Thanks to visit codestin.com
Credit goes to github.com

Skip to content

🎉 fix parser anchore engine to parse new report format #11552 #12020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 20, 2025
Merged

🎉 fix parser anchore engine to parse new report format #11552 #12020

merged 4 commits into from
Mar 20, 2025

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Mar 15, 2025
edited
Loading

Fixes #11552
Replacement for #11805

@github-actions github-actions bot added the docs label Mar 15, 2025
@manuel-sommer manuel-sommer marked this pull request as ready for review March 15, 2025 08:40
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request enhances Anchore Engine's vulnerability parsing capabilities by improving documentation, supporting multiple JSON formats, implementing robust error handling, and addressing potential security considerations in vulnerability detection and reporting.

Expand for full summary

  1. Summary: PR updates Anchore Engine parser documentation and implementation, adding support for multiple JSON formats and enhancing vulnerability parsing with improved error handling and metadata processing.

  2. Security Findings:

  • Potential Information Exposure: Detailed vulnerability reporting might reveal system configuration specifics
  • Input Validation Concerns: Multiple .get() method calls suggest defensive programming against incomplete input data
  • Severity Handling: Explicit severity normalization prevents potential misclassification of vulnerabilities
  • Test Data Considerations: External JSON file could potentially contain sensitive information if not sanitized
  • Potential Naming Convention Issue: Typo in test method name might indicate lack of code review rigor

View PR in the DryRun Dashboard.

@manuel-sommer manuel-sommer mentioned this pull request Mar 15, 2025
Closed
10 tasks
@manuel-sommer
Copy link
Contributor Author

ready to review @Maffooch

@manuel-sommer manuel-sommer changed the title 🎉 fix parser anchore engine new report format #11552 🎉 fix parser anchore engine to parse new report format #11552 Mar 15, 2025
@Maffooch Maffooch mentioned this pull request Mar 17, 2025
Closed
@Sopuru
Copy link
Contributor

Sopuru commented Mar 18, 2025

Nice to see this passed successfully. Great Job All!

@Sopuru Sopuru mentioned this pull request Mar 20, 2025
Merged
mtesauro
mtesauro approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 28089fc into DefectDojo:bugfix Mar 20, 2025
77 checks passed
@manuel-sommer manuel-sommer deleted the fix_anchoreengine branch March 20, 2025 22:30
iago-r pushed a commit to iago-r/django-DefectDojo that referenced this pull request Mar 27, 2025
@manuel-sommer
🎉 fix parser anchore engine to parse new report format DefectDojo#11552
0653d5d 
… (DefectDojo#12020)

* 🎉 fix parser anchore engine new report format DefectDojo#11552

* first shot

* fixes

* advance unittests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
docs parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@manuel-sommer @Sopuru @mtesauro @dogboat @hblankenship @Maffooch