PyPI - devsecops-engine-tools - Versions diffs - 1.43.0__py3-none-any.whl → 1.44.0__py3-none-any.whl - Mend

devsecops-engine-tools 1.43.0py3-none-any.whl → 1.44.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (9) hide show

devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py CHANGED Viewed

@@ -13,6 +13,8 @@ from devsecops_engine_tools.engine_core.src.domain.model.exclusions import (
 from collections import Counter
 import copy
+import sympy as sp
+import math
 class BreakBuild:
@@ -53,7 +55,7 @@ class BreakBuild:
     def process(self):
         new_report_list, applied_exclusions = self._apply_exclusions(self.report_list)
-        self._tag_blacklist_control(new_report_list)
+        self._blacklist_control(new_report_list)
         self._remediation_rate_control(self.all_report, new_report_list)
         self._risk_score_control(new_report_list)
         all_exclusions = list(self.vm_exclusions) + list(applied_exclusions)
@@ -121,17 +123,45 @@ class BreakBuild:
     def _remediation_rate_control(
         self, all_report: "list[Report]", new_report_list: "list[Report]"
     ):
-        mitigated = sum(1 for report in all_report if report.mitigated)
-        white_list = sum(
+        sp.init_printing(use_unicode=True)
+        (
+            remediation_rate_name,
+            mitigated_name,
+            all_findings_name,
+            new_industry_vulnerabilities,
+            white_list_name,
+            base_image_name,
+        ) = sp.symbols(
+            "RemediationRate Mitigated AllFindings NewIndustryVulnerabilities WhiteList BaseImage"
+        )
+        formula = sp.Eq(
+            remediation_rate_name,
+            100
+            * (mitigated_name / (all_findings_name - new_industry_vulnerabilities - white_list_name - base_image_name)),
+        )
+        print("\n")
+        sp.pretty_print(formula)
+        print("\n")
+        mitigated_count = sum(1 for report in all_report if report.mitigated)
+        white_list_count = sum(
+            1
+            for report in all_report
+            if "On Whitelist" in report.risk_status and not report.mitigated
+        )
+        base_image_count = sum(
             1
             for report in all_report
-            if "white_list" in report.tags and not report.mitigated
+            if "Image Base" in report.vul_description
+            and "On Whitelist" not in report.risk_status
+            and not report.mitigated
         )
-        total = len(all_report) - self.policy_excluded - white_list
+        all_findings_count = len(all_report)
         print(
-            f"Mitigated count: {mitigated}   Total count: {len(all_report)}   Policy excluded: {self.policy_excluded + white_list}"
+            f"Mitigated: {mitigated_count}   AllFindings: {all_findings_count}   BaseImage: {base_image_count}   NewIndustryVulnerabilities: {self.policy_excluded}   WhiteList: {white_list_count}\n\n"
         )
-        remediation_rate_value = self._get_percentage(mitigated / total)
+        total = all_findings_count - self.policy_excluded - white_list_count - base_image_count
+        remediation_rate_value = self._get_percentage(mitigated_count / total)
         risk_threshold = self._get_remediation_rate_threshold(total)
         self.remediation_rate = remediation_rate_value
@@ -152,10 +182,11 @@ class BreakBuild:
             )
             self.warning_build = True
         else:
+            missing_findings = math.ceil((risk_threshold / 100 * total) - mitigated_count)
             print(
                 self.devops_platform_gateway.message(
                     "error",
-                    f"Remediation rate {remediation_rate_value}% is less than {risk_threshold}%",
+                    f"Remediation rate {remediation_rate_value}% is less than {risk_threshold}%. Minimum findings to mitigate: {missing_findings}.",
                 )
             )
             self.break_build = True
@@ -230,7 +261,7 @@ class BreakBuild:
         return filtered_reports, applied_exclusions
-    def _tag_blacklist_control(self, report_list: "list[Report]"):
+    def _blacklist_control(self, report_list: "list[Report]"):
         remote_config = self.remote_config
         if report_list:
             tag_blacklist = set(remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"].keys())
@@ -271,13 +302,26 @@ class BreakBuild:
             if filtered_reports_above_threshold:
                 self.break_build = True
-                self.blacklisted = len(filtered_reports_above_threshold)
+                self.blacklisted += len(filtered_reports_above_threshold)
                 self.report_breaker.extend(
                     copy.deepcopy(
                         [report for report, _ in filtered_reports_above_threshold]
                     )
                 )
+            for report in report_list:
+                if "On Blacklist" in report.risk_status:
+                    self.break_build = True
+                    report.reason = "Blacklisted"
+                    self.blacklisted += 1
+                    self.report_breaker.append(copy.deepcopy(report))
+                    print(
+                        self.devops_platform_gateway.message(
+                            "error",
+                            f"Report {report.vm_id} is blacklisted.",
+                        )
+                    )
     def _risk_score_control(self, report_list: "list[Report]"):
         remote_config = self.remote_config
         risk_score_threshold = self.threshold["RISK_SCORE"]

devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py CHANGED Viewed

@@ -101,4 +101,7 @@ class GetExclusions:
                     ).strftime("%d%m%Y")
                     exclusion_data["reason"] = "New vulnerability in the industry"
                     exclusions.append(Exclusions(**exclusion_data))
+                    finding.vul_description = finding.vul_description.replace(
+                        "Image Base", ""
+                    )
         return exclusions, len(exclusions)

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py CHANGED Viewed

@@ -34,14 +34,21 @@ class DockerImages(ImagesGateway):
             )
     def get_base_image(self, matching_image):
-        image_details = self.get_image_details(matching_image.id)
-        if not image_details:
-            return None
+        try:
+            image_details = self.get_image_details(matching_image.id)
+            if not image_details:
+                return None
-        labels = image_details.get("Config", {}).get("Labels", {})
-        return self.extract_base_image_from_labels(labels, matching_image)
+            labels = image_details.get("Config", {}).get("Labels", {})
+            return self.extract_base_image_from_labels(labels, matching_image)
+        except Exception as e:
+            logger.warning(f"Error obtaining base image: {e}")
+            return None
     def validate_base_image_date(self, matching_image, referenced_date):
+        if matching_image is None or matching_image.id is None:
+            logger.error("Error: matching_image ID is None")
+            return False
         image_details = self.get_image_details(matching_image.id)
         if not image_details:
             return False

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.43.0'
1	+ version = '1.44.0'

{devsecops_engine_tools-1.43.0.dist-info → devsecops_engine_tools-1.44.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.43.0
+Version: 1.44.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -31,6 +31,7 @@ Requires-Dist: packageurl-python==0.15.6
 Requires-Dist: ruamel.yaml==0.18.6
 Requires-Dist: Authlib==1.3.2
 Requires-Dist: PyJWT==2.9.0
+Requires-Dist: sympy==1.13.3
 # DevSecOps Engine Tools

{devsecops_engine_tools-1.43.0.dist-info → devsecops_engine_tools-1.44.0.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=rgVE2760niT3XN1VMw-ZEBrUP7L5heut-fiAjEx9JwA,19
+devsecops_engine_tools/version.py,sha256=wS3RHs8gSUSbjEyCqrz_WglPyvNGJoNxlUU3ajViqAA,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -101,9 +101,9 @@ devsecops_engine_tools/engine_risk/src/domain/model/gateways/__init__.py,sha256=
 devsecops_engine_tools/engine_risk/src/domain/model/gateways/add_epss_gateway.py,sha256=cTm4QSxiaUt7ETCdXWZxKEus8pmEDA3e9k5b39SLDDE,178
 devsecops_engine_tools/engine_risk/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-q7hJfJscvrbMDcy7tONqxdxl-CSl_TWTRUGKA,402
-devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=k24X9gipSiFQNp4V8guW4hCWUtCzxyKq-eo2FwGW2b8,13216
+devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=iSZOvwfyJgjIkOmDMa_kBWMxLbnXkgdlfogM4mtftVM,15000
 devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py,sha256=VYdmcbAuNNvdHCegRfvza7YJ8FHbFNyDosrKJrMW93I,765
-devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=O6LoALXzQq0kB4TUuDdF1g5JUO0vtCeXF8txEkHYb6I,3850
+devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=1UNNq_Yhg3R78jLRSKcMNQYe8T8gl1C31C0ttBF0OAk,3992
 devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=R53fnuIQYfr7YbpMz1BGPJ1d5z9jY_Hnm7EmPt99wlE,3608
 devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -207,7 +207,7 @@ devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=_p-JPfVBrDJBkAxWZHySLc54sMIEe9v1Ut77uTrqlOo,4316
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=BjM10dlf27HWp4cI7xrhI7_50uBUsKx-XlUsaBWhXXQ,4617
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=tf33YFYB47th4Zu0WtWpsrAm5I6_xCON4yOwFacTQLA,6758
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=oK0NKuPODm38qDgQjf6w40lfNG6NFJS43p5k44wDoMA,2562
@@ -347,8 +347,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=XFap4yOK7ItLWsqbwDhvLd7NpDhs7i-UGJAMD6jjd7w,6687
-devsecops_engine_tools-1.43.0.dist-info/METADATA,sha256=MlWUkXgNemUz4PZ-NRmIWTGmsuWeWYzJj0q5TNOw6XI,11750
-devsecops_engine_tools-1.43.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.43.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.43.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.43.0.dist-info/RECORD,,
+devsecops_engine_tools-1.44.0.dist-info/METADATA,sha256=Zp1Pg2NcHomo3IzO2kFaC3pD3xXUMN2j8fU5knU7qKA,11779
+devsecops_engine_tools-1.44.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.44.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.44.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.44.0.dist-info/RECORD,,

{devsecops_engine_tools-1.43.0.dist-info → devsecops_engine_tools-1.44.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.43.0.dist-info → devsecops_engine_tools-1.44.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.43.0.dist-info → devsecops_engine_tools-1.44.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.43.0__py3-none-any.whl → 1.44.0__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.43.0py3-none-any.whl → 1.44.0py3-none-any.whl