From 713edf3a206bd35d77b0de42caafdaacc917e9e0 Mon Sep 17 00:00:00 2001 From: Admon Sasson Date: Wed, 12 May 2021 16:05:40 +0300 Subject: [PATCH] feat: show only unique vulnerabilities in sarif format Today in sarif output we have a result item per each "vulnerable path" This will reduce the number of items to be the number of vulnerabilities --- .../commands/test/open-source-sarif-output.ts | 38 ++++++++++--------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/src/cli/commands/test/open-source-sarif-output.ts b/src/cli/commands/test/open-source-sarif-output.ts index 34fc92e0c0..be0d920abe 100644 --- a/src/cli/commands/test/open-source-sarif-output.ts +++ b/src/cli/commands/test/open-source-sarif-output.ts @@ -94,25 +94,29 @@ ${vuln.description}`.replace(/##\s/g, '# '), } export function getResults(testResult): sarif.Result[] { - return testResult.vulnerabilities.map((vuln) => ({ - ruleId: vuln.id, - level: getLevel(vuln), - message: { - text: `This file introduces a vulnerable ${vuln.packageName} package with a ${vuln.severity} severity vulnerability.`, - }, - locations: [ - { - physicalLocation: { - artifactLocation: { - uri: testResult.displayTargetFile, - }, - region: { - startLine: vuln.lineNumber || 1, + const groupedVulnerabilities = groupBy(testResult.vulnerabilities, 'id'); + return map( + groupedVulnerabilities, + ([vuln]): sarif.Result => ({ + ruleId: vuln.id, + level: getLevel(vuln), + message: { + text: `This file introduces a vulnerable ${vuln.packageName} package with a ${vuln.severity} severity vulnerability.`, + }, + locations: [ + { + physicalLocation: { + artifactLocation: { + uri: testResult.displayTargetFile, + }, + region: { + startLine: vuln.lineNumber || 1, + }, }, }, - }, - ], - })); + ], + }), + ); } export function getLevel(vuln: AnnotatedIssue) {