devsecops-engine-tools 1.98.1__py3-none-any.whl → 1.99.0__py3-none-any.whl

devsecops_engine_tools/engine_integrations/src/applications/runner_engine_integrations.py

@@ -29,11 +29,33 @@ from devsecops_engine_tools.engine_utilities import settings
 
 logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
+def validate_integration_requirements(args):
+    integration = args.get("integration")
+    missing_args = []
+    
+    if integration == "report_sonar":
+        if not args.get("sonar_url"):
+            missing_args.append("--sonar_url")
+            
+    elif integration == "copacetic":
+        if not args.get("image"):
+            missing_args.append("--image")
+            
+        if not args.get("vulnerability_report") and not args.get("platform"):
+            missing_args.append("--vulnerability_report or --platform")
+            
+    if missing_args:
+        error_msg = f"Missing required arguments for {integration} integration: {', '.join(missing_args)}"
+        return False, error_msg
+        
+    return True, None
+
 def get_inputs_from_cli(args):
     parser = argparse.ArgumentParser()
+    # General flags
     parser.add_argument(
         "--integration",
-        choices=["report_sonar"],
+        choices=["report_sonar", "copacetic"],
         type=str,
         required=True,
         help="Name of the integration to run",
@@ -109,6 +131,35 @@ def get_inputs_from_cli(args):
         required=False,
         help="Token to access sonar server",
     )
+    # copacetic flags
+    parser.add_argument(
+        "--image",
+        required=False,
+        help="Container image to patch with Copacetic",
+    )
+    parser.add_argument(
+        "--vulnerability_report",
+        required=False,
+        help="Path to vulnerability report file for Copacetic",
+    )
+    parser.add_argument(
+        "--patch_format",
+        choices=["trivy", "grype"],
+        type=str,
+        required=False,
+        default="trivy",
+        help="Vulnerability report format for Copacetic (default: trivy)",
+    )
+    parser.add_argument(
+        "--output_image",
+        required=False,
+        help="Output tag name for patched image",
+    )
+    parser.add_argument(
+        "--platform",
+        required=False,
+        help="Target(s) platform(s) for multi-arch images when no report directory is provided",
+    )
 
     args = parser.parse_args()
     return {
@@ -124,6 +175,11 @@ def get_inputs_from_cli(args):
         "token_cmdb": args.token_cmdb,
         "token_vulnerability_management": args.token_vulnerability_management,
         "token_sonar": args.token_sonar,
+        "image": args.image,
+        "vulnerability_report": args.vulnerability_report,
+        "patch_format": args.patch_format,
+        "output_image": args.output_image,
+        "platform": args.platform
     }
 
 def runner_engine_integrations():
@@ -132,6 +188,11 @@ def runner_engine_integrations():
         if not args["remote_config_source"]: 
             args["remote_config_source"] = args["platform_devops"]
 
+        is_valid, error_message = validate_integration_requirements(args)
+        if not is_valid:
+            logger.error(f"Error: {error_message}")
+            sys.exit(1)
+
         vulnerability_management_gateway = DefectDojoPlatform()
         secrets_manager_gateway = SecretsManager()
         devops_platform_gateway = {

devsecops_engine_tools/engine_integrations/src/domain/usecases/handle_integrations.py

@@ -13,6 +13,9 @@ from devsecops_engine_tools.engine_core.src.domain.model.gateway.metrics_manager
 from devsecops_engine_tools.engine_utilities.sonarqube.src.applications.runner_report_sonar import (
     runner_report_sonar
 )
+from devsecops_engine_tools.engine_utilities.copacetic.src.applications.runner_copacetic import (
+    runner_copacetic
+)
 
 class Integrations():
     def __init__(
@@ -40,3 +43,12 @@ class Integrations():
                 metrics_manager_gateway=self.metrics_manager_gateway,
                 args=args,
             )
+        elif integration == "copacetic":
+            return runner_copacetic(
+                vulnerability_management_gateway=self.vulnerability_management_gateway,
+                secrets_manager_gateway=self.secrets_manager_gateway,
+                devops_platform_gateway=self.devops_platform_gateway,
+                remote_config_source_gateway=self.remote_config_source_gateway,
+                metrics_manager_gateway=self.metrics_manager_gateway,
+                args=args,
+            )

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py

@@ -16,7 +16,7 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
 class TrivyScan(ToolGateway):
 
-    def scan_image(self, prefix, image_name, result_file, base_image, is_compressed_file=False):
+    def scan_image(self, prefix, image_name, result_file, base_image, vuln_type, ignore_unfixed=False, is_compressed_file=False):
         command = [
             prefix,
             "--scanners",
@@ -25,7 +25,12 @@ class TrivyScan(ToolGateway):
             "json",
             "-o",
             result_file,
+            "--pkg-types",
+            vuln_type
         ]
+
+        if ignore_unfixed:
+            command.append("--ignore-unfixed")
         
         if is_compressed_file:
             command.extend(["--quiet", "image", "--input", image_name])
@@ -47,7 +52,7 @@ class TrivyScan(ToolGateway):
         except Exception as e:
             logger.error(f"Error during image scan of {image_name}: {e}")
 
-    def _generate_sbom(self, prefix, image_name, remoteconfig, is_compressed_file=False):
+    def _generate_sbom(self, prefix, image_name, remoteconfig, vuln_type, ignore_unfixed=False, is_compressed_file=False):
         result_sbom = f"{image_name.replace('/', '_')}_SBOM.json"
         command = [
             prefix,
@@ -55,8 +60,12 @@ class TrivyScan(ToolGateway):
             "--format",
             remoteconfig["TRIVY"]["SBOM_FORMAT"],
             "--output",
-            result_sbom
+            result_sbom,
+            "--pkg-types",
+            vuln_type
         ]
+        if ignore_unfixed:
+            command.append("--ignore-unfixed")
         if is_compressed_file:
             command.extend(["--quiet", "--input", image_name])
         else:
@@ -77,7 +86,10 @@ class TrivyScan(ToolGateway):
             logger.error(f"Error generating SBOM: {e}")
 
     def run_tool_container_sca(self, remoteconfig, secret_tool, token_engine_container, image_name, result_file, base_image, exclusions, generate_sbom, is_compressed_file=False):
-        trivy_version = remoteconfig["TRIVY"]["TRIVY_VERSION"]        
+        trivy_version = remoteconfig["TRIVY"]["TRIVY_VERSION"]
+        vuln_type = remoteconfig["TRIVY"].get("VULN_TYPE", "all").lower()
+        vuln_type = vuln_type if vuln_type in ["os", "library"] else "os,library"
+        ignore_unfixed = remoteconfig["TRIVY"].get("IGNORE_UNFIXED", False)      
         command_prefix = TrivyManagerScanUtils().identify_os_and_install(trivy_version)
         sbom_components = None
         
@@ -85,9 +97,9 @@ class TrivyScan(ToolGateway):
             return None
 
         image_scanned = (
-            self.scan_image(command_prefix, image_name, result_file, base_image, is_compressed_file)
+            self.scan_image(command_prefix, image_name, result_file, base_image, vuln_type, ignore_unfixed, is_compressed_file)
         )
         if generate_sbom:
-            sbom_components = self._generate_sbom(command_prefix, image_name, remoteconfig, is_compressed_file)
+            sbom_components = self._generate_sbom(command_prefix, image_name, remoteconfig, vuln_type, ignore_unfixed, is_compressed_file)
 
         return image_scanned, sbom_components

devsecops_engine_tools/engine_utilities/copacetic/src/applications/runner_copacetic.py

@@ -0,0 +1,40 @@
+from devsecops_engine_tools.engine_utilities.copacetic.src.infrastructure.driven_adapters.copacetic.copacetic_adapter import(
+    CopaceticAdapter
+)
+from devsecops_engine_tools.engine_utilities.copacetic.src.infrastructure.entry_points.entry_point_copacetic import (
+    init_copacetic
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+def runner_copacetic(
+    vulnerability_management_gateway,
+    secrets_manager_gateway,
+    devops_platform_gateway,
+    remote_config_source_gateway,
+    metrics_manager_gateway,
+    args
+):
+    try:
+        copacetic_gateway = CopaceticAdapter()
+
+        init_copacetic(
+            vulnerability_management_gateway=vulnerability_management_gateway,
+            secrets_manager_gateway=secrets_manager_gateway,
+            devops_platform_gateway=devops_platform_gateway,
+            remote_config_source_gateway=remote_config_source_gateway,
+            copacetic_gateway=copacetic_gateway,
+            metrics_manager_gateway=metrics_manager_gateway,
+            args=args,
+        )
+
+    except Exception as e:
+        logger.error("Error copacetic: {0} ".format(str(e)))
+        print(
+            devops_platform_gateway.message(
+                "error", "Error copacetic: {0} ".format(str(e))
+            )
+        )
+        print(devops_platform_gateway.result_pipeline("failed"))

devsecops_engine_tools/engine_utilities/copacetic/src/domain/usecases/copacetic.py

@@ -0,0 +1,190 @@
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_management_gateway import (
+    VulnerabilityManagementGateway
+)
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.secrets_manager_gateway import (
+    SecretsManagerGateway
+)
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway
+)
+from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+import shutil
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+class Copacetic:
+    def __init__(
+        self,
+        vulnerability_management_gateway: VulnerabilityManagementGateway,
+        secrets_manager_gateway: SecretsManagerGateway,
+        devops_platform_gateway: DevopsPlatformGateway,
+        remote_config_source_gateway: DevopsPlatformGateway,
+        copacetic_gateway,
+    ):
+        self.vulnerability_management_gateway = vulnerability_management_gateway
+        self.secrets_manager_gateway = secrets_manager_gateway
+        self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
+        self.copacetic_gateway = copacetic_gateway
+
+    def process(self, args):
+        try:
+            copacetic_config = self.remote_config_source_gateway.get_remote_config(
+                args["remote_config_repo"], "/engine_integrations/copacetic/ConfigTool.json", args["remote_config_branch"]
+            )
+
+            image = args.get("image")
+            vulnerability_report = args.get("vulnerability_report")
+            patch_format = args.get("patch_format", "trivy")
+            
+            if not image:
+                raise ValueError("Image is required for Copacetic patching")
+
+            logger.info(f"Starting Copacetic patching for image: {image}")
+
+            image_info = {}
+            if hasattr(self.copacetic_gateway, 'get_image_info'):
+                image_info = self.copacetic_gateway.get_image_info(image)
+                if not image_info.get("exists", False):
+                    logger.info(f"Image {image} may not exist locally. Copacetic will attempt to pull it.")
+
+            patch_result = self.copacetic_gateway.patch_image(
+                image=image,
+                vulnerability_report=vulnerability_report,
+                output_image=args.get("output_image"),
+                patch_format=patch_format,
+                config=copacetic_config,
+                work_folder=self.devops_platform_gateway.get_variable("path_directory"),
+                platform=args.get("platform")
+            )
+
+            if patch_result["success"]:
+                logger.info("Copacetic patching completed successfully")
+
+                if image_info.get("exists", False):
+                    patch_result["original_image_info"] = {
+                        "architecture": image_info.get("architecture"),
+                        "os": image_info.get("os"),
+                        "size": image_info.get("size"),
+                        "layers": image_info.get("layers")
+                    }
+
+                self._print_results_table(patch_result)
+            else:
+                detailed_error = f"Copacetic patching failed for {image}: {patch_result.get('error', 'Unknown error')}"
+                if patch_result.get("copa_error"):
+                    detailed_error += f"\nCopa stderr: {patch_result['copa_error']}"
+                
+                print(
+                    self.devops_platform_gateway.message("error", detailed_error)
+                )
+
+            return InputCore(
+                totalized_exclusions=[],
+                threshold_defined=None,
+                path_file_results=patch_result.get("output_file", ""),
+                custom_message_break_build=f"Copacetic patching completed for {image}",
+                scope_pipeline="",
+                scope_service="",
+                stage_pipeline=self.devops_platform_gateway.get_variable("stage")
+            )
+
+        except Exception as e:
+            logger.error(f"Error in Copacetic process: {str(e)}")
+            print(
+                self.devops_platform_gateway.message(
+                    "error",
+                    f"Error in Copacetic process: {str(e)}"
+                )
+            )
+
+    def _print_results_table(self, summary):
+        try:
+            terminal_width = min(shutil.get_terminal_size().columns, 100)
+        except:
+            terminal_width = 100
+        
+        logger.info(f"\n{'='*terminal_width}")
+        title = " COPACETIC PATCHING RESULTS "
+        padding = (terminal_width - len(title)) // 2
+        logger.info(f"{' '*padding}{title}{' '*padding}")
+        logger.info(f"{'='*terminal_width}")
+        
+        logger.info("\n IMAGE INFORMATION:")
+        logger.info(f"   Original Image: {summary['original_image']}")
+        logger.info(f"   Patched Image:  {summary['patched_image']}")
+
+        logger.info("\n PATCHING STATISTICS:")
+        vuln_count = summary.get('vulnerabilities_patched', 0)
+        pkg_count = summary.get('packages_updated', 0)
+        vex_generated = summary.get('vex_file_generated', False)
+        
+        logger.info(f"   Vulnerabilities Patched: {vuln_count}")
+        logger.info(f"   Packages Updated:        {pkg_count}")
+        logger.info(f"   VEX Report Generated:    {'Yes' if vex_generated else 'No'}")
+        
+        if not vex_generated:
+            logger.info("   Note: VEX report not generated (no vulnerability report provided)")
+
+        platforms = summary.get('platforms_processed', [])
+        if platforms:
+            logger.info(f"   Platforms Processed:     {', '.join(platforms)}")
+        
+        if summary.get('original_image_info'):
+            info = summary['original_image_info']
+            logger.info("\n  IMAGE DETAILS:")
+            logger.info(f"   Architecture: {info.get('architecture', 'N/A')}")
+            logger.info(f"   OS:           {info.get('os', 'N/A')}")
+            logger.info(f"   Size:         {info.get('size', 'N/A')}")
+            logger.info(f"   Layers:       {info.get('layers', 'N/A')}")
+
+        patch_details = summary.get('patch_details', [])
+        if patch_details:
+            logger.info("\n PATCH DETAILS:")
+
+            for i, detail in enumerate(patch_details, 1):
+                if isinstance(detail, dict):
+                    cve = detail.get('vulnerability', detail.get('id', f'PATCH-{i}'))
+                    logger.info(f"   {cve}")
+
+                    packages = detail.get('packages', [])
+                    if not packages:
+                        single_package = detail.get('package', detail.get('component'))
+                        if single_package:
+                            packages = [single_package]
+
+                    for pkg in packages:
+                        if isinstance(pkg, dict):
+                            pkg_name = pkg.get('name', pkg.get('package', 'Unknown'))
+                            version = pkg.get('version', pkg.get('fixed_version', ''))
+                            if version:
+                                logger.info(f"       {pkg_name} (v{version})")
+                            else:
+                                logger.info(f"       {pkg_name}")
+                        else:
+                            logger.info(f"       {pkg}")
+
+                    if not packages:
+                        logger.info("       No package information available")
+
+                else:
+                    logger.info(f"   {detail}")
+
+                if i < len(patch_details):
+                    logger.info("")
+
+        logger.info("\n SUMMARY:")
+        vex_generated = summary.get('vex_file_generated', False)
+        
+        if vuln_count > 0:
+            logger.info(f"   Status: SUCCESS - {vuln_count} vulnerabilities were patched")
+        elif vex_generated:
+            logger.info("   Status: COMPLETED - No vulnerabilities found to patch")
+        else:
+            logger.info("   Status: COMPLETED - Image patched successfully without vulnerability report")
+            logger.info("           Use --vulnerability_report to generate detailed VEX output")
+        
+        logger.info(f"{'='*terminal_width}\n")

devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/driven_adapters/copacetic/copacetic_adapter.py

@@ -0,0 +1,309 @@
+import subprocess
+import os
+import json
+import platform
+import requests
+import tarfile
+import tempfile
+import docker
+from typing import Dict, Optional
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+class CopaceticAdapter:
+    def __init__(self, config: Optional[Dict] = None):
+        self.config = config or {}
+
+    def install_tool(self, version, path="."):
+        try:
+            installed = subprocess.run(
+                ["which", "copa"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+            if installed.returncode == 0:
+                return
+        except FileNotFoundError:
+            pass
+
+        try:
+            os_platform = platform.system()
+            architecture = platform.machine()
+
+            if os_platform == "Linux":
+                if architecture == "aarch64" or architecture == "arm64":
+                    arch = "arm64"
+                else:
+                    arch = "amd64"
+                curr_os = "linux"
+            elif os_platform == "Darwin":
+                if architecture == "aarch64" or architecture == "arm64":
+                    arch = "arm64"
+                else:
+                    arch = "amd64"
+                curr_os = "darwin"
+            else:
+                raise OSError(f"Copa installation is not supported on {os_platform}")
+
+            url = f"https://github.com/project-copacetic/copacetic/releases/download/v{version}/copa_{version}_{curr_os}_{arch}.tar.gz"
+
+            response = requests.get(url, allow_redirects=True)
+            response.raise_for_status()
+
+            with tempfile.NamedTemporaryFile(delete=False, suffix='.tar.gz') as temp_file:
+                temp_file.write(response.content)
+                temp_path = temp_file.name
+            
+            with tarfile.open(temp_path, 'r:gz') as tar:
+                copa_member = None
+                for member in tar.getmembers():
+                    if member.name.endswith('copa') and member.isfile():
+                        copa_member = member
+                        break
+                
+                if copa_member:
+                    tar.extract(copa_member, path=path)
+                    extracted_path = os.path.join(path, copa_member.name)
+                    if os.path.exists(extracted_path):
+                        os.chmod(extracted_path, 0o755)
+
+            os.unlink(temp_path)
+            return extracted_path
+            
+        except requests.RequestException as error:
+            logger.error(f"Error downloading Copa for {os_platform}: {error}")
+        except tarfile.TarError as error:
+            logger.error(f"Error extracting Copa archive: {error}")
+        except Exception as error:
+            logger.error(f"Error during Copa installation on {os_platform}: {error}")
+
+    def patch_image(
+        self,
+        image: str,
+        vulnerability_report: str,
+        output_image: Optional[str] = None,
+        patch_format: str = "trivy",
+        config: Optional[Dict] = None,
+        work_folder: str = ".",
+        platform: str = ""
+    ):
+        try:
+            config = config or {}
+            buildkit_config = config.get("BUILDKIT_CONFIG", {})
+            prefix = self.install_tool(config.get("VERSION"), path=work_folder)
+            output_file = f"{image.replace('/', '_')}-patch-vex.json"
+
+            copa_cmd = [
+                prefix,
+                "patch",
+                "--image",
+                image,
+                "--scanner",
+                patch_format,
+                "--format",
+                "openvex",
+                "--output",
+                output_file
+            ]
+
+            if vulnerability_report:
+                copa_cmd.extend(["--report", vulnerability_report])
+            
+            buildkit_addr = buildkit_config.get("DEFAULT_ADDR")
+            if buildkit_addr:
+                copa_cmd.extend(["--addr", buildkit_addr])
+
+            progress_mode = buildkit_config.get("PROGRESS", "auto")
+            if progress_mode not in ["auto", "plain", "tty", "quiet", "rawjson"]:
+                raise ValueError(f"Invalid progress mode: {progress_mode}")
+            else:
+                copa_cmd.extend(["--progress", progress_mode])
+            
+            if output_image:
+                copa_cmd.extend(["--tag", output_image])
+            else:
+                tag_suffix = config.get("DEFAULT_OUTPUT_SUFFIX", "-patched")
+                if tag_suffix.startswith("-"):
+                    tag_suffix = tag_suffix[1:]
+                copa_cmd.extend(["--tag-suffix", tag_suffix])
+            
+            if platform:
+                copa_cmd.extend(["--platform", platform])
+            elif not vulnerability_report:
+                raise ValueError(
+                    "If a vulnerability report is not provided, the platforms to be patched must be provided."
+                )
+
+            timeout_duration = config.get("TIMEOUT", 5)
+            copa_cmd.extend(["--timeout", f"{timeout_duration}m"])
+            
+            if buildkit_config.get("IGNORE_ERRORS", False):
+                copa_cmd.append("--ignore-errors")
+            
+            result = subprocess.run(
+                copa_cmd,
+                capture_output=True,
+                text=True
+            )
+            
+            if result.returncode == 0:                
+                if os.path.exists(output_file):
+                    subprocess.run(["chmod", "644", f"./{output_file}"])
+                    patch_details = self._parse_copa_output(output_file)
+                else:
+                    if not vulnerability_report:
+                        logger.info("Note: VEX report file not generated (no vulnerability report provided)")
+                        logger.info("Image patching completed successfully without VEX output")
+                    patch_details = {
+                        "vulnerabilities_patched": 0,
+                        "details": [],
+                        "packages_updated": [],
+                        "platforms_processed": []
+                    }
+
+                if output_image:
+                    patched_image = output_image
+                else:
+                    tag_suffix = config.get("DEFAULT_OUTPUT_SUFFIX", "-patched")
+                    if ":" in image:
+                        base_image, tag = image.rsplit(":", 1)
+                        patched_image = f"{base_image}:{tag}{tag_suffix}"
+                    else:
+                        patched_image = f"{image}{tag_suffix}"
+                
+                return {
+                    "success": True,
+                    "original_image": image,
+                    "patched_image": patched_image,
+                    "platforms_processed": patch_details.get("platforms_processed", []),
+                    "vulnerabilities_patched": patch_details.get("vulnerabilities_patched", 0),
+                    "packages_updated": len(patch_details.get("packages_updated", [])),
+                    "patch_details": patch_details.get("details", []),
+                    "copa_output": result.stdout,
+                    "vex_file_generated": os.path.exists(output_file)
+                }
+            else:
+                error_msg = f"Copa command failed with return code {result.returncode}. Error: {result.stderr}"
+                logger.error(error_msg)
+                return {
+                    "success": False,
+                    "error": error_msg,
+                    "copa_output": result.stdout,
+                    "copa_error": result.stderr
+                }
+                
+        except subprocess.TimeoutExpired:
+            error_msg = f"Copa command timed out after {timeout_duration} minutes"
+            logger.error(error_msg)
+            return {
+                "success": False,
+                "error": error_msg
+            }
+        except Exception as e:
+            error_msg = f"Unexpected error during Copa execution: {str(e)}"
+            logger.error(error_msg)
+            return {
+                "success": False,
+                "error": error_msg
+            }
+        
+    def get_image_info(self, image: str) -> Dict:
+        try:
+            client = docker.from_env()
+            image_data = client.api.inspect_image(image)
+            rootfs = image_data.get("RootFS", {})
+            
+            return {
+                "exists": True,
+                "architecture": image_data.get("Architecture"),
+                "os": image_data.get("Os"),
+                "size": image_data.get("Size"),
+                "layers": len(rootfs.get("Layers", []))
+            }
+            
+        except Exception as e:
+            logger.error(f"Unexpected error while getting image info for '{image}': {str(e)}")
+            return {"exists": False, "error": str(e)}
+        
+    def _parse_copa_output(self, output_path: str) -> Dict:
+        try:
+            if not os.path.exists(output_path):
+                logger.info(f"VEX output file not found at {output_path}")
+                return {
+                    "vulnerabilities_patched": 0,
+                    "details": [],
+                    "packages_updated": [],
+                    "platforms_processed": []
+                }
+
+            details = {
+                "vulnerabilities_patched": 0,
+                "details": [],
+                "packages_updated": set(),
+                "platforms_processed": set()
+            }
+
+            with open(output_path, "r", encoding="utf-8") as f:
+                data = json.load(f)
+
+            arch_str = "?arch="
+            for stmt in data.get("statements", []):
+                vuln_id = stmt.get("vulnerability", {}).get("@id")
+                status = stmt.get("status")
+                products = stmt.get("products", [])
+                packages = []
+
+                if status == "fixed":
+                    details["vulnerabilities_patched"] += 1
+
+                    for product in products:
+                        for sub in product.get("subcomponents", []):
+                            pkg_id = sub.get("@id", "")
+                            packages.append(pkg_id.split(arch_str)[0])
+                            details["packages_updated"].add(pkg_id)
+
+                            if arch_str in pkg_id:
+                                arch = pkg_id.split(arch_str)[-1]
+                                details["platforms_processed"].add(arch)
+
+                    details["details"].append({
+                        "vulnerability": vuln_id,
+                        "status": status,
+                        "products": [p.get("@id") for p in products],
+                        "packages": packages
+                    })
+
+            details["packages_updated"] = list(details["packages_updated"])
+            details["platforms_processed"] = list(details["platforms_processed"])
+
+            return details
+            
+        except FileNotFoundError:
+            logger.error(f"VEX output file not found: {output_path}")
+            return {
+                "vulnerabilities_patched": 0,
+                "details": [],
+                "packages_updated": [],
+                "platforms_processed": []
+            }
+        except json.JSONDecodeError as e:
+            logger.error(f"Error parsing VEX JSON file: {e}")
+            return {
+                "vulnerabilities_patched": 0,
+                "details": [],
+                "packages_updated": [],
+                "platforms_processed": []
+            }
+        except Exception as e:
+            logger.error(f"Error processing VEX output file {output_path}: {e}")
+            return {
+                "vulnerabilities_patched": 0,
+                "details": [],
+                "packages_updated": [],
+                "platforms_processed": []
+            }
+
+

devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/entry_points/entry_point_copacetic.py

@@ -0,0 +1,78 @@
+from devsecops_engine_tools.engine_utilities.copacetic.src.domain.usecases.copacetic import (
+    Copacetic,
+)
+from devsecops_engine_tools.engine_core.src.domain.usecases.metrics_manager import (
+    MetricsManager,
+)
+import re
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+def init_copacetic(
+    vulnerability_management_gateway,
+    secrets_manager_gateway,
+    devops_platform_gateway,
+    remote_config_source_gateway,
+    copacetic_gateway,
+    metrics_manager_gateway,
+    args,
+):
+    config_tool = remote_config_source_gateway.get_remote_config(
+        args["remote_config_repo"], "/engine_core/ConfigTool.json", args["remote_config_branch"]
+    )
+    copacetic_config_tool = remote_config_source_gateway.get_remote_config(
+        args["remote_config_repo"], "/engine_integrations/copacetic/ConfigTool.json", args["remote_config_branch"]
+    )
+    excluded_pipelines = remote_config_source_gateway.get_remote_config(
+        args["remote_config_repo"], "/engine_integrations/copacetic/Exclusions.json", args["remote_config_branch"]
+    )
+
+    pipeline_name = devops_platform_gateway.get_variable("pipeline_name")
+    branch = devops_platform_gateway.get_variable("branch_tag")
+
+    is_valid_pipeline = pipeline_name not in excluded_pipelines and not any(
+        [
+            re.match(
+                pattern,
+                pipeline_name,
+                re.IGNORECASE
+            ) for pattern in
+            [copacetic_config_tool["IGNORE_SEARCH_PATTERN"]] +
+            list(excluded_pipelines.get("BY_PATTERN_SEARCH", {}).keys())
+        ]
+    )
+    
+    is_valid_branch = any(
+        target_branch in str(branch).split("/")
+        for target_branch in copacetic_config_tool["TARGET_BRANCHES"]
+    )
+
+    is_enabled = config_tool["COPACETIC"]["ENABLED"]
+
+    if is_enabled and is_valid_pipeline and is_valid_branch:
+        input_core = Copacetic(
+            vulnerability_management_gateway,
+            secrets_manager_gateway,
+            devops_platform_gateway,
+            remote_config_source_gateway,
+            copacetic_gateway,
+        ).process(args)
+
+        if args["send_metrics"] == "true":
+            MetricsManager(devops_platform_gateway, metrics_manager_gateway).process(
+                config_tool, input_core, {"module": "copacetic"}, ""
+            )
+    else:
+        if not is_enabled:
+            message = "DevSecOps Engine Tool - {0} in maintenance...".format(
+                "copacetic"
+            )
+        else:
+            message = "Tool skipped by DevSecOps policy"
+
+        print(
+            devops_platform_gateway.message("warning", message),
+        )

devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py

@@ -21,7 +21,7 @@ class TrivyDeserializator(DeseralizatorGateway):
         with open(image_scanned, "rb") as file:
             image_object = file.read()
             json_data = json.loads(image_object)
-            vulnerabilities_data = json_data["Results"][0].get("Vulnerabilities", [])
+            vulnerabilities_data = json_data.get("Results", [{}])[0].get("Vulnerabilities", [])
             vulnerabilities = [
                 Finding(
                     id=vul.get("VulnerabilityID", ""),

devsecops_engine_tools/engine_utilities/utils/logger_info.py

@@ -67,7 +67,7 @@ class MyLogger(metaclass=SingletonType):
         if kwargs["debug"]:
             self._logger.setLevel(logging.DEBUG)
         else:
-            self._logger.setLevel(logging.WARNING)
+            self._logger.setLevel(logging.INFO)
 
         if kwargs["log_file"]:
             now = datetime.datetime.now()

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.98.1'
+version = '1.99.0'

{devsecops_engine_tools-1.98.1.dist-info → devsecops_engine_tools-1.99.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.98.1
+Version: 1.99.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.98.1.dist-info → devsecops_engine_tools-1.99.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=6XKqPw1Qns-9p7bTYKE6ONuM5GPexM87frVDf4c1dB8,19
+devsecops_engine_tools/version.py,sha256=tMBfSsuNeyHzopCeNYga0hWZERf7c6oXvdOVAvTzRVE,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -94,10 +94,10 @@ devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py,sh
 devsecops_engine_tools/engine_integrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_integrations/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_integrations/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_integrations/src/applications/runner_engine_integrations.py,sha256=oynNsETemfPXG7bKTaQnH161-OkVySt_6brB2Oqh8m8,5594
+devsecops_engine_tools/engine_integrations/src/applications/runner_engine_integrations.py,sha256=EhOmi4L6X6oNlQtko860MG7eEweWyoV2aOLVMgbJGvY,7588
 devsecops_engine_tools/engine_integrations/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_integrations/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_integrations/src/domain/usecases/handle_integrations.py,sha256=lPGwUNN9Oth3uQp-akNSUkJWnkP_o03lvkv4MnCsnO8,1935
+devsecops_engine_tools/engine_integrations/src/domain/usecases/handle_integrations.py,sha256=SW-PF6u5r4Ffd5tjBt3qT9u5-lc-JfMpnyqyZGcWu30,2553
 devsecops_engine_tools/engine_integrations/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_integrations/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_integrations/src/infrastructure/entry_points/entry_point_integrations.py,sha256=RV2oynZVww4q9KeH8ISCpVTT7ZwbNy6F99MwIGk_B5A,1194
@@ -226,7 +226,7 @@ devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_ada
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=Un0YmZeGh3LpOHiq6872lphD15cf02R9hwBUiHVuhCM,7848
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=FXb0jUReJVUdZq_H_Zz-gCueMmWf0AwMiwJB-Ceqv2A,2695
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py,sha256=WiVqnlLHRt5Ab5xIxdLCQRfas_HW8-j4tDkZKo_GdPM,3241
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py,sha256=Pg0Q0CKEQ-mE8u47H7ts1q3l0JOmTSeU9SBqr9_5U-Y,3839
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py,sha256=MCBVnUxfjnax2stjn9ByM0Hy9LQ9vAMK9GZkOk3ex9M,3077
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -268,6 +268,19 @@ devsecops_engine_tools/engine_utilities/azuredevops/infrastructure/azure_devops_
 devsecops_engine_tools/engine_utilities/azuredevops/models/AzureMessageLoggingPipeline.py,sha256=pCwlPDDl-hgvZ9gvceuC8GsKbsMhRm3ykhFFVByVqcI,664
 devsecops_engine_tools/engine_utilities/azuredevops/models/AzurePredefinedVariables.py,sha256=z9AGtc64o-BNTngiowRJFBlXmo_JmWqenL8YxdLs0aE,2561
 devsecops_engine_tools/engine_utilities/azuredevops/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/applications/runner_copacetic.py,sha256=T4S3LMrVqA4RhpNaFezyILMLFkfNqFVm2Lz9h2o7IvQ,1488
+devsecops_engine_tools/engine_utilities/copacetic/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/domain/usecases/copacetic.py,sha256=IH9wRBLhmtjM5Cf_arRB_a3woTClDSNatI7FAsZOG6k,8381
+devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/driven_adapters/copacetic/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/driven_adapters/copacetic/copacetic_adapter.py,sha256=Uc4zKMyMVnEGsQD5rMvPY1DzAtdmHNx_6b-4E7QDgWM,11957
+devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_utilities/copacetic/src/infrastructure/entry_points/entry_point_copacetic.py,sha256=3FU0rsOaGJq_T8Vlo-hZNk1P37xeoG4T3OFeIgiLKKs,2782
 devsecops_engine_tools/engine_utilities/defect_dojo/__init__.py,sha256=P-HiaN1sgDUekalZPCzSTF-zuqyXpNG2uVEsMDaC0ro,462
 devsecops_engine_tools/engine_utilities/defect_dojo/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/defect_dojo/applications/component.py,sha256=Y6vA1nRfMCoqJEceRBDQ_QLpIKASqB-t8V1yqao-eUQ,1175
@@ -356,19 +369,19 @@ devsecops_engine_tools/engine_utilities/ssh/managment_private_key.py,sha256=Vvrr
 devsecops_engine_tools/engine_utilities/trivy_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py,sha256=a9FM3n_oE9A_6PS6EU6dttBdKQDmoSMDAv3mcpxEpoE,5311
+devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py,sha256=7jiZ3FRKEnWw542ei6g4ZnGkpX8RInWND_dGwJVgbrs,5321
 devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_manager_scan_utils.py,sha256=9bUT0V-EFhdik8aNuGTI2i4OnT1YvFT7s7xu5M5sejM,2888
 devsecops_engine_tools/engine_utilities/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/utils/api_error.py,sha256=yRbad5gNUHh5nALBKkRDi-d98JPmqAhw-QJEGW4psrw,528
 devsecops_engine_tools/engine_utilities/utils/dataclass_classmethod.py,sha256=S-w6pybVKlyVBhV3HE3IGDvO4ByXxiVePP1JaMnISgM,4302
 devsecops_engine_tools/engine_utilities/utils/datetime_parsing.py,sha256=2891pkh01dfW8E5CW2eTpsUF1t6k0rgbQf8BgkdrSEk,224
-devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9MkufkBR6JVZWFum6-nrUYUKj6gfq-eFWgg,3575
+devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=rxNjzT0o64qfnmI5XyFXZRTz9C021o2QZim8nDQ1aKw,3572
 devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.98.1.dist-info/METADATA,sha256=_l-rVJll6Vp4oEAF8_OQVtknfNlMJJnXGqp9lirrPXA,3200
-devsecops_engine_tools-1.98.1.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
-devsecops_engine_tools-1.98.1.dist-info/entry_points.txt,sha256=OWAww5aBsGeMv0kWhSgVNB0ySKKpYuJd4dly0ikFPkc,283
-devsecops_engine_tools-1.98.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.98.1.dist-info/RECORD,,
+devsecops_engine_tools-1.99.0.dist-info/METADATA,sha256=6_wQl9HE6GvHfuDEOSJNGy_B1n89UBF-uVIdc0F7E74,3200
+devsecops_engine_tools-1.99.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
+devsecops_engine_tools-1.99.0.dist-info/entry_points.txt,sha256=OWAww5aBsGeMv0kWhSgVNB0ySKKpYuJd4dly0ikFPkc,283
+devsecops_engine_tools-1.99.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.99.0.dist-info/RECORD,,