feat: add ignore meta to ignored findings

pkg/report/output/saas/saas.go

@@ -92,11 +92,14 @@ func SendReport(config settings.Config, reportData *types.ReportData) {
 	}
 }
 
-func translateFindingsBySeverity(findingBySeverity map[string][]securitytypes.Finding) map[string][]saas.SaasFinding {
+func translateFindingsBySeverity[F securitytypes.GenericFinding](findingBySeverity map[string][]F) map[string][]saas.SaasFinding {
 	saasFindingsBySeverity := make(map[string][]saas.SaasFinding)
 	for _, severity := range maps.Keys(findingBySeverity) {
 		for _, finding := range findingBySeverity[severity] {
-			saasFindingsBySeverity[severity] = append(saasFindingsBySeverity[severity], saas.SaasFinding{Finding: finding})
+			saasFindingsBySeverity[severity] = append(saasFindingsBySeverity[severity], saas.SaasFinding{
+				Finding:    finding.GetFinding(),
+				IgnoreMeta: finding.GetIgnoreMeta(),
+			})
 		}
 	}
 	return saasFindingsBySeverity

pkg/report/output/saas/types/types.go

@@ -3,6 +3,7 @@ package types
 import (
 	dataflowtypes "github.com/bearer/bearer/pkg/report/output/dataflow/types"
 	securitytypes "github.com/bearer/bearer/pkg/report/output/security/types"
+	"github.com/bearer/bearer/pkg/util/ignore"
 )
 
 type Meta struct {
@@ -35,5 +36,5 @@ type BearerReport struct {
 
 type SaasFinding struct {
 	securitytypes.Finding
-	// add any extra data to send to SaaS
+	IgnoreMeta *ignore.IgnoredFingerprint `json:"ignore_meta,omitempty" yaml:"ignore_meta,omitempty"`
 }

pkg/report/output/security/security.go

@@ -50,6 +50,7 @@ var orderedSeverityLevels = []string{
 }
 
 type Findings = map[string][]types.Finding
+type IgnoredFindings = map[string][]types.IgnoredFinding
 
 type Input struct {
 	RuleId         string                `json:"rule_id" yaml:"rule_id"`
@@ -83,7 +84,7 @@ func AddReportData(
 ) error {
 	dataflow := reportData.Dataflow
 	summaryFindings := make(Findings)
-	ignoredSummaryFindings := make(Findings)
+	ignoredSummaryFindings := make(IgnoredFindings)
 	if !config.Scan.Quiet {
 		output.StdErrLog("Evaluating rules")
 	}
@@ -122,15 +123,15 @@ func AddReportData(
 
 func evaluateRules(
 	summaryFindings Findings,
-	ignoredSummaryFindings Findings,
+	ignoredSummaryFindings IgnoredFindings,
 	rules map[string]*settings.Rule,
 	config settings.Config,
 	dataflow *outputtypes.DataFlow,
 	baseBranchFindings *basebranchfindings.Findings,
 	builtIn bool,
 ) ([]string, error) {
 	outputFindings := map[string][]types.Finding{}
-	ignoredOutputFindings := map[string][]types.Finding{}
+	ignoredOutputFindings := map[string][]types.IgnoredFinding{}
 
 	var bar *progressbar.ProgressBar
 	if !builtIn {
@@ -225,15 +226,15 @@ func evaluateRules(
 				}
 				severity := CalculateSeverity(finding.CategoryGroups, rule.Severity, output.IsLocal != nil && *output.IsLocal)
 
-				_, ignored := config.IgnoredFingerprints[fingerprint]
+				ignoredFingerprint, ignored := config.IgnoredFingerprints[fingerprint]
 				if !ignored {
-					// legacy excluded fingerprint
+					// check for legacy excluded fingerprint
 					ignored = config.Report.ExcludeFingerprint[fingerprint]
 				}
 
 				if config.Report.Severity[severity] {
 					if ignored {
-						ignoredOutputFindings[severity] = append(ignoredOutputFindings[severity], finding)
+						ignoredOutputFindings[severity] = append(ignoredOutputFindings[severity], types.IgnoredFinding{Finding: finding, IgnoreMeta: ignoredFingerprint})
 					} else {
 						outputFindings[severity] = append(outputFindings[severity], finding)
 					}
@@ -248,7 +249,7 @@ func evaluateRules(
 	return fingerprints, nil
 }
 
-func sortFindingsBySeverity(findingsBySeverity map[string][]types.Finding, outputFindings map[string][]types.Finding) {
+func sortFindingsBySeverity[F types.GenericFinding](findingsBySeverity map[string][]F, outputFindings map[string][]F) {
 	outputFindings = removeDuplicates(outputFindings)
 
 	for severity, findingsSlice := range outputFindings {
@@ -692,17 +693,17 @@ func formatSeverity(severity string) string {
 	return severityColorFn(strings.ToUpper(severity + ": "))
 }
 
-// removeDuplicates removes detections for same detector with same line number by keeping only a single highest severity detection
-func removeDuplicates(data map[string][]types.Finding) map[string][]types.Finding {
-	filteredData := map[string][]types.Finding{}
+type key struct {
+	LineNumber int
+	FileName   string
+	Detector   string
+}
 
-	type Key struct {
-		LineNumber int
-		FileName   string
-		Detector   string
-	}
+// removeDuplicates removes detections for same detector with same line number by keeping only a single highest severity detection
+func removeDuplicates[F types.GenericFinding](data map[string][]F) map[string][]F {
+	filteredData := map[string][]F{}
 
-	reportedDetections := set.Set[Key]{}
+	reportedDetections := set.Set[key]{}
 
 	// filter duplicates
 	for _, severity := range orderedSeverityLevels {
@@ -711,25 +712,26 @@ func removeDuplicates(data map[string][]types.Finding) map[string][]types.Findin
 			continue
 		}
 
-		for _, finding := range findingsSlice {
-			key := Key{
+		for _, genericFinding := range findingsSlice {
+			finding := genericFinding.GetFinding()
+			key := key{
 				LineNumber: finding.LineNumber,
 				FileName:   finding.Filename,
 				Detector:   finding.Rule.Id,
 			}
 			if reportedDetections.Add(key) {
-				filteredData[severity] = append(filteredData[severity], finding)
+				filteredData[severity] = append(filteredData[severity], genericFinding)
 			}
 		}
 	}
 
 	return filteredData
 }
 
-func sortFindings(data []types.Finding) {
+func sortFindings[F types.GenericFinding](data []F) {
 	sort.Slice(data, func(i, j int) bool {
-		vulnerabilityA := data[i]
-		vulnerabilityB := data[j]
+		vulnerabilityA := data[i].GetFinding()
+		vulnerabilityB := data[j].GetFinding()
 
 		if vulnerabilityA.Rule.Id < vulnerabilityB.Rule.Id {
 			return true

pkg/report/output/security/types/types.go

@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/bearer/bearer/pkg/util/file"
+	"github.com/bearer/bearer/pkg/util/ignore"
 	"github.com/fatih/color"
 )
 
@@ -26,6 +27,32 @@ type Finding struct {
 	RawCodeExtract   []file.Line `json:"-" yaml:"-"`
 }
 
+type IgnoredFinding struct {
+	Finding
+	IgnoreMeta ignore.IgnoredFingerprint
+}
+
+type GenericFinding interface {
+	GetFinding() Finding
+	GetIgnoreMeta() *ignore.IgnoredFingerprint
+}
+
+func (f Finding) GetFinding() Finding {
+	return f
+}
+
+func (f Finding) GetIgnoreMeta() *ignore.IgnoredFingerprint {
+	return nil
+}
+
+func (i IgnoredFinding) GetFinding() Finding {
+	return i.Finding
+}
+
+func (i IgnoredFinding) GetIgnoreMeta() *ignore.IgnoredFingerprint {
+	return &i.IgnoreMeta
+}
+
 type DataType struct {
 	CategoryUUID string `json:"category_uuid,omitempty" yaml:"category_uuid,omitempty"`
 	Name         string `json:"name,omitempty" yaml:"name,omitempty"`

pkg/report/output/types/types.go

@@ -14,7 +14,7 @@ type ReportData struct {
 	Detectors                 []any
 	Dataflow                  *DataFlow
 	FindingsBySeverity        map[string][]securitytypes.Finding
-	IgnoredFindingsBySeverity map[string][]securitytypes.Finding
+	IgnoredFindingsBySeverity map[string][]securitytypes.IgnoredFinding
 	PrivacyReport             *privacytypes.Report
 	Stats                     *statstypes.Stats
 	SaasReport                *saastypes.BearerReport