From 79f53f4b4afc48371a9c6dcaa8a0cc23847321df Mon Sep 17 00:00:00 2001 From: salemxd Date: Tue, 12 Mar 2024 09:56:39 +0100 Subject: [PATCH] some cleanup --- src/scatools/DependabotService.ts | 45 ++++++++++++++++++++++++++----- src/scatools/ScaService.ts | 3 --- 2 files changed, 38 insertions(+), 10 deletions(-) diff --git a/src/scatools/DependabotService.ts b/src/scatools/DependabotService.ts index a519c585..0ac871c1 100644 --- a/src/scatools/DependabotService.ts +++ b/src/scatools/DependabotService.ts @@ -8,9 +8,8 @@ export class DependabotService { const { owner, repo }: { owner: string; repo: string } = github.context.repo; const token: string = core.getInput('PAT-token'); - const octokit: InstanceType = github.getOctokit(token); - type dependabotAlertType = Endpoints['GET /repos/{owner}/{repo}/dependabot/alerts']['response']; + const alerts: any = await octokit.paginate( "GET /repos/{owner}/{repo}/dependabot/alerts", { @@ -41,14 +40,46 @@ export class DependabotService { } } - console.log('\n scaNumberOfSeverity1: ' + scaNumberOfSeverity1); - console.log('\n scaNumberOfSeverity2: ' + scaNumberOfSeverity2); - console.log('\n scaNumberOfSeverity3: ' + scaNumberOfSeverity3); - console.log('\n scaNumberOfSeverity4: ' + scaNumberOfSeverity4); - core.exportVariable('scaNumberOfSeverity1', scaNumberOfSeverity1); core.exportVariable('scaNumberOfSeverity2', scaNumberOfSeverity2); core.exportVariable('scaNumberOfSeverity3', scaNumberOfSeverity3); core.exportVariable('scaNumberOfSeverity4', scaNumberOfSeverity4); } + + public static async setDependabotFindings2(): Promise { + + const { owner, repo }: { owner: string; repo: string } = github.context.repo; + const token: string = core.getInput('PAT-token'); + + const octokit: InstanceType = github.getOctokit(token); + type dependabotAlertType = Endpoints['GET /repos/{owner}/{repo}/dependabot/alerts']['response']; + + const alerts: Array = await octokit.paginate( + "GET /repos/{owner}/{repo}/dependabot/alerts", + { + owner: owner, + repo: repo, + per_page: 100, + }); + + const severeties = alerts.flatMap((alert) => DependabotService.GetSeverity(alert)); + + const lowSeverityCount = DependabotService.severityCountForGivenSeverity(severeties, "low"); + const mediumSeverityCount = DependabotService.severityCountForGivenSeverity(severeties, "medium"); + const highwSeverityCount = DependabotService.severityCountForGivenSeverity(severeties, "high"); + const criticalSeverityCount = DependabotService.severityCountForGivenSeverity(severeties, "critical"); + + core.exportVariable('scaNumberOfSeverity1', lowSeverityCount); + core.exportVariable('scaNumberOfSeverity2', mediumSeverityCount); + core.exportVariable('scaNumberOfSeverity3', highwSeverityCount); + core.exportVariable('scaNumberOfSeverity4', criticalSeverityCount); + } + + private static severityCountForGivenSeverity(severeties: ("low" | "medium" | "high" | "critical")[], severity: string) { + return severeties.filter((allert) => allert === severity).length; + } + + private static GetSeverity(alert): "low" | "medium" | "high" | "critical" | readonly ("low" | "medium" | "high" | "critical")[] { + return alert.data.flatMap((data) => data.security_vulnerability.severity); + } } \ No newline at end of file diff --git a/src/scatools/ScaService.ts b/src/scatools/ScaService.ts index a25c69e8..645075fe 100644 --- a/src/scatools/ScaService.ts +++ b/src/scatools/ScaService.ts @@ -13,9 +13,6 @@ export class ScaService { return; } - console.log(`lite test:`); - console.log(`test: ${process.env}`); - if(scaTool.nameOfTool === "dependabot"){ DependabotService.setDependabotFindings() }