private static void OutputScaScanDetails(ScanDescriptor sd, Transformer inst, Dictionary <string, CxScaLicenses.License> licenseIndex, Dictionary <string, CxScaLibraries.Library> libraryIndex) { try { var vulns = CxScaVulnerabilities.GetVulnerabilities(inst.RestContext, inst.CancelToken, sd.ScanId); var header = new SortedDictionary <String, Object>(); inst.AddPrimaryKeyElements(sd, header); header.Add(PropertyKeys.KEY_SCANFINISH, sd.FinishedStamp); foreach (var vuln in vulns) { var flat = new SortedDictionary <String, Object>(header); flat.Add(PropertyKeys.KEY_SCANID, sd.ScanId); flat.Add("VulnerabilityId", vuln.VulerabilityId); flat.Add(PropertyKeys.KEY_SIMILARITYID, vuln.SimilarityId); flat.Add("CVEName", vuln.CVEName); flat.Add("CVEDescription", vuln.CVEDescription); flat.Add("CVEUrl", vuln.CVEUrl); flat.Add("CVEPubDate", vuln.CVEPublishDate); flat.Add("CVEScore", vuln.CVEScore); flat.Add("Recommendation", vuln.Recommendations); flat.Add(PropertyKeys.KEY_SCANRISKSEV, vuln.Severity.Name); flat.Add("State", vuln.State.StateName); flat.Add("LibraryId", vuln.LibraryId); var lib = libraryIndex[vuln.LibraryId]; if (lib != null) { flat.Add("LibraryName", lib.LibraryName); flat.Add("LibraryVersion", lib.LibraryVersion); flat.Add("LibraryReleaseDate", lib.ReleaseDate); flat.Add("LibraryLatestVersion", lib.LatestVersion); flat.Add("LibraryLatestReleaseDate", lib.LatestVersionReleased); } StringBuilder licenseStr = new StringBuilder(); foreach (var license in lib.Licenses) { if (licenseStr.Length > 0) { licenseStr.Append(";"); } licenseStr.Append(licenseIndex[license].LicenseName); flat.Add($"LibraryLegalRisk_{licenseIndex[license].LicenseName.Replace(" ", "")}", licenseIndex[license].RiskLevel); } flat.Add("LibraryLicenses", licenseStr.ToString()); inst.ScaScanDetailOut.write(flat); } } catch (Exception ex) { _log.Warn($"Could not obtain vulnerability data for scan {sd.ScanId} in project " + $"{sd.Project.ProjectId}: {sd.Project.ProjectName}. Vulnerability data will not be" + $" available.", ex); } }