devsecops-engine-tools 1.34.1__tar.gz → 1.35.0__tar.gz

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.34.1
+Version: 1.35.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

@@ -109,7 +109,7 @@ def get_inputs_from_cli(args):
         type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi", "terraform"}),
         required=False,
         default="all",
-        help="Platform to scan, only apply engine_iac tool",
+        help="Platform to scan, applies only to the engine_iac tool and it is possible to select several {all, docker, k8s, cloudformation, openapi, terraform}",
     )
     parser.add_argument(
         "--use_secrets_manager",

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_core/src/domain/model/exclusions.py

@@ -11,7 +11,7 @@ class Exclusions:
         self.expired_date = kwargs.get("expired_date", "")
         self.severity = kwargs.get("severity", "")
         self.hu = kwargs.get("hu", "")
-        self.reason = kwargs.get("reason", "Risk Accepted")
+        self.reason = kwargs.get("reason", "DevSecOps policy")
         self.vm_id = kwargs.get("vm_id", "")
         self.vm_id_url = kwargs.get("vm_id_url", "")
         self.service = kwargs.get("service", "")

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py

@@ -37,3 +37,9 @@ class VulnerabilityManagementGateway(metaclass=ABCMeta):
         self, sbom_components, service, dict_args, secret_tool, config_tool
     ):
         "send_sbom_components"
+
+    @abstractmethod
+    def get_black_list(
+        self, dict_args, secret_tool, config_tool
+    ):
+        "get_black_list"

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py

@@ -1,5 +1,5 @@
 import sys
-import re
+from itertools import chain
 from dataclasses import dataclass
 from functools import reduce
 
@@ -54,7 +54,7 @@ class BreakBuild:
                         )
 
     def process(self, findings_list: "list[Finding]", input_core: InputCore, args: any):
-        sys.stdout.reconfigure(encoding='utf-8')
+        sys.stdout.reconfigure(encoding="utf-8")
         devops_platform_gateway = self.devops_platform_gateway
         printer_table_gateway = self.printer_table_gateway
         threshold = input_core.threshold_defined
@@ -241,9 +241,11 @@ class BreakBuild:
                         ),
                     )
                 )
-                
+
                 if devops_platform_gateway.get_variable("stage") == "build":
-                    print(devops_platform_gateway.result_pipeline("succeeded_with_issues"))
+                    print(
+                        devops_platform_gateway.result_pipeline("succeeded_with_issues")
+                    )
                 else:
                     print(devops_platform_gateway.result_pipeline("succeeded"))
 
@@ -267,7 +269,12 @@ class BreakBuild:
                 }
 
             ids_vulnerabilitites = list(
-                map(lambda x: x.id, vulnerabilities_without_exclusions_list)
+                chain.from_iterable(
+                    (
+                        [x.id, x.description] if x.tool == "XRAY" else [x.id]
+                        for x in vulnerabilities_without_exclusions_list
+                    )
+                )
             )
             ids_match = list(filter(lambda x: x in ids_vulnerabilitites, threshold.cve))
             if len(ids_match) > 0:
@@ -301,7 +308,11 @@ class BreakBuild:
                     status = "failed"
                 else:
                     if devops_platform_gateway.get_variable("stage") == "build":
-                        print(devops_platform_gateway.result_pipeline("succeeded_with_issues"))
+                        print(
+                            devops_platform_gateway.result_pipeline(
+                                "succeeded_with_issues"
+                            )
+                        )
                 scan_result["compliances"] = {
                     "threshold": {"critical": compliance_critical},
                     "status": status,
@@ -334,7 +345,10 @@ class BreakBuild:
                                 (
                                     elem.create_date
                                     for elem in exclusions
-                                    if elem.id == item.id and (elem.where in item.where or "all" in elem.where)
+                                    if elem.id == item.id
+                                    and (
+                                        elem.where in item.where or "all" in elem.where
+                                    )
                                 ),
                                 None,
                             ),
@@ -342,7 +356,10 @@ class BreakBuild:
                                 (
                                     elem.expired_date
                                     for elem in exclusions
-                                    if elem.id == item.id and (elem.where in item.where or "all" in elem.where)
+                                    if elem.id == item.id
+                                    and (
+                                        elem.where in item.where or "all" in elem.where
+                                    )
                                 ),
                                 None,
                             ),
@@ -350,7 +367,10 @@ class BreakBuild:
                                 (
                                     elem.reason
                                     for elem in exclusions
-                                    if elem.id == item.id and (elem.where in item.where or "all" in elem.where)
+                                    if elem.id == item.id
+                                    and (
+                                        elem.where in item.where or "all" in elem.where
+                                    )
                                 ),
                                 None,
                             ),
@@ -378,4 +398,4 @@ class BreakBuild:
                 custom_message,
             )
         )
-        return scan_result
+        return scan_result

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py

@@ -37,7 +37,7 @@ from devsecops_engine_tools.engine_sca.engine_dependencies.src.applications.runn
     runner_engine_dependencies,
 )
 from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import (
-    runner_engine_dast
+    runner_engine_dast,
 )
 from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import (
     define_env,
@@ -47,8 +47,6 @@ from devsecops_engine_tools.engine_utilities import settings
 
 logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
-MESSAGE_ENABLED = "not yet enabled"
-
 
 class HandleScan:
     def __init__(
@@ -104,7 +102,7 @@ class HandleScan:
                 dict_args,
                 config_tool["ENGINE_DAST"],
                 secret_tool,
-                self.devops_platform_gateway
+                self.devops_platform_gateway,
             )
             self._use_vulnerability_management(
                 config_tool, input_core, dict_args, secret_tool, env
@@ -133,48 +131,16 @@ class HandleScan:
             return findings_list, input_core
         elif "engine_dependencies" in dict_args["tool"]:
             findings_list, input_core, sbom_components = runner_engine_dependencies(
-                dict_args, config_tool, secret_tool, self.devops_platform_gateway, self.sbom_tool_gateway
-            )
-            self._use_vulnerability_management(
-                config_tool,
-                input_core,
                 dict_args,
+                config_tool,
                 secret_tool,
-                env,
-                sbom_components
+                self.devops_platform_gateway,
+                self.sbom_tool_gateway,
             )
-            return findings_list, input_core
-
-    def _define_threshold_quality_vuln(
-        self, input_core: InputCore, dict_args, secret_tool, config_tool
-    ):
-        quality_vulnerability_management = (
-            input_core.threshold_defined.quality_vulnerability_management
-        )
-        if quality_vulnerability_management:
-            product_type = self.vulnerability_management.get_product_type_service(
-                input_core.scope_pipeline, dict_args, secret_tool, config_tool
+            self._use_vulnerability_management(
+                config_tool, input_core, dict_args, secret_tool, env, sbom_components
             )
-            if product_type:
-                pt_name = product_type.name
-                apply_qualitypt = next(
-                    filter(
-                        lambda qapt: pt_name in qapt,
-                        quality_vulnerability_management["PTS"],
-                    ),
-                    None,
-                )
-                if apply_qualitypt:
-                    pt_info = apply_qualitypt[pt_name]
-                    pt_profile = pt_info["PROFILE"]
-                    pt_apps = pt_info["APPS"]
-
-                    input_core.threshold_defined.vulnerability = (
-                        LevelVulnerability(quality_vulnerability_management[pt_profile])
-                        if pt_apps == "ALL"
-                        or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps))
-                        else input_core.threshold_defined.vulnerability
-                    )
+            return findings_list, input_core
 
     def _use_vulnerability_management(
         self,
@@ -207,9 +173,15 @@ class HandleScan:
                             self.devops_platform_gateway.get_variable("branch_tag"),
                             self.devops_platform_gateway.get_variable("commit_hash"),
                             env,
-                            self.devops_platform_gateway.get_variable("vm_product_type_name"),
-                            self.devops_platform_gateway.get_variable("vm_product_name"),
-                            self.devops_platform_gateway.get_variable("vm_product_description"),
+                            self.devops_platform_gateway.get_variable(
+                                "vm_product_type_name"
+                            ),
+                            self.devops_platform_gateway.get_variable(
+                                "vm_product_name"
+                            ),
+                            self.devops_platform_gateway.get_variable(
+                                "vm_product_description"
+                            ),
                         )
                     )
 
@@ -222,6 +194,10 @@ class HandleScan:
                             config_tool,
                         )
 
+                self._update_threshold_cve(
+                    input_core, dict_args, secret_tool, config_tool
+                )
+
                 self._define_threshold_quality_vuln(
                     input_core, dict_args, secret_tool, config_tool
                 )
@@ -239,3 +215,43 @@ class HandleScan:
                 )
             except ExceptionFindingsExcepted as ex2:
                 logger.error(str(ex2))
+
+    def _update_threshold_cve(
+        self, input_core: InputCore, dict_args, secret_tool, config_tool
+    ):
+        input_core.threshold_defined.cve.extend(
+            self.vulnerability_management.get_black_list(
+                dict_args, secret_tool, config_tool
+            )
+        )
+
+    def _define_threshold_quality_vuln(
+        self, input_core: InputCore, dict_args, secret_tool, config_tool
+    ):
+        quality_vulnerability_management = (
+            input_core.threshold_defined.quality_vulnerability_management
+        )
+        if quality_vulnerability_management:
+            product_type = self.vulnerability_management.get_product_type_service(
+                input_core.scope_pipeline, dict_args, secret_tool, config_tool
+            )
+            if product_type:
+                pt_name = product_type.name
+                apply_qualitypt = next(
+                    filter(
+                        lambda qapt: pt_name in qapt,
+                        quality_vulnerability_management["PTS"],
+                    ),
+                    None,
+                )
+                if apply_qualitypt:
+                    pt_info = apply_qualitypt[pt_name]
+                    pt_profile = pt_info["PROFILE"]
+                    pt_apps = pt_info["APPS"]
+
+                    input_core.threshold_defined.vulnerability = (
+                        LevelVulnerability(quality_vulnerability_management[pt_profile])
+                        if pt_apps == "ALL"
+                        or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps))
+                        else input_core.threshold_defined.vulnerability
+                    )

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py

@@ -13,7 +13,7 @@ from devsecops_engine_tools.engine_utilities.defect_dojo import (
     Engagement,
     Product,
     Component,
-    FindingExclusion
+    FindingExclusion,
 )
 from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
 from devsecops_engine_tools.engine_core.src.domain.model.report import Report
@@ -82,7 +82,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "DEPENDENCY_CHECK": "Dependency Check Scan",
                 "SONARQUBE": "SonarQube API Import",
                 "GITLEAKS": "Gitleaks Scan",
-                "NUCLEI": "Nuclei Scan"
+                "NUCLEI": "Nuclei Scan",
             }
 
             if any(
@@ -254,9 +254,11 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             )
 
             white_list = self._get_finding_exclusion(
-                session_manager, dd_max_retries, {
+                session_manager,
+                dd_max_retries,
+                {
                     "type": "white_list",
-                }
+                },
             )
 
             exclusions_white_list = self._get_findings_with_exclusions(
@@ -299,7 +301,9 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "HOST_DEFECT_DOJO"
             ]
 
-            session_manager = self._get_session_manager(dict_args, secret_tool, config_tool)
+            session_manager = self._get_session_manager(
+                dict_args, secret_tool, config_tool
+            )
 
             findings = self._get_findings(
                 session_manager,
@@ -316,13 +320,18 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             )
 
             white_list = self._get_finding_exclusion(
-                session_manager, max_retries, {
+                session_manager,
+                max_retries,
+                {
                     "type": "white_list",
-                }
+                },
             )
 
             all_exclusions = self._get_report_exclusions(
-                all_findings, self._format_date_to_dd_format, host_dd=host_dd, white_list=white_list
+                all_findings,
+                self._format_date_to_dd_format,
+                host_dd=host_dd,
+                white_list=white_list,
             )
 
             return all_findings, all_exclusions
@@ -401,6 +410,26 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 )
             )
 
+    def get_black_list(self, dict_args, secret_tool, config_tool):
+        try:
+            session_manager = self._get_session_manager(
+                dict_args, secret_tool, config_tool
+            )
+
+            exclusions_black_list = self._get_finding_exclusion(
+                session_manager,
+                config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["MAX_RETRIES_QUERY"],
+                {
+                    "type": "black_list",
+                },
+            )
+
+            return [entry.unique_id_from_tool for entry in exclusions_black_list]
+        except Exception as ex:
+            raise ExceptionVulnerabilityManagement(
+                "Error getting black list with the following error: {0} ".format(ex)
+            )
+
     def _build_request_importscan(
         self,
         vulnerability_management: VulnerabilityManagement,
@@ -502,19 +531,34 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             if finding.risk_accepted:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.RISK_ACCEPTED, host_dd, **kwargs
+                        finding,
+                        date_fn,
+                        "engine_risk",
+                        self.RISK_ACCEPTED,
+                        host_dd,
+                        **kwargs,
                     )
                 )
             elif finding.false_p:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.FALSE_POSITIVE, host_dd, **kwargs
+                        finding,
+                        date_fn,
+                        "engine_risk",
+                        self.FALSE_POSITIVE,
+                        host_dd,
+                        **kwargs,
                     )
                 )
             elif finding.out_of_scope:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.OUT_OF_SCOPE, host_dd, **kwargs
+                        finding,
+                        date_fn,
+                        "engine_risk",
+                        self.OUT_OF_SCOPE,
+                        host_dd,
+                        **kwargs,
                     )
                 )
             elif finding.risk_status == "Transfer Accepted":
@@ -525,26 +569,45 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                         "engine_risk",
                         self.TRANSFERRED_FINDING,
                         host_dd,
-                        **kwargs
+                        **kwargs,
                     )
                 )
             elif finding.risk_status == self.ON_WHITELIST:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.ON_WHITELIST, host_dd, **kwargs
+                        finding,
+                        date_fn,
+                        "engine_risk",
+                        self.ON_WHITELIST,
+                        host_dd,
+                        **kwargs,
                     )
                 )
         return exclusions
 
     def _get_findings_with_exclusions(
-        self, session_manager, service, max_retries, query_params, tool, date_fn, reason, **kwargs
+        self,
+        session_manager,
+        service,
+        max_retries,
+        query_params,
+        tool,
+        date_fn,
+        reason,
+        **kwargs,
     ):
         findings = self._get_findings(
             session_manager, service, max_retries, query_params
         )
 
         return map(
-            partial(self._create_exclusion, date_fn=date_fn, tool=tool, reason=reason, **kwargs),
+            partial(
+                self._create_exclusion,
+                date_fn=date_fn,
+                tool=tool,
+                reason=reason,
+                **kwargs,
+            ),
             findings,
         )
 
@@ -567,30 +630,60 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
     def _date_reason_based(self, finding, date_fn, reason, tool, **kwargs):
         def get_vuln_id(finding, tool):
             if tool == "engine_risk":
-                return finding.id[0]["vulnerability_id"] if finding.id else finding.vuln_id_from_tool
+                return (
+                    finding.id[0]["vulnerability_id"]
+                    if finding.id
+                    else finding.vuln_id_from_tool
+                )
             else:
-                return finding.vulnerability_ids[0]["vulnerability_id"] if finding.vulnerability_ids else finding.vuln_id_from_tool
+                return (
+                    finding.vulnerability_ids[0]["vulnerability_id"]
+                    if finding.vulnerability_ids
+                    else finding.vuln_id_from_tool
+                )
 
         def get_dates_from_whitelist(vuln_id, white_list):
-            matching_finding = next(filter(lambda x: x.unique_id_from_tool == vuln_id, white_list), None)
+            matching_finding = next(
+                filter(lambda x: x.unique_id_from_tool == vuln_id, white_list), None
+            )
             if matching_finding:
-                return date_fn(matching_finding.create_date), date_fn(matching_finding.expiration_date)
+                return date_fn(matching_finding.create_date), date_fn(
+                    matching_finding.expiration_date
+                )
             return date_fn(None), date_fn(None)
 
         reason_to_dates = {
-            self.FALSE_POSITIVE: lambda: (date_fn(finding.last_status_update), date_fn(None)),
-            self.OUT_OF_SCOPE: lambda: (date_fn(finding.last_status_update), date_fn(None)),
-            self.TRANSFERRED_FINDING: lambda: (date_fn(finding.transfer_finding.date), date_fn(finding.transfer_finding.expiration_date)),
-            self.RISK_ACCEPTED: lambda: (date_fn(finding.accepted_risks[-1]["created"]), date_fn(finding.accepted_risks[-1]["expiration_date"])),
-            self.ON_WHITELIST: lambda: get_dates_from_whitelist(get_vuln_id(finding, tool), kwargs.get("white_list", [])),
+            self.FALSE_POSITIVE: lambda: (
+                date_fn(finding.last_status_update),
+                date_fn(None),
+            ),
+            self.OUT_OF_SCOPE: lambda: (
+                date_fn(finding.last_status_update),
+                date_fn(None),
+            ),
+            self.TRANSFERRED_FINDING: lambda: (
+                date_fn(finding.transfer_finding.date),
+                date_fn(finding.transfer_finding.expiration_date),
+            ),
+            self.RISK_ACCEPTED: lambda: (
+                date_fn(finding.accepted_risks[-1]["created"]),
+                date_fn(finding.accepted_risks[-1]["expiration_date"]),
+            ),
+            self.ON_WHITELIST: lambda: get_dates_from_whitelist(
+                get_vuln_id(finding, tool), kwargs.get("white_list", [])
+            ),
         }
 
-        create_date, expired_date = reason_to_dates.get(reason, lambda: (date_fn(None), date_fn(None)))()
+        create_date, expired_date = reason_to_dates.get(
+            reason, lambda: (date_fn(None), date_fn(None))
+        )()
         return create_date, expired_date
 
     def _create_exclusion(self, finding, date_fn, tool, reason, **kwargs):
-        create_date, expired_date = self._date_reason_based(finding, date_fn, reason, tool, **kwargs)
-            
+        create_date, expired_date = self._date_reason_based(
+            finding, date_fn, reason, tool, **kwargs
+        )
+
         return Exclusions(
             id=(
                 finding.vuln_id_from_tool
@@ -608,8 +701,12 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             reason=reason,
         )
 
-    def _create_report_exclusion(self, finding, date_fn, tool, reason, host_dd, **kwargs):
-        create_date, expired_date = self._date_reason_based(finding, date_fn, reason, tool, **kwargs)
+    def _create_report_exclusion(
+        self, finding, date_fn, tool, reason, host_dd, **kwargs
+    ):
+        create_date, expired_date = self._date_reason_based(
+            finding, date_fn, reason, tool, **kwargs
+        )
 
         return Exclusions(
             id=(

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py

@@ -70,7 +70,7 @@ class CodeScan:
                             expired_date=exc.get("expired_date", ""),
                             severity=exc.get("severity", ""),
                             hu=exc.get("hu", ""),
-                            reason=exc.get("reason", "Risk acceptance"),
+                            reason=exc.get("reason", "DevSecOps policy"),
                         )
                         list_exclusions.append(exclusion)
         return list_exclusions, skip_tool

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py

@@ -14,5 +14,6 @@ class ToolGateway(metaclass=ABCMeta):
                             secret_tool,
                             secret_external_checks,
                             agent_tem_dir:str,
-                            tool) -> str:
+                            tool,
+                            folder_path) -> str:
         "run tool secret scan"

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py

@@ -54,7 +54,8 @@ class SecretScan:
                     secret_tool,
                     secret_external_checks,
                     self.devops_platform_gateway.get_variable("temp_directory"),
-                    tool)
+                    tool,
+                    dict_args["folder_path"])
             finding_list = self.tool_deserialize.get_list_vulnerability(
                 findings,
                 self.devops_platform_gateway.get_variable("os"),

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py

@@ -52,7 +52,7 @@ class SetInputCore:
                             expired_date=item.get("expired_date", ""),
                             severity=item.get("severity", ""),
                             hu=item.get("hu", ""),
-                            reason=item.get("reason", "Risk acceptance"),
+                            reason=item.get("reason", "DevSecOps policy"),
                         )
                         for item in value[tool]
                     ]

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py

@@ -92,7 +92,8 @@ class GitleaksTool(ToolGateway):
         secret_tool,  # For external checks
         secret_external_checks,  # For external checks
         agent_temp_dir,
-        tool
+        tool,
+        folder_path = None
     ):
         command = [self._COMMAND, "dir"]
         finding_path = os.path.join(agent_work_folder, "gitleaks_report.json")

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py

@@ -62,7 +62,8 @@ class TrufflehogRun(ToolGateway):
         secret_tool,
         secret_external_checks,
         agent_temp_dir,
-        tool
+        tool,
+        folder_path
     ):
         trufflehog_command = "trufflehog"
         if "Windows" in agent_os:
@@ -84,7 +85,8 @@ class TrufflehogRun(ToolGateway):
                 include_paths,
                 [repository_name] * len(include_paths),
                 [enable_custom_rules] * len(include_paths),
-                [agent_os] * len(include_paths)
+                [agent_os] * len(include_paths),
+                [folder_path] * len(include_paths)
             )
         findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder, config_tool, tool)
         return  findings, file_findings
@@ -117,10 +119,11 @@ class TrufflehogRun(ToolGateway):
         include_path,
         repository_name,
         enable_custom_rules,
-        agent_os
+        agent_os,
+        folder_path
     ):
-        command = f"{trufflehog_command} filesystem {agent_work_folder + '/' + repository_name} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
-
+        path = agent_work_folder if folder_path is not None else f"{agent_work_folder}/{repository_name}"
+        command = f"{trufflehog_command} filesystem {path} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
         if enable_custom_rules:
             command = command.replace("--no-verification --no-update --json", f"--config {agent_work_folder}//rules//trufflehog//custom-rules.yaml --no-verification --no-update --json" if "Windows" in agent_os else
                                       "/tmp/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json" if "Linux" in agent_os else

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py

@@ -36,7 +36,7 @@ class SetInputCore:
                         expired_date=item.get("expired_date", ""),
                         severity=item.get("severity", ""),
                         hu=item.get("hu", ""),
-                        reason=item.get("reason", "Risk acceptance"),
+                        reason=item.get("reason", "DevSecOps policy"),
                     )
                 )
 

{devsecops_engine_tools-1.34.1 → devsecops_engine_tools-1.35.0}/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py

@@ -25,7 +25,7 @@ class SetInputCore:
                             expired_date=item.get("expired_date", ""),
                             severity=item.get("severity", ""),
                             hu=item.get("hu", ""),
-                            reason=item.get("reason", "Risk acceptance"),
+                            reason=item.get("reason", "DevSecOps policy"),
                         )
                         for item in value[tool]
                     ]