diff --git a/dojo/tools/trivy_operator/parser.py b/dojo/tools/trivy_operator/parser.py index 8be42e8e31e..764fc239812 100644 --- a/dojo/tools/trivy_operator/parser.py +++ b/dojo/tools/trivy_operator/parser.py @@ -20,7 +20,6 @@ def get_description_for_scan_types(self, scan_type): def get_findings(self, scan_file, test): scan_data = scan_file.read() - try: data = json.loads(str(scan_data, "utf-8")) except Exception: @@ -29,6 +28,11 @@ def get_findings(self, scan_file, test): if type(data) is list: for listitems in data: findings += self.output_findings(listitems, test) + elif type(data) is dict and bool(set(data.keys()) & set(["clustercompliancereports.aquasecurity.github.io", "clusterconfigauditreports.aquasecurity.github.io", "clusterinfraassessmentreports.aquasecurity.github.io", "clusterrbacassessmentreports.aquasecurity.github.io", "clustersbomreports.aquasecurity.github.io", "configauditreports.aquasecurity.github.io", "exposedsecretreports.aquasecurity.github.io", "infraassessmentreports.aquasecurity.github.io", "rbacassessmentreports.aquasecurity.github.io", "sbomreports.aquasecurity.github.io", "vulnerabilityreports.aquasecurity.github.io"])): + for datakey in list(data.keys()): + # if datakey not in ["clustersbomreports.aquasecurity.github.io", "sbomreports.aquasecurity.github.io"]: + for listitems in (data[datakey]): + findings += self.output_findings(listitems, test) else: findings += self.output_findings(data, test) return findings diff --git a/unittests/scans/trivy_operator/all_reports_in_dict.json b/unittests/scans/trivy_operator/all_reports_in_dict.json new file mode 100644 index 00000000000..1ac8c678c38 --- /dev/null +++ b/unittests/scans/trivy_operator/all_reports_in_dict.json @@ -0,0 +1,674 @@ +{ + "clustercompliancereports.aquasecurity.github.io": [], + "clusterconfigauditreports.aquasecurity.github.io": [], + "clusterinfraassessmentreports.aquasecurity.github.io": [], + "clusterrbacassessmentreports.aquasecurity.github.io": [], + "clustersbomreports.aquasecurity.github.io": [], + "configauditreports.aquasecurity.github.io": [ + { + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ConfigAuditReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:22:54Z", + "generation": 1, + "labels": { + "plugin-config-hash": "659b7b9c46", + "resource-spec-hash": "fc85b485f", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1268", + "uid": "a92e0951-e988-419d-8602-6852f920ce06" + }, + "report": { + "checks": [ + { + "category": "Kubernetes Security Check", + "checkID": "KSV014", + "description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.readOnlyRootFilesystem' to true" + ], + "severity": "LOW", + "success": false, + "title": "Root file system is not read-only" + } + ], + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "dev" + }, + "summary": { + "criticalCount": 0, + "highCount": 0, + "lowCount": 1, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-23T16:22:54Z" + } + } + ], + "exposedsecretreports.aquasecurity.github.io": [ + { + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ExposedSecretReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-24T08:34:18Z", + "generation": 1, + "labels": { + "resource-spec-hash": "69497b548d", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-c868466d4", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-c868466d4-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-c868466d4", + "uid": "1f07d5aa-f272-4f3d-ada8-a3f80ab8088d" + } + ], + "resourceVersion": "1798", + "uid": "46490b45-f440-446c-9574-efcd3afe3a92" + }, + "report": { + "artifact": { + "repository": "library/secret", + "tag": "latest" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "secrets": [ + { + "category": "AWS", + "match": "AWS_secret_KEY=\"****************************************\"", + "ruleID": "aws-secret-access-key", + "severity": "CRITICAL", + "target": "root/aws_secret.txt", + "title": "AWS Secret Access Key" + } + ], + "summary": { + "criticalCount": 1, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-24T08:34:18Z" + } + } + ], + "infraassessmentreports.aquasecurity.github.io": [], + "rbacassessmentreports.aquasecurity.github.io": [], + "sbomreports.aquasecurity.github.io": [], + "vulnerabilityreports.aquasecurity.github.io": [ + { + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "VulnerabilityReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:23:01Z", + "generation": 1, + "labels": { + "resource-spec-hash": "fc85b485f", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1293", + "uid": "b21503db-3075-4bb5-a259-aa33dbbaef4c" + }, + "report": { + "artifact": { + "repository": "library/nginx", + "tag": "alpine" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "summary": { + "criticalCount": 2, + "highCount": 3, + "lowCount": 11, + "mediumCount": 25, + "noneCount": 0, + "unknownCount": 0 + }, + "updateTimestamp": "2023-03-23T16:23:01Z", + "vulnerabilities": [ + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23914", + "resource": "curl", + "score": 4.2, + "severity": "CRITICAL", + "target": "", + "title": "curl: HSTS ignored on multiple requests", + "vulnerabilityID": "CVE-2023-23914" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23916", + "resource": "curl", + "score": 6.5, + "severity": "HIGH", + "target": "", + "title": "curl: HTTP multi-header compression denial of service", + "vulnerabilityID": "CVE-2023-23916" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23915", + "resource": "curl", + "score": 4.2, + "severity": "MEDIUM", + "target": "", + "title": "curl: HSTS amnesia with --parallel", + "vulnerabilityID": "CVE-2023-23915" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27535", + "resource": "curl", + "severity": "MEDIUM", + "target": "", + "title": "curl: FTP too eager connection reuse", + "vulnerabilityID": "CVE-2023-27535" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27533", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: TELNET option IAC injection", + "vulnerabilityID": "CVE-2023-27533" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27534", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: SFTP path ~ resolving discrepancy", + "vulnerabilityID": "CVE-2023-27534" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27536", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: GSS delegation too eager connection re-use", + "vulnerabilityID": "CVE-2023-27536" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27537", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: HSTS double-free", + "vulnerabilityID": "CVE-2023-27537" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27538", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: SSH connection too eager reuse still", + "vulnerabilityID": "CVE-2023-27538" + }, + { + "fixedVersion": "3.0.8-r1", + "installedVersion": "3.0.8-r0", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0464", + "resource": "libcrypto3", + "severity": "MEDIUM", + "target": "", + "title": "A security vulnerability has been identified in all supported versions ...", + "vulnerabilityID": "CVE-2023-0464" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23914", + "resource": "libcurl", + "score": 4.2, + "severity": "CRITICAL", + "target": "", + "title": "curl: HSTS ignored on multiple requests", + "vulnerabilityID": "CVE-2023-23914" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23916", + "resource": "libcurl", + "score": 6.5, + "severity": "HIGH", + "target": "", + "title": "curl: HTTP multi-header compression denial of service", + "vulnerabilityID": "CVE-2023-23916" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23915", + "resource": "libcurl", + "score": 4.2, + "severity": "MEDIUM", + "target": "", + "title": "curl: HSTS amnesia with --parallel", + "vulnerabilityID": "CVE-2023-23915" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27535", + "resource": "libcurl", + "severity": "MEDIUM", + "target": "", + "title": "curl: FTP too eager connection reuse", + "vulnerabilityID": "CVE-2023-27535" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27533", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: TELNET option IAC injection", + "vulnerabilityID": "CVE-2023-27533" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27534", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: SFTP path ~ resolving discrepancy", + "vulnerabilityID": "CVE-2023-27534" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27536", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: GSS delegation too eager connection re-use", + "vulnerabilityID": "CVE-2023-27536" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27537", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: HSTS double-free", + "vulnerabilityID": "CVE-2023-27537" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27538", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: SSH connection too eager reuse still", + "vulnerabilityID": "CVE-2023-27538" + }, + { + "fixedVersion": "3.0.8-r1", + "installedVersion": "3.0.8-r0", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0464", + "resource": "libssl3", + "severity": "MEDIUM", + "target": "", + "title": "A security vulnerability has been identified in all supported versions ...", + "vulnerabilityID": "CVE-2023-0464" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3970", + "resource": "tiff", + "score": 8.8, + "severity": "HIGH", + "target": "", + "title": "libtiff: integer overflow in function TIFFReadRGBATileExt of the file", + "vulnerabilityID": "CVE-2022-3970" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3570", + "resource": "tiff", + "score": 5.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: heap Buffer overflows in tiffcrop.c", + "vulnerabilityID": "CVE-2022-3570" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3597", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix", + "vulnerabilityID": "CVE-2022-3597" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3598", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2022-3598" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3599", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2022-3599" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3626", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c", + "vulnerabilityID": "CVE-2022-3626" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3627", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c", + "vulnerabilityID": "CVE-2022-3627" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4645", + "resource": "tiff", + "score": 5.6, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c", + "vulnerabilityID": "CVE-2022-4645" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-48281", + "resource": "tiff", + "score": 5.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2022-48281" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0795", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0795" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0796", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0796" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0797", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0797" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0798", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0798" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0799", + "resource": "tiff", + "score": 5.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0799" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0800", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0800" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0801", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0801" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0802", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0802" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0803", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0803" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0804", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0804" + }, + { + "fixedVersion": "", + "installedVersion": "v1.44.212", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2020-8911", + "resource": "github.com/aws/aws-sdk-go", + "score": 5.6, + "severity": "MEDIUM", + "target": "", + "title": "aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang", + "vulnerabilityID": "CVE-2020-8911" + }, + { + "fixedVersion": "", + "installedVersion": "v1.44.212", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2020-8912", + "resource": "github.com/aws/aws-sdk-go", + "score": 2.5, + "severity": "LOW", + "target": "", + "title": "aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang", + "vulnerabilityID": "CVE-2020-8912" + } + ] + } + } + ] + } + \ No newline at end of file diff --git a/unittests/tools/test_trivy_operator_parser.py b/unittests/tools/test_trivy_operator_parser.py index 85ce55bc753..0acf11cb70b 100644 --- a/unittests/tools/test_trivy_operator_parser.py +++ b/unittests/tools/test_trivy_operator_parser.py @@ -157,3 +157,9 @@ def test_findings_in_list(self): parser = TrivyOperatorParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(len(findings), 18) + + def test_findings_all_reports_in_dict(self): + with open(sample_path("all_reports_in_dict.json"), encoding="utf-8") as test_file: + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 43)