Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Veracode: Update license mapping #9325

Merged
merged 1 commit into from
Jan 12, 2024
Merged

Veracode: Update license mapping #9325

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dojo/tools/veracode/json_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import json

Check warning on line 1 in dojo/tools/veracode/json_parser.py

View check run for this annotation

DryRunSecurity / AI-powered Sensitive Files Check

Possible Sensitive File 


                    Our AI-Powered Sensitive File checker believes it has discovered
                    a sensitive file being modified in this PR. Extra care must be taken
                    when modifying a file that is potentially security-sensitive.
                    
                    The following reason was provided: The file is a parser for JSON data used in the Veracode tool, which deals with security testing and vulnerability management. It potentially contains sensitive information about vulnerabilities and security issues in an application.
import re
from cvss import CVSS3

Expand Down Expand Up @@ -43,11 +43,11 @@

# This mapping was found here: https://docs.veracode.com/r/c_integrated_license_agent
license_mapping = {
0: ("Non OSS", "Non-OSS indicates that this file could be subject to commercial license terms. If so, you should refer to your applicable license agreement with such vendor for additional information."),
1: ("Unrecognized", "Unrecognized indicates that no license was found for the component. However, this does not indicate that there is no risk associated with the license."),
2: ("Low", "Low-risk licenses are typically permissive licenses that require you to preserve the copyright and license notices, but allow distribution under different terms without disclosing source code."),
3: ("Medium", "Medium-risk licenses are typically weak copyleft licenses that require you to preserve the copyright and license notices, and require distributors to make the source code of the component and any modifications under the same terms."),
4: ("High", "High-risk licenses are typically strong copyleft licenses that require you to preserve the copyright and license notices, and require distributors to make the source code of the component and any modifications under the same terms."),
5: ("Non OSS", "Non-OSS indicates that this file could be subject to commercial license terms. If so, you should refer to your applicable license agreement with such vendor for additional information."),
}

def get_findings(self, json_output, test):
Expand Down