find { |x| x['id'].eql?(id) }
+        unique_control['results'] = collapsed_results.flatten
+        unique_controls << unique_control
+      end
+      unique_controls
+    end
+
+
+    def to_hdf
+      project_results = {}
+      @projects.each do | project |
+        controls = []
+        project['vulnerabilities'].each do | vulnerability |
+          printf("\rProcessing: %s", $spinner.next)
+
+          item = {}
+          item['tags']               = {}
+          item['descriptions']       = []
+          item['refs']               = NA_ARRAY
+          item['source_location']    = NA_HASH
+          item['descriptions']       = NA_ARRAY
+
+          item['title']              = vulnerability['title'].to_s
+          item['id']                 = vulnerability['id'].to_s
+          item['desc']               = vulnerability['description'].to_s
+          item['impact']             = impact(vulnerability['severity']) 
+          item['code']               = ''
+          item['results']            = finding(vulnerability)
+          item['tags']['nist']       = nist_tag( parse_identifiers( vulnerability, 'CWE') )
+          item['tags']['cweid']      = parse_identifiers( vulnerability, 'CWE')
+          item['tags']['cveid']      = parse_identifiers( vulnerability, 'CVE')
+          item['tags']['ghsaid']     = parse_identifiers( vulnerability, 'GHSA')
+
+          controls << item
+        end
+        controls = collapse_duplicates(controls)
+        scaninfo = extract_scaninfo(project)
+        results = HeimdallDataFormat.new(profile_name: scaninfo['policy'],
+                                         version: scaninfo['version'],
+                                         title: "Snyk Project: #{scaninfo['projectName']}",
+                                         summary: "Snyk Summary: #{scaninfo['summary']}",
+                                         controls: controls,
+                                         target_id: scaninfo['projectName'])
+        project_results[scaninfo['projectName']] = results.to_hdf
+      end
+      project_results
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.31
+  version: 1.3.32
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-06-16 00:00:00.000000000 Z
+date: 2020-07-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -203,7 +203,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG.md
 - Guardfile
 - LICENSE.md
 - README.md
@@ -223,9 +222,11 @@ files:
 - lib/heimdall_tools/help/burpsuite_mapper.md
 - lib/heimdall_tools/help/fortify_mapper.md
 - lib/heimdall_tools/help/nessus_mapper.md
+- lib/heimdall_tools/help/snyk_mapper.md
 - lib/heimdall_tools/help/sonarqube_mapper.md
 - lib/heimdall_tools/help/zap_mapper.md
 - lib/heimdall_tools/nessus_mapper.rb
+- lib/heimdall_tools/snyk_mapper.rb
 - lib/heimdall_tools/sonarqube_mapper.rb
 - lib/heimdall_tools/version.rb
 - lib/heimdall_tools/zap_mapper.rb

data/CHANGELOG.md

@@ -1,285 +0,0 @@
-# Changelog
-
-## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.30.pre1...HEAD)
-
-**Closed issues:**
-
-- nessus\_mapper CCI to NIST Mapping [\#54](https://github.com/mitre/heimdall_tools/issues/54)
-
-**Merged pull requests:**
-
-- Update to map NIST tags from CCI refs [\#55](https://github.com/mitre/heimdall_tools/pull/55) ([rx294](https://github.com/rx294))
-
-## [v1.3.30.pre1](https://github.com/mitre/heimdall_tools/tree/v1.3.30.pre1) (2020-06-12)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.29...v1.3.30.pre1)
-
-## [v1.3.29](https://github.com/mitre/heimdall_tools/tree/v1.3.29) (2020-05-28)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.28...v1.3.29)
-
-**Merged pull requests:**
-
-- Remove debug line [\#53](https://github.com/mitre/heimdall_tools/pull/53) ([rx294](https://github.com/rx294))
-
-## [v1.3.28](https://github.com/mitre/heimdall_tools/tree/v1.3.28) (2020-05-28)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.27...v1.3.28)
-
-**Closed issues:**
-
-- Map 'Policy Compliance' entries for nessus\_mapper [\#49](https://github.com/mitre/heimdall_tools/issues/49)
-
-**Merged pull requests:**
-
-- Add code to translate Policy compliance results [\#51](https://github.com/mitre/heimdall_tools/pull/51) ([rx294](https://github.com/rx294))
-
-## [v1.3.27](https://github.com/mitre/heimdall_tools/tree/v1.3.27) (2020-05-22)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...v1.3.27)
-
-**Merged pull requests:**
-
-- Updated the Dockerfile to run in an alpine ruby container [\#47](https://github.com/mitre/heimdall_tools/pull/47) ([jsa5593](https://github.com/jsa5593))
-- Require a newer version of git-lite-version-bump for Windows support [\#46](https://github.com/mitre/heimdall_tools/pull/46) ([rbclark](https://github.com/rbclark))
-
-## [v1.3.26](https://github.com/mitre/heimdall_tools/tree/v1.3.26) (2020-05-06)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.25...v1.3.26)
-
-**Implemented enhancements:**
-
-- Converter: Nessus Transform for Audit results and vulnerability scan results  [\#29](https://github.com/mitre/heimdall_tools/issues/29)
-
-**Merged pull requests:**
-
-- Nessus Mapper  [\#45](https://github.com/mitre/heimdall_tools/pull/45) ([rx294](https://github.com/rx294))
-
-## [v1.3.25](https://github.com/mitre/heimdall_tools/tree/v1.3.25) (2020-04-16)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.24...v1.3.25)
-
-**Closed issues:**
-
-- Add minimum required json fields to work heimdall server    [\#5](https://github.com/mitre/heimdall_tools/issues/5)
-
-**Merged pull requests:**
-
-- Make sure the fields we are looking for in Fortify exist before we parse the element [\#44](https://github.com/mitre/heimdall_tools/pull/44) ([rbclark](https://github.com/rbclark))
-- Update actions to use ruby/setup-ruby [\#43](https://github.com/mitre/heimdall_tools/pull/43) ([Bialogs](https://github.com/Bialogs))
-
-## [v1.3.24](https://github.com/mitre/heimdall_tools/tree/v1.3.24) (2020-04-07)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...v1.3.24)
-
-**Implemented enhancements:**
-
-- Converter: Burp Suite Pro [\#28](https://github.com/mitre/heimdall_tools/issues/28)
-
-**Fixed bugs:**
-
-- \[Bug\] Import mapping csvs by relative path  [\#41](https://github.com/mitre/heimdall_tools/issues/41)
-
-**Merged pull requests:**
-
-- Update to pull data csvs by relative path [\#42](https://github.com/mitre/heimdall_tools/pull/42) ([rx294](https://github.com/rx294))
-- Burpsuite mapper [\#40](https://github.com/mitre/heimdall_tools/pull/40) ([rx294](https://github.com/rx294))
-
-## [v1.3.23](https://github.com/mitre/heimdall_tools/tree/v1.3.23) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre5...v1.3.23)
-
-## [v1.3.23.pre5](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre5) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre4...v1.3.23.pre5)
-
-**Merged pull requests:**
-
-- Rubygems automatically trims the word \_api\_key when referencing the key [\#39](https://github.com/mitre/heimdall_tools/pull/39) ([rbclark](https://github.com/rbclark))
-
-## [v1.3.23.pre4](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre4) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre3...v1.3.23.pre4)
-
-**Merged pull requests:**
-
-- Cleanup GPR and Rubygems release flow [\#38](https://github.com/mitre/heimdall_tools/pull/38) ([rbclark](https://github.com/rbclark))
-
-## [v1.3.23.pre3](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre3) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre2...v1.3.23.pre3)
-
-## [v1.3.23.pre2](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre2) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre...v1.3.23.pre2)
-
-## [v1.3.23.pre](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.22...v1.3.23.pre)
-
-**Merged pull requests:**
-
-- Restructure workflow for publishing gem [\#37](https://github.com/mitre/heimdall_tools/pull/37) ([rbclark](https://github.com/rbclark))
-
-## [v1.3.22](https://github.com/mitre/heimdall_tools/tree/v1.3.22) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.21...v1.3.22)
-
-## [v1.3.21](https://github.com/mitre/heimdall_tools/tree/v1.3.21) (2020-03-31)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.20...v1.3.21)
-
-## [v1.3.20](https://github.com/mitre/heimdall_tools/tree/v1.3.20) (2020-03-30)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.19...v1.3.20)
-
-**Fixed bugs:**
-
-- Unable to Convert Fortify 19.2.0 FVDL file to HDF [\#25](https://github.com/mitre/heimdall_tools/issues/25)
-
-## [v1.3.19](https://github.com/mitre/heimdall_tools/tree/v1.3.19) (2020-03-30)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.18...v1.3.19)
-
-**Merged pull requests:**
-
-- Remove all gems from Gemfile and declare them properly in the gemspec [\#33](https://github.com/mitre/heimdall_tools/pull/33) ([rbclark](https://github.com/rbclark))
-
-## [v1.3.18](https://github.com/mitre/heimdall_tools/tree/v1.3.18) (2020-03-28)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.17...v1.3.18)
-
-## [v1.3.17](https://github.com/mitre/heimdall_tools/tree/v1.3.17) (2020-03-26)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.16...v1.3.17)
-
-**Closed issues:**
-
-- Request New converters [\#23](https://github.com/mitre/heimdall_tools/issues/23)
-
-## [v1.3.16](https://github.com/mitre/heimdall_tools/tree/v1.3.16) (2020-03-25)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.15...v1.3.16)
-
-## [v1.3.15](https://github.com/mitre/heimdall_tools/tree/v1.3.15) (2020-03-25)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.14...v1.3.15)
-
-## [v1.3.14](https://github.com/mitre/heimdall_tools/tree/v1.3.14) (2020-03-24)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.13...v1.3.14)
-
-## [v1.3.13](https://github.com/mitre/heimdall_tools/tree/v1.3.13) (2020-03-24)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.12...v1.3.13)
-
-## [v1.3.12](https://github.com/mitre/heimdall_tools/tree/v1.3.12) (2020-03-24)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.11...v1.3.12)
-
-## [v1.3.11](https://github.com/mitre/heimdall_tools/tree/v1.3.11) (2020-03-24)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.10...v1.3.11)
-
-## [v1.3.10](https://github.com/mitre/heimdall_tools/tree/v1.3.10) (2020-03-24)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.9...v1.3.10)
-
-## [v1.3.9](https://github.com/mitre/heimdall_tools/tree/v1.3.9) (2020-03-23)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.8...v1.3.9)
-
-**Closed issues:**
-
-- Update XML parser [\#26](https://github.com/mitre/heimdall_tools/issues/26)
-
-**Merged pull requests:**
-
-- Update XML parser [\#27](https://github.com/mitre/heimdall_tools/pull/27) ([rx294](https://github.com/rx294))
-
-## [v1.3.8](https://github.com/mitre/heimdall_tools/tree/v1.3.8) (2020-03-09)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.7...v1.3.8)
-
-**Closed issues:**
-
-- \[BUG\] | sonarqube\_mapper is not handling NIST mapping correctly [\#21](https://github.com/mitre/heimdall_tools/issues/21)
-
-**Merged pull requests:**
-
-- Fixes \#21 \[BUG\] | sonarqube\_mapper is not handling NIST mapping correctly [\#22](https://github.com/mitre/heimdall_tools/pull/22) ([rx294](https://github.com/rx294))
-
-## [v1.3.7](https://github.com/mitre/heimdall_tools/tree/v1.3.7) (2020-03-06)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.6...v1.3.7)
-
-## [v1.3.6](https://github.com/mitre/heimdall_tools/tree/v1.3.6) (2020-03-05)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.5...v1.3.6)
-
-## [v1.3.5](https://github.com/mitre/heimdall_tools/tree/v1.3.5) (2020-03-05)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.4...v1.3.5)
-
-## [v1.3.4](https://github.com/mitre/heimdall_tools/tree/v1.3.4) (2020-03-04)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.3...v1.3.4)
-
-**Closed issues:**
-
-- Support Authenticated Sonarqube API  for sonarqube\_mapper [\#18](https://github.com/mitre/heimdall_tools/issues/18)
-
-## [v1.3.3](https://github.com/mitre/heimdall_tools/tree/v1.3.3) (2020-03-04)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.2...v1.3.3)
-
-**Merged pull requests:**
-
-- Sonarqube authentication option [\#20](https://github.com/mitre/heimdall_tools/pull/20) ([rx294](https://github.com/rx294))
-
-## [v1.3.2](https://github.com/mitre/heimdall_tools/tree/v1.3.2) (2019-12-27)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.1...v1.3.2)
-
-**Merged pull requests:**
-
-- Adding dockerfile for heimdall tools [\#15](https://github.com/mitre/heimdall_tools/pull/15) ([rx294](https://github.com/rx294))
-
-## [v1.3.1](https://github.com/mitre/heimdall_tools/tree/v1.3.1) (2019-12-27)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.0...v1.3.1)
-
-**Closed issues:**
-
-- Update HDF format generate jsons in Inspec results style [\#10](https://github.com/mitre/heimdall_tools/issues/10)
-
-**Merged pull requests:**
-
-- Updating required nori gem version [\#16](https://github.com/mitre/heimdall_tools/pull/16) ([rx294](https://github.com/rx294))
-- Populate shasum and runtime field  [\#14](https://github.com/mitre/heimdall_tools/pull/14) ([rx294](https://github.com/rx294))
-- Updates as per feedback [\#13](https://github.com/mitre/heimdall_tools/pull/13) ([rx294](https://github.com/rx294))
-- updating samples  [\#12](https://github.com/mitre/heimdall_tools/pull/12) ([rx294](https://github.com/rx294))
-- Change to results view on heimdall [\#11](https://github.com/mitre/heimdall_tools/pull/11) ([rx294](https://github.com/rx294))
-
-## [v1.3.0](https://github.com/mitre/heimdall_tools/tree/v1.3.0) (2019-09-24)
-
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/c9c08305796eaf12d7abb2535c285a4acd2f5a91...v1.3.0)
-
-**Closed issues:**
-
-- README needs authors [\#9](https://github.com/mitre/heimdall_tools/issues/9)
-- Get NIST rev version from CSV [\#4](https://github.com/mitre/heimdall_tools/issues/4)
-- Output in evaluation format, not profile  [\#2](https://github.com/mitre/heimdall_tools/issues/2)
-
-**Merged pull requests:**
-
-- Fixes to PR \#6 [\#8](https://github.com/mitre/heimdall_tools/pull/8) ([rx294](https://github.com/rx294))
-- Update README fortify-fvdl flag to fvdl as in usage [\#7](https://github.com/mitre/heimdall_tools/pull/7) ([mirskiy](https://github.com/mirskiy))
-- Add SonarQube Mapper and OWASP NIST mappings [\#6](https://github.com/mitre/heimdall_tools/pull/6) ([mirskiy](https://github.com/mirskiy))
-- OWASP ZAP Mapper PR [\#3](https://github.com/mitre/heimdall_tools/pull/3) ([rx294](https://github.com/rx294))
-
-
-
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*