celogeek/pnpm-audit-sonar
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: celogeek:v1.0.1
Branches Tags
celogeek:main
celogeek:v1.1.0
celogeek:v1.0.1
...
compare: celogeek:main
Branches Tags
celogeek:main
celogeek:v1.1.0
celogeek:v1.0.1

2 Commits
v1.0.1 ... main

Author SHA1 Message Date
celogeek
344f282495
1.1.0 2024-04-02 18:29:23 +02:00
celogeek
3d255dcfc5
update format to use clean code 2024-04-02 18:26:27 +02:00
2 changed files with 31 additions and 18 deletions
Show Stats Expand all files Collapse all files

47
index.js
View File

@ -25,40 +25,53 @@ async function readAudit() {
const severities = { const severities = {
info: 'INFO', info: 'LOW',
low: 'MINOR', low: 'LOW',
moderate: 'MINOR', moderate: 'MEDIUM',
high: 'CRITICAL', high: 'MEDIUM',
critical: 'BLOCKER', critical: 'HIGH',
}; };
async function main() { async function main() {
const pnpmAudit = await readAudit() const pnpmAudit = await readAudit()
const rules = []
const issues = [] const issues = []
for (const advice of Object.values(pnpmAudit.advisories || [])) { for (const advice of Object.values(pnpmAudit.advisories || [])) {
issues.push({ rules.push({
"engineId": "pnpm-audit", id: `${advice.id}`,
"ruleId": advice.id, name: advice.github_advisory_id || advice.npm_advisory_id || `rule_${advice.id}`,
"severity": severities[advice.severity], description: `<h1>${advice.module_name} ${advice.vulnerable_versions}</h1>
"type": "VULNERABILITY", <h2>${advice.title || ''}</h2>
"efforMinutes": 0,
"primaryLocation": {
"message": `${advice.module_name} ${advice.vulnerable_versions}
${advice.title || ''}
Overview: Overview:
<pre>
${advice.overview || ''} ${advice.overview || ''}
</pre>
References: References:
<pre>
${advice.references || ''} ${advice.references || ''}
</pre>
`, `,
"filePath": "pnpm-lock.yaml", cleanCodeAttribute: "TRUSTWORTHY",
engineId: "pnpm-audit",
impacts: [{
softwareQuality: "SECURITY",
severity: severities[advice.severity],
}]
})
issues.push({
ruleId: `${advice.id}`,
efforMinutes: 0,
primaryLocation: {
message: advice.title,
filePath: "pnpm-lock.yaml",
}, },
"secondaryLocations": [] secondaryLocations: []
}) })
} }
console.log(JSON.stringify({ issues }, null, 2)) console.log(JSON.stringify({ rules, issues }, null, 2))
} }
main() main()

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "pnpm-audit-sonar", "name": "pnpm-audit-sonar",
"version": "1.0.1", "version": "1.1.0",
"description": "Convert PNPM audit to Sonar compatible format", "description": "Convert PNPM audit to Sonar compatible format",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {