From 3d255dcfc5b3641870a3767b124296e80f076936 Mon Sep 17 00:00:00 2001
From: celogeek <65178+celogeek@users.noreply.github.com>
Date: Tue, 2 Apr 2024 18:26:27 +0200
Subject: [PATCH] update format to use clean code
---
index.js | 47 ++++++++++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 17 deletions(-)
diff --git a/index.js b/index.js
index 19d185c..da45d25 100755
--- a/index.js
+++ b/index.js
@@ -25,40 +25,53 @@ async function readAudit() {
const severities = {
- info: 'INFO',
- low: 'MINOR',
- moderate: 'MINOR',
- high: 'CRITICAL',
- critical: 'BLOCKER',
+ info: 'LOW',
+ low: 'LOW',
+ moderate: 'MEDIUM',
+ high: 'MEDIUM',
+ critical: 'HIGH',
};
async function main() {
const pnpmAudit = await readAudit()
+ const rules = []
const issues = []
for (const advice of Object.values(pnpmAudit.advisories || [])) {
- issues.push({
- "engineId": "pnpm-audit",
- "ruleId": advice.id,
- "severity": severities[advice.severity],
- "type": "VULNERABILITY",
- "efforMinutes": 0,
- "primaryLocation": {
- "message": `${advice.module_name} ${advice.vulnerable_versions}
-${advice.title || ''}
+ rules.push({
+ id: `${advice.id}`,
+ name: advice.github_advisory_id || advice.npm_advisory_id || `rule_${advice.id}`,
+ description: `${advice.module_name} ${advice.vulnerable_versions}
+${advice.title || ''}
Overview:
+
${advice.overview || ''}
+
References:
+
${advice.references || ''}
+
`,
- "filePath": "pnpm-lock.yaml",
+ cleanCodeAttribute: "TRUSTWORTHY",
+ engineId: "pnpm-audit",
+ impacts: [{
+ softwareQuality: "SECURITY",
+ severity: severities[advice.severity],
+ }]
+ })
+ issues.push({
+ ruleId: `${advice.id}`,
+ efforMinutes: 0,
+ primaryLocation: {
+ message: advice.title,
+ filePath: "pnpm-lock.yaml",
},
- "secondaryLocations": []
+ secondaryLocations: []
})
}
- console.log(JSON.stringify({ issues }, null, 2))
+ console.log(JSON.stringify({ rules, issues }, null, 2))
}
main()
\ No newline at end of file