importer: trivy_operator: provide more details on package vulnerabili…

…ties and config issues
netceteragroup · Aug 23, 2024 · 9aa29d8 · 9aa29d8
1 parent 6f377a4
commit 9aa29d8
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 3 deletions.
diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py
@@ -1,5 +1,12 @@
 from dojo.models import Finding
 
+CHECK_DESCRIPTION_TEMPLATE = """{description}
+**Category**: {category}
+**Scope**: {scope}
+**Details**:
+{details}
+"""
+
 TRIVY_SEVERITIES = {
     "CRITICAL": "Critical",
     "HIGH": "High",
@@ -22,17 +29,36 @@ def handle_checks(self, endpoint, service, checks, test):
                     "https://avd.aquasec.com/misconfig/kubernetes/"
                     + check_id.lower()
                 )
-            check_description = check.get("description", "")
             title = f"{check_id} - {check_title}"
+            mitigation = check.get("remediation")
+
+            details = ""
+            for message in check.get("messages"):
+                details += f"{message}\n"
+
+            scope = "undefined"
+            if check.get("scope"):
+                scope_type = check.get("scope").get("type")
+                scope_value = check.get("scope").get("value")
+                scope = f"{scope_type} {scope_value}"
+
+            description = CHECK_DESCRIPTION_TEMPLATE.format(
+                category=check.get("category"),
+                description=check.get("description"),
+                details=details,
+                scope=scope
+            )
+
             finding = Finding(
                 test=test,
                 title=title,
                 severity=check_severity,
                 references=check_references,
-                description=check_description,
+                description=description,
                 static_finding=True,
                 dynamic_finding=False,
                 service=service,
+                mitigation=mitigation,
             )
             if check_id:
                 finding.unsaved_vulnerability_ids = [check_id]

diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py
@@ -1,7 +1,10 @@
 from dojo.models import Finding
 
 DESCRIPTION_TEMPLATE = """{title}
+**Details:**
+{description}
 **Fixed version:** {fixed_version}
+CVE published on: {published_date}
 """
 
 TRIVY_SEVERITIES = {
@@ -54,8 +57,15 @@ def handle_vulns(self, endpoint, service, vulnerabilities, test):
             else:
                 file_path = None
 
+            vuln_description = "no details"
+            if len(vulnerability.get("description", "")) > 0:
+                vuln_description = vulnerability.get("description")
+
             description = DESCRIPTION_TEMPLATE.format(
-                title=vulnerability.get("title"), fixed_version=mitigation,
+                title=vulnerability.get("title"),
+                fixed_version=mitigation,
+                published_date=vulnerability.get("publishedDate"),
+                description=vuln_description,
             )
 
             title = f"{vuln_id} {package_name} {package_version}"