Loading sbom_scanner/scan.py +12 −3 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ INSECURE_SSL_CTX.verify_mode = ssl.CERT_NONE MIME_APPLICATION_JSON = "application/json" SEVERITY_COLOR = [AnsiColors.HRED, AnsiColors.RED, AnsiColors.YELLOW, AnsiColors.GREEN, AnsiColors.RESET, AnsiColors.PURPLE] class DtPermission(str, Enum): """Dependency Track permissions. Loading Loading @@ -203,6 +204,7 @@ class Scanner: merge_output: str = None, verify_ssl: bool = True, show_findings: bool = False, **_: None, ): self.base_api_url = base_api_url self.api_key = api_key Loading Loading @@ -248,6 +250,12 @@ class Scanner: return self._purl_max_len @property @cache def event_token_path(self) -> str: """Determines the DT bom/token or event/token path depending on the DT server version.""" return "bom/token" if self.dt_version < Version("4.11.0") else "event/token" @cache def get_permissions(self) -> list[DtPermission]: return [ Loading Loading @@ -545,11 +553,12 @@ class Scanner: for o in findings: vuln = o.get("vulnerability", {}) component = o.get("component", {}) color = SEVERITY_COLOR[vuln.get("severityRank", 5)] cwes = (cwe["name"] for cwe in vuln.get("cwes", [])) print( f'[{vuln.get("severity", "?")}] {" ".join(cwes)} - {component.get("group","")}:{component.get("name")}:{component.get("version","")}' f' - {vuln["vulnId"]} {color}{vuln.get("severity", "?").capitalize()}{AnsiColors.RESET}: {component.get("group","")}:{component.get("name")}:{component.get("version","")} - {" ".join(cwes)}' ) print(vuln.get("description", "").strip()) print(re.sub('\n+', '\n', vuln.get("description", "").strip())) print() print( f"- scan {AnsiColors.HGREEN}succeeded{AnsiColors.RESET}: {len(findings)} vulnerabilities found{AnsiColors.RESET}" Loading @@ -559,7 +568,7 @@ class Scanner: for n in range(8): # ~5 minutes sleep(2**n) resp = requests.get( f"{self.base_api_url}/v1/event/token/{event_id}", f"{self.base_api_url}/v1/{self.event_token_path}/{event_id}", headers={"X-API-Key": self.api_key, "accept": MIME_APPLICATION_JSON}, verify=self.verify_ssl, ) Loading Loading
sbom_scanner/scan.py +12 −3 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ INSECURE_SSL_CTX.verify_mode = ssl.CERT_NONE MIME_APPLICATION_JSON = "application/json" SEVERITY_COLOR = [AnsiColors.HRED, AnsiColors.RED, AnsiColors.YELLOW, AnsiColors.GREEN, AnsiColors.RESET, AnsiColors.PURPLE] class DtPermission(str, Enum): """Dependency Track permissions. Loading Loading @@ -203,6 +204,7 @@ class Scanner: merge_output: str = None, verify_ssl: bool = True, show_findings: bool = False, **_: None, ): self.base_api_url = base_api_url self.api_key = api_key Loading Loading @@ -248,6 +250,12 @@ class Scanner: return self._purl_max_len @property @cache def event_token_path(self) -> str: """Determines the DT bom/token or event/token path depending on the DT server version.""" return "bom/token" if self.dt_version < Version("4.11.0") else "event/token" @cache def get_permissions(self) -> list[DtPermission]: return [ Loading Loading @@ -545,11 +553,12 @@ class Scanner: for o in findings: vuln = o.get("vulnerability", {}) component = o.get("component", {}) color = SEVERITY_COLOR[vuln.get("severityRank", 5)] cwes = (cwe["name"] for cwe in vuln.get("cwes", [])) print( f'[{vuln.get("severity", "?")}] {" ".join(cwes)} - {component.get("group","")}:{component.get("name")}:{component.get("version","")}' f' - {vuln["vulnId"]} {color}{vuln.get("severity", "?").capitalize()}{AnsiColors.RESET}: {component.get("group","")}:{component.get("name")}:{component.get("version","")} - {" ".join(cwes)}' ) print(vuln.get("description", "").strip()) print(re.sub('\n+', '\n', vuln.get("description", "").strip())) print() print( f"- scan {AnsiColors.HGREEN}succeeded{AnsiColors.RESET}: {len(findings)} vulnerabilities found{AnsiColors.RESET}" Loading @@ -559,7 +568,7 @@ class Scanner: for n in range(8): # ~5 minutes sleep(2**n) resp = requests.get( f"{self.base_api_url}/v1/event/token/{event_id}", f"{self.base_api_url}/v1/{self.event_token_path}/{event_id}", headers={"X-API-Key": self.api_key, "accept": MIME_APPLICATION_JSON}, verify=self.verify_ssl, ) Loading
