devsecops-engine-tools 1.19.3__py3-none-any.whl → 1.21.0__py3-none-any.whl

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py

@@ -243,7 +243,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 self.FALSE_POSITIVE,
             )
 
-            exclusions_false_positive = self._get_findings_with_exclusions(
+            exclusions_out_of_scope = self._get_findings_with_exclusions(
                 session_manager,
                 service,
                 dd_max_retries,
@@ -266,6 +266,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             return (
                 list(exclusions_risk_accepted)
                 + list(exclusions_false_positive)
+                + list(exclusions_out_of_scope)
                 + list(exclusions_transfer_finding)
             )
         except Exception as ex:

devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py

@@ -25,6 +25,7 @@ class BreakBuild:
         vm_exclusions: "list[Exclusions]",
         report_list: "list[Report]",
         all_report: "list[Report]",
+        threshold: any,
     ):
         self.devops_platform_gateway = devops_platform_gateway
         self.printer_table_gateway = printer_table_gateway
@@ -33,6 +34,7 @@ class BreakBuild:
         self.vm_exclusions = vm_exclusions
         self.report_list = report_list
         self.all_report = all_report
+        self.threshold = threshold
         self.break_build = False
         self.warning_build = False
         self.report_breaker = []
@@ -117,13 +119,12 @@ class BreakBuild:
             print(self.devops_platform_gateway.result_pipeline("succeeded"))
 
     def _remediation_rate_control(self, all_report: "list[Report]"):
-        remote_config = self.remote_config
         mitigated = sum(1 for report in all_report if report.mitigated)
         total = len(all_report)
         print(f"Mitigated count: {mitigated}   Total count: {total}")
         remediation_rate_value = self._get_percentage(mitigated / total)
 
-        risk_threshold = remote_config["THRESHOLD"]["REMEDIATION_RATE"]
+        risk_threshold = self.threshold["REMEDIATION_RATE"]
         self.remediation_rate = remediation_rate_value
 
         if remediation_rate_value >= (risk_threshold + 5):
@@ -202,8 +203,8 @@ class BreakBuild:
     def _tag_blacklist_control(self, report_list: "list[Report]"):
         remote_config = self.remote_config
         if report_list:
-            tag_blacklist = set(remote_config["THRESHOLD"]["TAG_BLACKLIST"])
-            tag_age_threshold = remote_config["THRESHOLD"]["TAG_MAX_AGE"]
+            tag_blacklist = set(remote_config["TAG_BLACKLIST"])
+            tag_age_threshold = self.threshold["TAG_MAX_AGE"]
 
             filtered_reports_above_threshold = [
                 (report, tag)
@@ -247,7 +248,7 @@ class BreakBuild:
 
     def _risk_score_control(self, report_list: "list[Report]"):
         remote_config = self.remote_config
-        risk_score_threshold = remote_config["THRESHOLD"]["RISK_SCORE"]
+        risk_score_threshold = self.threshold["RISK_SCORE"]
         break_build = False
         if report_list:
             for report in report_list:

devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py

@@ -0,0 +1,19 @@
+import re
+
+
+class CheckThreshold:
+    def __init__(self, pipeline_name, threshold, risk_exclusions):
+        self.pipeline_name = pipeline_name
+        self.threshold = threshold
+        self.risk_exclusions = risk_exclusions
+
+    def process(self):
+        if (self.pipeline_name in self.risk_exclusions.keys()) and (
+            self.risk_exclusions[self.pipeline_name].get("THRESHOLD", None)
+        ):
+            return self.risk_exclusions[self.pipeline_name]["THRESHOLD"]
+        elif "BY_PATTERN_SEARCH" in self.risk_exclusions.keys():
+            for pattern, values in self.risk_exclusions["BY_PATTERN_SEARCH"].items():
+                if re.match(pattern, self.pipeline_name):
+                    return values["THRESHOLD"]
+        return self.threshold

devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py

@@ -10,6 +10,9 @@ from devsecops_engine_tools.engine_risk.src.domain.usecases.add_data import (
 from devsecops_engine_tools.engine_risk.src.domain.usecases.get_exclusions import (
     GetExclusions,
 )
+from devsecops_engine_tools.engine_risk.src.domain.usecases.check_threshold import (
+    CheckThreshold,
+)
 
 
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
@@ -33,6 +36,7 @@ def init_engine_risk(
     risk_exclusions = devops_platform_gateway.get_remote_config(
         dict_args["remote_config_repo"], "engine_risk/Exclusions.json"
     )
+    pipeline_name = devops_platform_gateway.get_variable("pipeline_name")
 
     if not findings:
         print("No findings found in Vulnerability Management Platform")
@@ -61,6 +65,10 @@ def init_engine_risk(
     )
     exclusions = get_exclusions.process()
 
+    threshold = CheckThreshold(
+        pipeline_name, remote_config["THRESHOLD"], risk_exclusions
+    ).process()
+
     break_build = BreakBuild(
         devops_platform_gateway,
         print_table_gateway,
@@ -69,6 +77,7 @@ def init_engine_risk(
         vm_exclusions,
         data_added,
         findings,
+        threshold,
     )
 
     return break_build.process()

devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/entry_point_report_sonar.py

@@ -26,8 +26,9 @@ def init_report_sonar(vulnerability_management_gateway, secrets_manager_gateway,
     branch = devops_platform_gateway.get_variable("branch_name")
     is_valid_pipeline = not re.match(report_config_tool["IGNORE_SEARCH_PATTERN"], pipeline_name, re.IGNORECASE)
     is_valid_branch = branch in report_config_tool["TARGET_BRANCHES"]
-
-    if config_tool["REPORT_SONAR"]["ENABLED"] == "true" and is_valid_pipeline and is_valid_branch:
+    is_enabled = config_tool["REPORT_SONAR"]["ENABLED"] == "true"
+    
+    if is_enabled and is_valid_pipeline and is_valid_branch:
         input_core = ReportSonar(
             vulnerability_management_gateway,
             secrets_manager_gateway, 
@@ -40,7 +41,10 @@ def init_report_sonar(vulnerability_management_gateway, secrets_manager_gateway,
                 config_tool, input_core, {"tool": "report_sonar"}, ""
             )
     else:
+        if not is_enabled: message = "DevSecOps Engine Tool - {0} in maintenance...".format("report_sonar")
+        else: message = "Tool skipped by DevSecOps policy"
+
         print(
             devops_platform_gateway.message(
-                "warning", "DevSecOps Engine Tool - {0} in maintenance...".format("report_sonar")),
+                "warning", message),
         )

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.19.3'
+version = '1.21.0'

{devsecops_engine_tools-1.19.3.dist-info → devsecops_engine_tools-1.21.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.19.3
+Version: 1.21.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.19.3.dist-info → devsecops_engine_tools-1.21.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=0CyU1ge95zilH9Z3DyJB5zoA8u0EeA7zFmaASehVjeg,19
+devsecops_engine_tools/version.py,sha256=dyB7JXNA2swT02HRC3POdWF2g3dW6aftlCg32kNc1Fw,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -36,7 +36,7 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/secret
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=blI4ZrquRE4y6DJ7N2YRx1nL0wrAXvdpx0fLSUf5qwA,4831
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=sLeJ-IQ309LcFFbi7JH7jIAKuAQAOl7DzStJAu-kIc4,20726
+devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=aXWW0np_1GmbezPXbZKEJ8HGKdjCouM84GEexa5bKk8,20772
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=pxlgjhX4-Dssn-XHKK8AdCOj6Ry6VcQtoDf5q8CxTks,3731
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -74,7 +74,8 @@ devsecops_engine_tools/engine_risk/src/domain/model/gateways/__init__.py,sha256=
 devsecops_engine_tools/engine_risk/src/domain/model/gateways/add_epss_gateway.py,sha256=cTm4QSxiaUt7ETCdXWZxKEus8pmEDA3e9k5b39SLDDE,178
 devsecops_engine_tools/engine_risk/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-q7hJfJscvrbMDcy7tONqxdxl-CSl_TWTRUGKA,402
-devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=TSZTXR8raKA1906dFl-Cv3J711iGUcBQmx82Jw6mF_M,11847
+devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=BS4oRY0-ZK59xaVxMHxyEs4IRxLSq_lkjvYwH2BmgtE,11814
+devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py,sha256=VYdmcbAuNNvdHCegRfvza7YJ8FHbFNyDosrKJrMW93I,765
 devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=7_qbPOoTa5up9zymGQ9ancqR_J7JhMyOXDWqjq_Pdh0,2380
 devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=JmeBtO6CMufjYSRpGQU1kPZoW3PnXwVXnl33LSIU3n8,3543
 devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -82,7 +83,7 @@ devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/__init__.p
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py,sha256=pWaRmIwVyiB5mlmWySHIx-DUgN9vtKQc-MqyRNVlTJo,2150
 devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=DQe1yUd5p83zecH53jKrsnS-JV2ZaN7YvdtQLwzEx0A,2073
+devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=wM6j4HmiKhw7wt7JKxlE576QYdwcFK1nZHv64HRwXD4,2389
 devsecops_engine_tools/engine_risk/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_code/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -293,7 +294,7 @@ devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adap
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adapters/sonarqube/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adapters/sonarqube/sonarqube_report.py,sha256=eKzxONP3pP4d2MIknC5sGVuxcHzgelt5D0Kun88WBMo,4514
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/entry_point_report_sonar.py,sha256=VSv8uGG36HuPv2dL7vpKKLFVQKkbqM3NPMd1f-yTclM,2036
+devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/entry_point_report_sonar.py,sha256=Q5R-O6KbU6qb7-U3dtdhBiHvs9j9X1TFlG5F4Zmxz3A,2173
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/helpers/utils.py,sha256=SGOWrkzQrvOt9bRhhSfgiMzj1695e1W0B9ox9C1ihQI,294
 devsecops_engine_tools/engine_utilities/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -307,8 +308,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=79nXjjRjR64xvXmQzJqFpDj5xByrqQbc6OnowHqBEz4,1756
-devsecops_engine_tools-1.19.3.dist-info/METADATA,sha256=utmGKLo-BoyDHmtdPij7Wo9TEmBOKlqduX4GquNXFyc,10895
-devsecops_engine_tools-1.19.3.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.19.3.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.19.3.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.19.3.dist-info/RECORD,,
+devsecops_engine_tools-1.21.0.dist-info/METADATA,sha256=ZvbQcgJ3B_WjQshEKyhL5355wWrCCDWKyHCbqIMXZEg,10895
+devsecops_engine_tools-1.21.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.21.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.21.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.21.0.dist-info/RECORD,,