index.js

@@ -25,53 +25,40 @@ async function readAudit() {
 
 
 const severities = {
-  info: 'LOW',
+  info: 'INFO',
-  low: 'LOW',
+  low: 'MINOR',
-  moderate: 'MEDIUM',
+  moderate: 'MINOR',
-  high: 'MEDIUM',
+  high: 'CRITICAL',
-  critical: 'HIGH',
+  critical: 'BLOCKER',
 };
 
 
 async function main() {
   const pnpmAudit = await readAudit()
-  const rules = []
   const issues = []
   for (const advice of Object.values(pnpmAudit.advisories || [])) {
-    rules.push({
+    issues.push({
-      id: `${advice.id}`,
+      "engineId": "pnpm-audit",
-      name: advice.github_advisory_id || advice.npm_advisory_id || `rule_${advice.id}`,
+      "ruleId": advice.id,
-      description: `<h1>${advice.module_name} ${advice.vulnerable_versions}</h1>
+      "severity": severities[advice.severity],
-<h2>${advice.title || ''}</h2>
+      "type": "VULNERABILITY",
+      "efforMinutes": 0,
+      "primaryLocation": {
+        "message": `${advice.module_name} ${advice.vulnerable_versions}
+${advice.title || ''}
 
 Overview:
-<pre>
 ${advice.overview || ''}
-</pre>
 
 References:
-<pre>
 ${advice.references || ''}
-</pre>
 `,
-      cleanCodeAttribute: "TRUSTWORTHY",
+        "filePath": "pnpm-lock.yaml",
-      engineId: "pnpm-audit",
-      impacts: [{
-        softwareQuality: "SECURITY",
-        severity: severities[advice.severity],
-      }]
-    })
-    issues.push({
-      ruleId: `${advice.id}`,
-      efforMinutes: 0,
-      primaryLocation: {
-        message: advice.title,
-        filePath: "pnpm-lock.yaml",
       },
-      secondaryLocations: []
+      "secondaryLocations": []
     })
   }
-  console.log(JSON.stringify({ rules, issues }, null, 2))
+  console.log(JSON.stringify({ issues }, null, 2))
 }
 
 main()

package.json

@@ -1,6 +1,6 @@
 {
   "name": "pnpm-audit-sonar",
-  "version": "1.1.0",
+  "version": "1.0.1",
   "description": "Convert PNPM audit to Sonar compatible format",
   "main": "index.js",
   "scripts": {