private static void OutputScaScanDetails(ScanDescriptor sd, Transformer inst,
Dictionary <string, CxScaLicenses.License> licenseIndex,
Dictionary <string, CxScaLibraries.Library> libraryIndex)
{
try
{
var vulns = CxScaVulnerabilities.GetVulnerabilities(inst.RestContext,
inst.CancelToken, sd.ScanId);
var header = new SortedDictionary <String, Object>();
inst.AddPrimaryKeyElements(sd, header);
header.Add(PropertyKeys.KEY_SCANFINISH, sd.FinishedStamp);
foreach (var vuln in vulns)
{
var flat = new SortedDictionary <String, Object>(header);
flat.Add(PropertyKeys.KEY_SCANID, sd.ScanId);
flat.Add("VulnerabilityId", vuln.VulerabilityId);
flat.Add(PropertyKeys.KEY_SIMILARITYID, vuln.SimilarityId);
flat.Add("CVEName", vuln.CVEName);
flat.Add("CVEDescription", vuln.CVEDescription);
flat.Add("CVEUrl", vuln.CVEUrl);
flat.Add("CVEPubDate", vuln.CVEPublishDate);
flat.Add("CVEScore", vuln.CVEScore);
flat.Add("Recommendation", vuln.Recommendations);
flat.Add(PropertyKeys.KEY_SCANRISKSEV, vuln.Severity.Name);
flat.Add("State", vuln.State.StateName);
flat.Add("LibraryId", vuln.LibraryId);
var lib = libraryIndex[vuln.LibraryId];
if (lib != null)
{
flat.Add("LibraryName", lib.LibraryName);
flat.Add("LibraryVersion", lib.LibraryVersion);
flat.Add("LibraryReleaseDate", lib.ReleaseDate);
flat.Add("LibraryLatestVersion", lib.LatestVersion);
flat.Add("LibraryLatestReleaseDate", lib.LatestVersionReleased);
}
StringBuilder licenseStr = new StringBuilder();
foreach (var license in lib.Licenses)
{
if (licenseStr.Length > 0)
{
licenseStr.Append(";");
}
licenseStr.Append(licenseIndex[license].LicenseName);
flat.Add($"LibraryLegalRisk_{licenseIndex[license].LicenseName.Replace(" ", "")}",
licenseIndex[license].RiskLevel);
}
flat.Add("LibraryLicenses", licenseStr.ToString());
inst.ScaScanDetailOut.write(flat);
}
}
catch (Exception ex)
{
_log.Warn($"Could not obtain vulnerability data for scan {sd.ScanId} in project " +
$"{sd.Project.ProjectId}: {sd.Project.ProjectName}. Vulnerability data will not be" +
$" available.", ex);
}
}