@fabasoad/sarif-to-slack 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/.github/ISSUE_TEMPLATE/bug_report.md +1 -1
  2. package/.github/pull_request_template.md +3 -3
  3. package/.github/workflows/linting.yml +14 -0
  4. package/.github/workflows/release.yml +5 -1
  5. package/.github/workflows/send-sarif-to-slack.yml +214 -0
  6. package/.github/workflows/unit-tests.yml +1 -0
  7. package/.pre-commit-config.yaml +3 -3
  8. package/.tool-versions +1 -1
  9. package/CONTRIBUTING.md +1 -1
  10. package/Makefile +10 -3
  11. package/README.md +36 -5
  12. package/biome.json +15 -12
  13. package/dist/Logger.js +17 -6
  14. package/dist/Processors.js +23 -22
  15. package/dist/SarifToSlackService.d.ts.map +1 -1
  16. package/dist/SarifToSlackService.js +6 -7
  17. package/dist/SlackMessageBuilder.js +51 -55
  18. package/dist/index.d.ts +9 -4
  19. package/dist/index.d.ts.map +1 -1
  20. package/dist/index.js +10 -5
  21. package/dist/model/SarifModelPerRun.d.ts +17 -0
  22. package/dist/model/SarifModelPerRun.d.ts.map +1 -0
  23. package/dist/model/SarifModelPerRun.js +84 -0
  24. package/dist/model/SarifModelPerSarif.d.ts +20 -0
  25. package/dist/model/SarifModelPerSarif.d.ts.map +1 -0
  26. package/dist/model/SarifModelPerSarif.js +97 -0
  27. package/dist/model/types.d.ts +17 -0
  28. package/dist/model/types.d.ts.map +1 -0
  29. package/dist/model/types.js +31 -0
  30. package/dist/sarif-to-slack.d.ts +121 -18
  31. package/dist/tsdoc-metadata.json +1 -1
  32. package/dist/types.d.ts +107 -15
  33. package/dist/types.d.ts.map +1 -1
  34. package/dist/types.js +73 -7
  35. package/dist/utils/SarifUtils.d.ts +5 -0
  36. package/dist/utils/SarifUtils.d.ts.map +1 -0
  37. package/dist/utils/SarifUtils.js +32 -0
  38. package/dist/utils/SortUtils.d.ts +5 -0
  39. package/dist/utils/SortUtils.d.ts.map +1 -0
  40. package/dist/utils/SortUtils.js +8 -0
  41. package/dist/version.d.ts +2 -0
  42. package/dist/version.d.ts.map +1 -0
  43. package/dist/version.js +4 -0
  44. package/etc/sarif-to-slack.api.md +47 -9
  45. package/jest.config.json +4 -4
  46. package/package.json +14 -10
  47. package/scripts/save-version.sh +6 -0
  48. package/src/Logger.ts +22 -17
  49. package/src/Processors.ts +22 -22
  50. package/src/SarifToSlackService.ts +6 -7
  51. package/src/SlackMessageBuilder.ts +85 -68
  52. package/src/index.ts +17 -6
  53. package/src/model/SarifModelPerRun.ts +114 -0
  54. package/src/model/SarifModelPerSarif.ts +116 -0
  55. package/src/model/types.ts +31 -0
  56. package/src/types.ts +113 -15
  57. package/src/utils/SarifUtils.ts +44 -0
  58. package/src/utils/SortUtils.ts +21 -0
  59. package/src/version.ts +3 -0
  60. package/test-data/sarif/codeql-csharp.sarif +1 -0
  61. package/test-data/sarif/codeql-go.sarif +1 -0
  62. package/test-data/sarif/codeql-python.sarif +1 -0
  63. package/test-data/sarif/codeql-ruby.sarif +1 -0
  64. package/test-data/sarif/codeql-typescript.sarif +1 -0
  65. package/test-data/sarif/grype-container.sarif +1774 -0
  66. package/test-data/sarif/runs-1-tools-1-results-0.sarif +18 -0
  67. package/test-data/sarif/runs-2-tools-1-results-0.sarif +30 -0
  68. package/test-data/sarif/runs-2-tools-1.sarif +656 -0
  69. package/test-data/sarif/runs-2-tools-2-results-0.sarif +44 -0
  70. package/test-data/sarif/runs-2-tools-2.sarif +686 -0
  71. package/test-data/sarif/runs-3-tools-2-results-0.sarif +48 -0
  72. package/test-data/sarif/runs-3-tools-2.sarif +278 -0
  73. package/test-data/sarif/snyk-composer.sarif +934 -0
  74. package/test-data/sarif/snyk-container.sarif +313 -0
  75. package/test-data/sarif/snyk-gomodules.sarif +388 -0
  76. package/test-data/sarif/snyk-gradle.sarif +274 -0
  77. package/test-data/sarif/snyk-hex.sarif +66 -0
  78. package/test-data/sarif/snyk-maven.sarif +274 -0
  79. package/test-data/sarif/snyk-npm.sarif +896 -0
  80. package/test-data/sarif/snyk-nuget.sarif +90 -0
  81. package/test-data/sarif/snyk-pip.sarif +66 -0
  82. package/test-data/sarif/snyk-pnpm.sarif +90 -0
  83. package/test-data/sarif/snyk-poetry.sarif +1952 -0
  84. package/test-data/sarif/snyk-rubygems.sarif +440 -0
  85. package/test-data/sarif/snyk-sbt.sarif +178 -0
  86. package/test-data/sarif/snyk-swift.sarif +112 -0
  87. package/test-data/sarif/snyk-yarn.sarif +2900 -0
  88. package/test-data/sarif/trivy-iac.sarif +134 -0
  89. package/test-data/sarif/wiz-container.sarif +30916 -0
  90. package/test-data/sarif/wiz-iac.sarif +558 -0
  91. package/tests/Processors.spec.ts +3 -3
  92. package/tests/integration/SendSarifToSlack.spec.ts +56 -0
  93. package/tsconfig.json +14 -14
  94. package/dist/Logger.js.map +0 -1
  95. package/dist/Processors.js.map +0 -1
  96. package/dist/SarifToSlackService.js.map +0 -1
  97. package/dist/SlackMessageBuilder.js.map +0 -1
  98. package/dist/index.js.map +0 -1
  99. package/dist/types.js.map +0 -1
package/test-data/sarif/trivy-iac.sarif ADDED
@@ -0,0 +1,134 @@
1
+ {
2
+ "version": "2.1.0",
3
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
4
+ "runs": [
5
+ {
6
+ "tool": {
7
+ "driver": {
8
+ "fullName": "Trivy Vulnerability Scanner",
9
+ "informationUri": "https://github.com/aquasecurity/trivy",
10
+ "name": "Trivy",
11
+ "rules": [
12
+ {
13
+ "id": "s3-bucket-logging",
14
+ "name": "Misconfiguration",
15
+ "shortDescription": {
16
+ "text": "S3 Bucket Logging"
17
+ },
18
+ "fullDescription": {
19
+ "text": "Ensures S3 bucket logging is enabled for S3 buckets"
20
+ },
21
+ "defaultConfiguration": {
22
+ "level": "note"
23
+ },
24
+ "helpUri": "https://avd.aquasec.com/misconfig/s3-bucket-logging",
25
+ "help": {
26
+ "text": "Misconfiguration s3-bucket-logging\nType: Terraform Security Check\nSeverity: LOW\nCheck: S3 Bucket Logging\nMessage: Bucket has logging disabled\nLink: [s3-bucket-logging](https://avd.aquasec.com/misconfig/s3-bucket-logging)\nEnsures S3 bucket logging is enabled for S3 buckets",
27
+ "markdown": "**Misconfiguration s3-bucket-logging**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|LOW|S3 Bucket Logging|Bucket has logging disabled|[s3-bucket-logging](https://avd.aquasec.com/misconfig/s3-bucket-logging)|\n\nEnsures S3 bucket logging is enabled for S3 buckets"
28
+ },
29
+ "properties": {
30
+ "precision": "very-high",
31
+ "security-severity": "2.0",
32
+ "tags": [
33
+ "misconfiguration",
34
+ "security",
35
+ "LOW"
36
+ ]
37
+ }
38
+ },
39
+ {
40
+ "id": "AVD-AWS-0132",
41
+ "name": "Misconfiguration",
42
+ "shortDescription": {
43
+ "text": "S3 encryption should use Customer Managed Keys"
44
+ },
45
+ "fullDescription": {
46
+ "text": "Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.\n"
47
+ },
48
+ "defaultConfiguration": {
49
+ "level": "error"
50
+ },
51
+ "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0132",
52
+ "help": {
53
+ "text": "Misconfiguration AVD-AWS-0132\nType: Terraform Security Check\nSeverity: HIGH\nCheck: S3 encryption should use Customer Managed Keys\nMessage: Bucket does not encrypt data with a customer managed key.\nLink: [AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)\nEncryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.\n",
54
+ "markdown": "**Misconfiguration AVD-AWS-0132**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|S3 encryption should use Customer Managed Keys|Bucket does not encrypt data with a customer managed key.|[AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)|\n\nEncryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.\n"
55
+ },
56
+ "properties": {
57
+ "precision": "very-high",
58
+ "security-severity": "8.0",
59
+ "tags": [
60
+ "misconfiguration",
61
+ "security",
62
+ "HIGH"
63
+ ]
64
+ }
65
+ }
66
+ ],
67
+ "version": "0.62.1"
68
+ }
69
+ },
70
+ "results": [
71
+ {
72
+ "ruleId": "s3-bucket-logging",
73
+ "ruleIndex": 0,
74
+ "level": "note",
75
+ "message": {
76
+ "text": "Artifact: terraform/s3.tf\nType: terraform\nVulnerability s3-bucket-logging\nSeverity: LOW\nMessage: Bucket has logging disabled\nLink: [s3-bucket-logging](https://avd.aquasec.com/misconfig/s3-bucket-logging)"
77
+ },
78
+ "locations": [
79
+ {
80
+ "physicalLocation": {
81
+ "artifactLocation": {
82
+ "uri": "terraform/s3.tf",
83
+ "uriBaseId": "ROOTPATH"
84
+ },
85
+ "region": {
86
+ "startLine": 16,
87
+ "startColumn": 1,
88
+ "endLine": 44,
89
+ "endColumn": 1
90
+ }
91
+ },
92
+ "message": {
93
+ "text": "terraform/s3.tf"
94
+ }
95
+ }
96
+ ]
97
+ },
98
+ {
99
+ "ruleId": "AVD-AWS-0132",
100
+ "ruleIndex": 1,
101
+ "level": "error",
102
+ "message": {
103
+ "text": "Artifact: terraform/s3.tf\nType: terraform\nVulnerability AVD-AWS-0132\nSeverity: HIGH\nMessage: Bucket does not encrypt data with a customer managed key.\nLink: [AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)"
104
+ },
105
+ "locations": [
106
+ {
107
+ "physicalLocation": {
108
+ "artifactLocation": {
109
+ "uri": "terraform/s3.tf",
110
+ "uriBaseId": "ROOTPATH"
111
+ },
112
+ "region": {
113
+ "startLine": 16,
114
+ "startColumn": 1,
115
+ "endLine": 44,
116
+ "endColumn": 1
117
+ }
118
+ },
119
+ "message": {
120
+ "text": "terraform/s3.tf"
121
+ }
122
+ }
123
+ ]
124
+ }
125
+ ],
126
+ "columnKind": "utf16CodeUnits",
127
+ "originalUriBaseIds": {
128
+ "ROOTPATH": {
129
+ "uri": "file:///Users/john.doe/Source/personal/business-card-deployment/"
130
+ }
131
+ }
132
+ }
133
+ ]
134
+ }