diff --git a/pom.xml b/pom.xml index 76906d34..35b0c524 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 3.1.1 - 2.0.9 + 2.0.10 11.0.1 7.8.0 2.0.2 diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java b/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java index 013d0957..9e1f4c92 100644 --- a/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java +++ b/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java @@ -86,8 +86,8 @@ private Constants() {} public static final String CACHE_LICENSES_PROPERTY = "cacheLicenses"; public static final String CACHE_LICENSES_HITS_PROPERTY = "cacheLicensesHits"; - public static final String TRUSTIFY_RECOMMEND_PATH = "/api/v2/purl/recommend"; - public static final String TRUSTIFY_ANALYZE_PATH = "/api/v2/vulnerability/analyze"; + public static final String TRUSTIFY_RECOMMEND_PATH = "/api/v3/purl/recommend"; + public static final String TRUSTIFY_ANALYZE_PATH = "/api/v3/vulnerability/analyze"; public static final String TRUSTIFY_HEALTH_PATH = "/.well-known/trustify"; public static final String DEPS_DEV_LICENSES_PATH = "/v3alpha/purlbatch"; diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java b/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java index 5fd8ee79..500d990e 100644 --- a/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java +++ b/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java @@ -44,6 +44,7 @@ import io.github.guacsec.trustifyda.api.v5.RecommendationReport; import io.github.guacsec.trustifyda.api.v5.RecommendationSource; import io.github.guacsec.trustifyda.api.v5.RecommendationSummary; +import io.github.guacsec.trustifyda.api.v5.Remediation; import io.github.guacsec.trustifyda.api.v5.Source; import io.github.guacsec.trustifyda.api.v5.SourceSummary; import io.github.guacsec.trustifyda.api.v5.TransitiveDependencyReport; @@ -535,15 +536,23 @@ private void incrementCounter(PackageItem item, VulnerabilityCounter counter, bo counter.direct.addAndGet(vulnerabilities); } if (i.getRemediation() != null - && i.getRemediation().getTrustedContent() != null - && i.getRemediation().getTrustedContent().getRef() != null) { + && (hasUpstreamRemediation(i.getRemediation()) + || hasTrustedContentRemediation(i.getRemediation()))) { counter.remediations.incrementAndGet(); } }); } - // The number of vulnerabilities is the total count of public CVEs - // or if it is private it will be 1 + private boolean hasUpstreamRemediation(Remediation r) { + return (r.getFixedIn() != null && !r.getFixedIn().isEmpty()) + || (r.getVersionRanges() != null && !r.getVersionRanges().isEmpty()) + || (r.getRemediations() != null && !r.getRemediations().isEmpty()); + } + + private boolean hasTrustedContentRemediation(Remediation r) { + return r.getTrustedContent() != null && r.getTrustedContent().getRef() != null; + } + private int countVulnerabilities(Issue i) { if (i.getCves() != null && !i.getCves().isEmpty()) { return i.getCves().size(); diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java index b2afb0a3..3795fd87 100644 --- a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java +++ b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java @@ -177,7 +177,12 @@ private void setTrustedContent( .status(Vulnerability.Status.toString(vuln.getStatus())) .justification( Vulnerability.Justification.toString(vuln.getJustification())); - issue.remediation(new Remediation().trustedContent(remediation)); + var existing = issue.getRemediation(); + if (existing == null) { + existing = new Remediation(); + } + existing.trustedContent(remediation); + issue.remediation(existing); }); } providerResponse diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java index 5f296edd..4067474d 100644 --- a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java +++ b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java @@ -20,7 +20,6 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Collections; -import java.util.Comparator; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -37,15 +36,16 @@ import io.github.guacsec.trustifyda.api.PackageRef; import io.github.guacsec.trustifyda.api.v5.Issue; import io.github.guacsec.trustifyda.api.v5.Remediation; +import io.github.guacsec.trustifyda.api.v5.RemediationCategory; +import io.github.guacsec.trustifyda.api.v5.RemediationInfo; import io.github.guacsec.trustifyda.api.v5.SeverityUtils; +import io.github.guacsec.trustifyda.api.v5.VersionRange; import io.github.guacsec.trustifyda.integration.Constants; import io.github.guacsec.trustifyda.integration.backend.JsonUtils; import io.github.guacsec.trustifyda.integration.providers.ProviderResponseHandler; import io.github.guacsec.trustifyda.model.DependencyTree; import io.github.guacsec.trustifyda.model.PackageItem; import io.github.guacsec.trustifyda.model.ProviderResponse; -import io.github.guacsec.trustifyda.model.trustify.AdvisoryScore; -import io.github.guacsec.trustifyda.model.trustify.ScoreType; import io.quarkus.runtime.annotations.RegisterForReflection; import jakarta.enterprise.context.ApplicationScoped; @@ -56,14 +56,7 @@ public class TrustifyResponseHandler extends ProviderResponseHandler { private static final Logger LOGGER = Logger.getLogger(TrustifyResponseHandler.class); - private static final String DEFAULT_SOURCE = "manual"; - - private static final Map SCORE_TYPE_ORDER = - Map.of( - ScoreType.V4, 1, - ScoreType.V3_1, 2, - ScoreType.V3_0, 3, - ScoreType.V2, 4); + private static final String DEFAULT_SOURCE = "unknown"; @Inject ObjectMapper mapper; @@ -112,11 +105,10 @@ private List toIssues(JsonNode response) { return; } - var status = (ObjectNode) vuln.get("status"); - if (status == null || !status.hasNonNull("affected")) { + var purlStatuses = (ArrayNode) vuln.get("purl_statuses"); + if (purlStatuses == null || purlStatuses.isEmpty()) { return; } - var affected = (ArrayNode) status.get("affected"); var title = JsonUtils.getTextValue(vuln, "title"); final String iTitle; if (title == null) { @@ -124,14 +116,16 @@ private List toIssues(JsonNode response) { } else { iTitle = title; } + Map issuesByCveSource = new HashMap<>(); - affected.forEach( - data -> { - if (data.hasNonNull("withdrawn")) { + purlStatuses.forEach( + purlStatus -> { + var advisory = purlStatus.get("advisory"); + if (advisory != null && advisory.hasNonNull("withdrawn")) { return; } - var source = getSource(data); + var source = getSource(purlStatus); if (source == null) { return; } @@ -140,7 +134,7 @@ private List toIssues(JsonNode response) { return; } var issue = new Issue().id(id).title(iTitle).source(source).cves(List.of(id)); - setCvssData(issue, data); + setCvssData(issue, vuln, purlStatus); issuesByCveSource.put(key, issue); }); issues.addAll(issuesByCveSource.values()); @@ -163,69 +157,122 @@ private List getWarnings(JsonNode entryValue) { return warnings; } - private void setCvssData(Issue issue, JsonNode node) { - var scores = (ArrayNode) node.get("scores"); - - if (scores != null && !scores.isEmpty()) { - var advisoryScores = getAdvisoryScore(issue.getId(), scores); - if (!advisoryScores.isEmpty()) { - var score = advisoryScores.get(0); - issue.cvssScore(score.score().floatValue()); - if (score.severity() != null) { - issue.setSeverity(score.severity()); - } else { - issue.setSeverity(SeverityUtils.fromScore(score.score().floatValue())); + private void setCvssData(Issue issue, JsonNode vuln, JsonNode purlStatus) { + Float score = null; + String severity = null; + + var baseScore = vuln.get("base_score"); + if (baseScore != null && !baseScore.isNull()) { + score = baseScore.has("score") ? (float) baseScore.get("score").asDouble() : null; + severity = JsonUtils.getTextValue(baseScore, "severity"); + } + + if (score == null) { + var scores = purlStatus.get("scores"); + if (scores != null && scores.isArray() && !scores.isEmpty()) { + for (var entry : scores) { + var entryValue = entry.has("value") ? (float) entry.get("value").asDouble() : null; + if (entryValue != null && (score == null || entryValue > score)) { + score = entryValue; + severity = JsonUtils.getTextValue(entry, "severity"); + } } } } - var ranges = (ArrayNode) node.get("ranges"); - if (ranges == null) { - return; + + if (score != null) { + issue.cvssScore(score); + } + if (severity != null) { + try { + issue.setSeverity(SeverityUtils.fromValue(severity.toUpperCase())); + } catch (IllegalArgumentException e) { + LOGGER.infof("Unknown severity value: %s, falling back to score-based severity", severity); + if (score != null) { + issue.setSeverity(SeverityUtils.fromScore(score)); + } + } + } else if (score != null) { + issue.setSeverity(SeverityUtils.fromScore(score)); } + var r = new Remediation(); - ranges.forEach( - rangeNode -> { - var events = (ArrayNode) rangeNode.get("events"); - events.forEach( - eventNode -> { - var fixed = JsonUtils.getTextValue(eventNode, "fixed"); - if (fixed != null) { - r.addFixedInItem(fixed); - } - }); - }); - issue.setRemediation(r); - } + boolean hasRemediation = false; - private List getAdvisoryScore(String cveId, ArrayNode scores) { - var result = new ArrayList(); - scores.forEach( - score -> { - try { - var scoreType = ScoreType.fromValue(JsonUtils.getTextValue(score, "type")); - var severity = JsonUtils.getTextValue(score, "severity"); - var scoreValue = score.get("value").asDouble(); - result.add( - new AdvisoryScore( - scoreType, SeverityUtils.fromValue(severity.toUpperCase()), scoreValue)); - } catch (IllegalArgumentException e) { - LOGGER.infof( - "Unable to parse advisory score: %s for CVE %s: %s", - score.toString(), cveId, e.getMessage()); - } - }); + var versionRange = purlStatus.get("version_range"); + if (versionRange != null && !versionRange.isNull()) { + var vr = new VersionRange(); + var schemeId = JsonUtils.getTextValue(versionRange, "version_scheme_id"); + if (schemeId != null) { + vr.versionSchemeId(schemeId); + } + var lowVersion = JsonUtils.getTextValue(versionRange, "low_version"); + if (lowVersion != null) { + vr.lowVersion(lowVersion); + } + var lowInclusive = JsonUtils.getBooleanValue(versionRange, "low_inclusive"); + if (lowInclusive != null) { + vr.lowInclusive(lowInclusive); + } + var highVersion = JsonUtils.getTextValue(versionRange, "high_version"); + var highInclusive = JsonUtils.getBooleanValue(versionRange, "high_inclusive"); + if (highVersion != null) { + vr.highVersion(highVersion); + if (highInclusive == null || !highInclusive) { + r.addFixedInItem(highVersion); + } + } + if (highInclusive != null) { + vr.highInclusive(highInclusive); + } + r.addVersionRangesItem(vr); + hasRemediation = true; + } - result.sort( - Comparator.comparing(advisoryScore -> SCORE_TYPE_ORDER.get(advisoryScore.scoreType()))); - return result; + var remediations = (ArrayNode) purlStatus.get("remediations"); + if (remediations != null && !remediations.isEmpty()) { + remediations.forEach( + rem -> { + var info = new RemediationInfo(); + var category = JsonUtils.getTextValue(rem, "category"); + if (category != null) { + try { + info.category(RemediationCategory.fromValue(category.toUpperCase())); + } catch (IllegalArgumentException e) { + LOGGER.infof("Unknown remediation category: %s", category); + } + } + var details = JsonUtils.getTextValue(rem, "details"); + if (details != null) { + info.details(details); + } + var url = JsonUtils.getTextValue(rem, "url"); + if (url != null) { + info.url(url); + } + r.addRemediationsItem(info); + }); + hasRemediation = true; + } + + if (hasRemediation) { + issue.setRemediation(r); + } } - private String getSource(JsonNode node) { - var labels = node.get("labels"); - var importer = JsonUtils.getTextValue(labels, "importer"); - if (importer == null || importer.isBlank()) { + private String getSource(JsonNode purlStatus) { + var advisory = purlStatus.get("advisory"); + if (advisory == null) { + return DEFAULT_SOURCE; + } + var issuer = advisory.get("issuer"); + if (issuer == null || issuer.isNull()) { + return DEFAULT_SOURCE; + } + var name = JsonUtils.getTextValue(issuer, "name"); + if (name == null || name.isBlank()) { return DEFAULT_SOURCE; } - return importer; + return name; } } diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java b/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java index b88f34ca..5c58ccae 100644 --- a/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java +++ b/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java @@ -111,7 +111,14 @@ private Set enrichExistingDependencies( depReport .getIssues() .forEach( - issue -> issue.remediation(new Remediation().trustedContent(trustedContent))); + issue -> { + var existing = issue.getRemediation(); + if (existing == null) { + existing = new Remediation(); + } + existing.trustedContent(trustedContent); + issue.remediation(existing); + }); } // Backward compat: set deprecated per-dependency recommendation diff --git a/src/main/java/io/github/guacsec/trustifyda/model/trustify/AdvisoryScore.java b/src/main/java/io/github/guacsec/trustifyda/model/trustify/AdvisoryScore.java deleted file mode 100644 index 18f56ed9..00000000 --- a/src/main/java/io/github/guacsec/trustifyda/model/trustify/AdvisoryScore.java +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright 2023-2025 Trustify Dependency Analytics Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.github.guacsec.trustifyda.model.trustify; - -import io.github.guacsec.trustifyda.api.v5.Severity; - -public record AdvisoryScore(ScoreType scoreType, Severity severity, Double score) {} diff --git a/src/main/java/io/github/guacsec/trustifyda/model/trustify/ScoreType.java b/src/main/java/io/github/guacsec/trustifyda/model/trustify/ScoreType.java deleted file mode 100644 index 410cba7c..00000000 --- a/src/main/java/io/github/guacsec/trustifyda/model/trustify/ScoreType.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2023-2025 Trustify Dependency Analytics Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.github.guacsec.trustifyda.model.trustify; - -import java.util.Arrays; - -public enum ScoreType { - V2("2"), - V3_0("3.0"), - V3_1("3.1"), - V4("4"); - - private final String value; - - ScoreType(String value) { - this.value = value; - } - - public String getValue() { - return value; - } - - public static ScoreType fromValue(String value) { - return Arrays.stream(ScoreType.values()) - .filter(scoreType -> scoreType.getValue().equals(value)) - .findFirst() - .orElse(null); - } -} diff --git a/src/main/resources/freemarker/templates/generated/main.js b/src/main/resources/freemarker/templates/generated/main.js index 657968c5..cfbdd243 100644 --- a/src/main/resources/freemarker/templates/generated/main.js +++ b/src/main/resources/freemarker/templates/generated/main.js @@ -1 +1 @@ -!function(){"use strict";var e={4712:function(e,n,r){var i=r(1477),t=r(5741),a=(r(9220),r(4685)),o=r(3457),l=r(3710);function c(e){var n=[];return Object.keys(e.providers).forEach(function(r){var i=e.providers[r].sources;void 0!==i&&Object.keys(i).length>0?Object.keys(i).forEach(function(e){n.push({provider:r,source:e,report:i[e]})}):"trusted-content"!==r&&n.push({provider:r,source:r,report:{}})}),n.sort(function(e,n){return 0===Object.keys(e.report).length&&0===Object.keys(n.report).length?1:Object.keys(n.report).length-Object.keys(e.report).length})}function s(e){var n,r;if(!e||!e.provider)return"unknown";var i=null!==(n=e.provider)&&void 0!==n?n:"unknown";return i===(null!==(r=e.source)&&void 0!==r?r:"unknown")?i:"".concat(e.provider,"/").concat(e.source)}function d(e){var n;return!(!e.remediation||!(e.remediation.fixedIn||null!==(n=e.remediation)&&void 0!==n&&n.trustedContent))}function u(e){var n=[];return e.map(function(e){return{dependencyRef:e.ref,vulnerabilities:e.issues||[]}}).forEach(function(e){var r;null===(r=e.vulnerabilities)||void 0===r||r.forEach(function(r){r.cves&&r.cves.length>0?r.cves.forEach(function(i){n.push({id:i,dependencyRef:e.dependencyRef,vulnerability:r})}):n.push({id:r.id,dependencyRef:e.dependencyRef,vulnerability:r})})}),n.sort(function(e,n){return n.vulnerability.cvssScore-e.vulnerability.cvssScore})}var h=r(9292),v=r(6180),g=r(9341),p=r(3844),x=r(2881),f=r(4900),m=r(3144),j=r(2092),y=r(5767),I=r(4646),A=r(260),C=r(1352),b=r(3571),w=r(2995),N=r(9133),T=r(628),S=r(2972),M=r(8056),E=r(2008),O=r(481),P=["#800000","#FF0000","#FFA500","#5BA352","#808080"],D=function(e){var n,r,i,t,a,o,l=e.summary,c=null!==(n=null===l||void 0===l?void 0:l.critical)&&void 0!==n?n:0,s=null!==(r=null===l||void 0===l?void 0:l.high)&&void 0!==r?r:0,d=null!==(i=null===l||void 0===l?void 0:l.medium)&&void 0!==i?i:0,u=null!==(t=null===l||void 0===l?void 0:l.low)&&void 0!==t?t:0,h=null!==(a=null===l||void 0===l?void 0:l.unknown)&&void 0!==a?a:0,v=null!==(o=null===l||void 0===l?void 0:l.total)&&void 0!==o?o:0,g=c+s+d+u+h>0,p=g?P:["#D5F5E3"],x=[{name:"Critical: ".concat(c),symbol:{type:"square",fill:P[0]}},{name:"High: ".concat(s),symbol:{type:"square",fill:P[1]}},{name:"Medium: ".concat(d),symbol:{type:"square",fill:P[2]}},{name:"Low: ".concat(u),symbol:{type:"square",fill:P[3]}},{name:"Unknown: ".concat(h),symbol:{type:"square",fill:P[4]}}];return(0,O.jsx)("div",{children:(0,O.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,O.jsx)(M.a,{children:(0,O.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,O.jsx)(E.H,{constrainToVisibleArea:!0,data:g?[{x:"Critical",y:c},{x:"High",y:s},{x:"Medium",y:d},{x:"Low",y:u},{x:"Unknown",y:h}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return g?"".concat(n.x,": ").concat(n.y):"No vulnerabilities"},legendData:x,legendOrientation:"vertical",legendPosition:"right",padding:{left:20,right:140},subTitle:"Unique vulnerabilities",title:"".concat(v),width:350,colorScale:p})})})})})},k="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMTJweCIgaGVpZ2h0PSIxM3B4IiB2aWV3Qm94PSIwIDAgMTIgMTMiIGlkPSJTZWN1cml0eUNoZWNrSWNvbiIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDx0aXRsZT5Db21iaW5lZCBTaGFwZTwvdGl0bGU+CiAgICA8ZyBpZD0iTXVsdGktdmVuZG9yIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyBpZD0iT3ZlcnZpZXctQ29weSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyMDcsIC05OTMpIiBmaWxsPSIjM0U4NjM1Ij4KICAgICAgICAgICAgPGcgaWQ9IkRldGFpbHMtb2YtZGVwZW5kZW5jeS1jb20uZ2l0aHViIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjcsIDgxOSkiPgogICAgICAgICAgICAgICAgPGcgaWQ9IkRlcGVuZGVuY3ktMSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMTQ0KSI+CiAgICAgICAgICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTkiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDc4MC4xNzI4LCAyNCkiPgogICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iR3JvdXAtNCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMy4yKSI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iSWNvbnMvMi4tU2l6ZS1zbS9BY3Rpb25zL2NoZWNrIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLCAyLjgpIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTAuNTU2NTc4OSwwIEMxMC43OTA2MjQ5LDAgMTAuOTc5MzMyMiwwLjE4MTU0Mjk2OSAxMC45NzkzMzIyLDAuNDA2MjUgTDEwLjk3OTMzMjIsNS43NDA4MjAzMSBDMTAuOTc5MzMyMiw5Ljc1IDYuMjQwODE5MDcsMTMgNS40OTU3OTI5NiwxMyBDNC43NTA3NjY4NCwxMyAwLDkuNzUgMCw1LjczOTU1MDc4IEwwLDAuNDA2MjUgQzAsMC4xODE1NDI5NjkgMC4xODg3MDcyNzIsMCAwLjQyMjc1MzMwNCwwIFogTTguNTQyNzc4ODMsMy4xMTc4MjY2NyBMNC43OTEyOTYxLDYuODkwODczNTMgTDMuMDM5ODEzMzgsNS4xMjkzMjQ0IEMyLjg4MzYwOSw0Ljk3MjIwNjgzIDIuNjMwMzI4MTIsNC45NzIyMDY4MyAyLjQ3NDEyMzc1LDUuMTI5MzI0NCBMMS45MDg0NDkzOCw1LjY5ODI2NTU2IEMxLjc1MjI0NTAxLDUuODU1MzgzMTIgMS43NTIyNDUwMSw2LjExMDEwNDQ5IDEuOTA4NDQ5MzgsNi4yNjcyMDY3MSBMNC41MDg0NTc5Nyw4Ljg4MjE1OTkxIEM0LjY2NDY0NzA4LDkuMDM5Mjc3NDcgNC45MTc5MTI3LDkuMDM5Mjc3NDcgNS4wNzQxMzIzMyw4Ljg4MjE3NTI1IEw5LjY3NDE0MjgyLDQuMjU1NzA4OTggQzkuODMwMzQ3Miw0LjA5ODU5MTQxIDkuODMwMzQ3MiwzLjg0Mzg3MDA0IDkuNjc0MTQyODIsMy42ODY3Njc4MiBMOS4xMDg0Njg0NiwzLjExNzgyNjY3IEM4Ljk1MjI2NDA4LDIuOTYwNzI0NDQgOC42OTg5ODMyLDIuOTYwNzI0NDQgOC41NDI3Nzg4MywzLjExNzgyNjY3IFoiIGlkPSJDb21iaW5lZC1TaGFwZSI+PC9wYXRoPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgICAgICAgICA8L2c+CiAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICA8L2c+CiAgICAgICAgPC9nPgogICAgPC9nPgo8L3N2Zz4=",F=r(296),L=r(3029),B=r(2901),R="maven",z="https://central.sonatype.com/artifact/",U="https://pkg.go.dev/",W="https://www.npmjs.com/package/",Z="https://pypi.org/project/",V="pkg:",K=/%[0-9A-Fa-f]{2}/,G=function(e){var n="";return e.namespace&&(n=e.type===R?"".concat(e.namespace,":"):"".concat(e.namespace,"/")),n+="".concat(e.name)},Y=function(e,n){var r=re.fromString(e),i=G(r),t=r.version?decodeURIComponent(r.version):"";return n?i+"@".concat(t):i},H=function(e){var n=re.fromString(e);if(n.qualifiers&&n.qualifiers.has("repository_url")){var r=decodeURIComponent(n.qualifiers.get("repository_url")||"");r.endsWith("/")&&(r=r.substring(0,r.length-1));var i=n.namespace;return i&&(i=i.replace(/\./g,"/")),"".concat(r,"/").concat(i,"/").concat(n.name,"/").concat(n.version)}var t=z;return n.namespace?"".concat(z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):t},Q=function(e){var n=re.fromString(e);switch(n.type){case R:return"".concat(z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version);case"golang":var r=n.version;return null!==r&&void 0!==r&&r.match(/v\d\.\d.\d-\d{14}-\w{12}/)?"".concat(U).concat(n.namespace,"/").concat(n.name):"".concat(U).concat(n.namespace,"/").concat(n.name,"@").concat(n.version);case"npm":return n.namespace?"".concat(W).concat(n.namespace,"/").concat(n.name,"/v/").concat(n.version):"".concat(W).concat(n.name,"/v/").concat(n.version);case"pypi":return n.namespace?"".concat(Z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):"".concat(Z).concat(n.name,"/").concat(n.version);case"deb":return"".concat("https://sources.debian.org/patches/").concat(n.name,"/").concat(n.version);case"cargo":return"".concat("https://crates.io/crates/").concat(n.name,"/").concat(n.version);default:return n.toString()}},X=function(e){var n=re.fromString(e).version;return n?decodeURIComponent(n):""},q=function(e,n){var r=re.fromString(e),i=encodeURIComponent(G(r));return n.remediationTemplate.replace("__PACKAGE_TYPE__",r.type).replace("__PACKAGE_NAME__",i).replace("__PACKAGE_VERSION__",r.version||"")},J=function(e){return e.toLowerCase().replace(/./,function(e){return e.toUpperCase()})},_=function(e){var n=$(e),r="";if(n.repository_url){var i=n.repository_url.indexOf("/");r+=-1!==i?n.repository_url.substring(i+1):""}else r+="".concat(n.short_name);return n.tag&&(r+=":".concat(n.tag)),r},$=function(e){var n=e.split("?"),r=n[0],i=n[1],t=new URLSearchParams(i),a=t.get("repository_url")||"",o=t.get("tag")||"",l=t.get("arch")||"",c=r.split("@");return{repository_url:a,tag:o,short_name:c[0].substring(c[0].indexOf("/")+1),version:r.substring(r.lastIndexOf("@")).replace("%3A",":"),arch:l}},ee=function(e,n,r,i){var t=c(n),a=i||"";for(var o in t){var l=t[o].report.dependencies;if(l){var s=Object.values(l).find(function(n){var r,i=n.ref,t=decodeURIComponent(i),a=(r=e,K.test(r)?decodeURIComponent(e):e);return re.fromString(t).toString()===re.fromString(a).toString()});if(s&&s.recommendation&&a){var d=decodeURIComponent(s.recommendation);if(void 0!==ne(d,r))return a+_(d)}}}return a},ne=function(e,n){var r=JSON.parse(n).find(function(n){return re.fromString(n.purl).toString()===re.fromString(e).toString()});return null===r||void 0===r?void 0:r.catalogUrl},re=function(){function e(n,r,i,t,a){(0,L.A)(this,e),this.type=void 0,this.namespace=void 0,this.name=void 0,this.version=void 0,this.qualifiers=void 0,this.type=n,this.namespace=r,this.name=i,this.version=t,this.qualifiers=a}return(0,B.A)(e,[{key:"toString",value:function(){var e=this.name;return this.version&&(e+="@".concat(this.version)),this.namespace?"".concat(V).concat(this.type,"/").concat(this.namespace,"/").concat(e):this.qualifiers?"".concat(V).concat(this.type,"/").concat(e,"?").concat(Array.from(this.qualifiers.entries()).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return"".concat(r,"=").concat(i)}).join("&")):"".concat(V).concat(this.type,"/").concat(e)}}],[{key:"fromString",value:function(n){var r,i,t=n.replace(V,""),a=t.indexOf("?");-1!==a&&(i=t.substring(a+1),t=t.substring(0,a));var o,l,c=t.substring(0,t.indexOf("/")),s=t.split("/");s.length>2&&(o=s.slice(1,s.length-1).join("/")),-1!==t.indexOf("@")&&(l=t.substring(t.indexOf("@")+1));var d=s[s.length-1];return l&&(d=d.substring(0,d.indexOf("@"))),new e(c,o,d,l,new Map((null===(r=i)||void 0===r?void 0:r.split("&").map(function(e){return e.split("=")}))||[]))}}])}(),ie={PERMISSIVE:"#0066CC",WEAK_COPYLEFT:"#3E8635",STRONG_COPYLEFT:"#F0AB00",UNKNOWN:"#C46100"},te={PERMISSIVE:"Permissive",WEAK_COPYLEFT:"Weak copyleft",STRONG_COPYLEFT:"Strong copyleft",UNKNOWN:"Unknown"};function ae(e){if(!e)return 1;switch(e.toUpperCase().replace(/-/g,"_")){case"PERMISSIVE":return 4;case"WEAK_COPYLEFT":return 3;case"STRONG_COPYLEFT":return 2;default:return 1}}var oe="#F0AB00";function le(e){var n;if(!e)return te.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=te[r])&&void 0!==n?n:e}function ce(e){var n;if(!e)return ie.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=ie[r])&&void 0!==n?n:ie.UNKNOWN}function se(e){var n;if(e){var r=e.toUpperCase().replace(/-/g,"_");n="PERMISSIVE"===r?"blue":"WEAK_COPYLEFT"===r?"green":"STRONG_COPYLEFT"===r?"yellow":"gray"}else n="gray";return n}var de=["PERMISSIVE","WEAK_COPYLEFT","STRONG_COPYLEFT","UNKNOWN"];function ue(e){if(!e)return de.length;var n=e.toUpperCase().replace(/-/g,"_"),r=de.indexOf(n);return r>=0?r:de.length}var he=function(e){var n,r,i,t,a,o=e.summary,l=null!==(n=o.permissive)&&void 0!==n?n:0,c=null!==(r=o.strongCopyleft)&&void 0!==r?r:0,s=null!==(i=o.unknown)&&void 0!==i?i:0,d=null!==(t=o.weakCopyleft)&&void 0!==t?t:0,u=null!==(a=o.total)&&void 0!==a?a:0,h=l+c+s+d>0,v=[{name:"Permissive: ".concat(l),symbol:{type:"square",fill:ie.PERMISSIVE}},{name:"Weak Copyleft: ".concat(d),symbol:{type:"square",fill:ie.WEAK_COPYLEFT}},{name:"Strong Copyleft: ".concat(c),symbol:{type:"square",fill:ie.STRONG_COPYLEFT}},{name:"Unknown: ".concat(s),symbol:{type:"square",fill:ie.UNKNOWN}}];return(0,O.jsx)("div",{children:(0,O.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,O.jsx)(M.a,{children:(0,O.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,O.jsx)(E.H,{constrainToVisibleArea:!0,data:h?[{x:"Permissive",y:l},{x:"Weak Copyleft",y:d},{x:"Strong Copyleft",y:c},{x:"Unknown",y:s}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return h?"".concat(n.x,": ").concat(n.y):"No licenses"},legendData:v,legendOrientation:"vertical",legendPosition:"right",padding:{left:0,right:160},subTitle:"Total licenses",title:"".concat(u),width:350,colorScale:Object.values(ie)})})})})})},ve=r(4102),ge={width:"16px",height:"16px",verticalAlign:"middle"},pe="330px";var xe=function(e){var n,r,i=e.report,t=e.isReportMap,a=e.purl,d=Kn(),u=d.brandingConfig||{displayName:"Trustify",exploreUrl:"https://guac.sh/trustify/",exploreTitle:"Learn more about Trustify",exploreDescription:"The Trustify project is a collection of software components that enables you to store and retrieve Software Bill of Materials (SBOMs), and advisory documents.",imageRecommendation:"",imageRecommendationLink:""},M=Boolean(u.exploreTitle.trim().length>0)&&Boolean(u.exploreUrl.trim().length>0)&&Boolean(u.exploreDescription.trim().length>0),E=Boolean(t)&&u.imageRecommendation.trim().length>0&&u.imageRecommendationLink.trim().length>0,P=i.licenses||[],F=(null!==(n=i.licenses)&&void 0!==n?n:[]).filter(function(e){return e.summary.total>0}),L=null===(r=i.licenses)||void 0===r?void 0:r.find(function(e){return"SBOM"===e.status.name}),B=null===L||void 0===L?void 0:L.projectLicense,R=Boolean(B),z=function(){return(0,O.jsx)("img",{src:"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAON0lEQVR4nOxad1xTV/s/mYwQRkBWGCJDFERZgqCvoDhQKuKroghVpK2COIqK9VVrXWhx4oIiIKKoIAilIlgHqFAKssIeIeywQhIIWTfr97nxTX9IwVaI/et9Pp/7ObnPedb33vPc85xzghYIBAg0Gi0BExCPy1UsKytd3EahWAqFIqy2jnaHo5NznpaWVv9EOslJSbsvn4+8mnAv2d5m7txymLdlw/piFoulnpX7bOZEejCxWCyVQRqNiMFg+Dq6up1oNFoE82urq+119fQ6Ncf4RXh7etaJxWKss4tLrrmFRZW2jna3UCjC9PZQp1dVVjoVFxWtHBkZUR+thEKhoKXLlqfuDgs7pKenRx0bRFdn5/QN3mvqdXT1Ojds8r3aUF8/L+fJkyC/gIALYeGHDo6VF4lEyMz09O1pqSk7yU1N8yQSCQrmKysrM//l7p7lv3XbxcePHn1FNCC2bd0edOkDAD/duHE0NvrmqfGeBgqFEtg5OLxauWr1Q2ubOcUCAVBraCAvfPU8x/u3t69cNQiEvpj4hKWmZmZ1Y3WfPX3qe/qH47e4XC4evl+0eHH6mcjz/srKyrzRcgw6XWv/3j1pVZWViwkEAtVtydJMoqFhAwTxVSvLK1xKfi9aiUAgRBgsFtLV1aWk//LEhsvlKvZQu41nmJo1IiQSCYj7Kea7mOvXz862si78JiTkHCQQq6mrq/dPNzFtgYRIQ9ogx7WLyvJhDPEdZI7byCTwJPUSwOOVu5LT0m01NTVpY0H0UqkGXiuWd3qvW3fp2ImT+8f2QxCEDQoIeN1QXzc/aMeOH4K+2XFOQm6x4WZm7RI0NDpJOBxcG5+PutzZatAkFEh19PSJlP6+XuKla9e9XRcteoaGmV/t2Hmuoa7eNv/Vy43KOBwT4miFNLZzPBvbu6RKbBYDNNQUAojPAybmtkCXaAqmm80FK31Cwc8PIw1uRkWdPnby5M6xASoqKXGlraIib7w3nHAr9kB9Xa3zvgMHv/XfuvUKKz7xB1byg2NtAgipikSCaSg0MAIAnFPXAmGMAdAmEoIeaveMsPDwUDh42AZSZuzQkSN7sFjsSOzNG987zNPdAwAQwvyermaQcG0fyM+9A37LSwHJsd+BtoYXeWp4bJXZLEegZ2AOcp9m+3M4HOXxgpyIID4fk3r//rcWlpZlfgEBUZzcX/2Kbt8+HjjYg9zDHADb6H0gYpguEhkZViogkOAbFbU/dGk0mq7s9x8Apmlr96364ou7pSUly+g0qsRAXyUd5r/MjgcYNIJ5ISrKKzH5vuNsK+vff34U72JjqbRWTRVbaWHlAvh8Pq6upsb+UwDUVFc7Dg8Pa32xxvsOUixGdMbFR5wcogOhqmp/cOjuI55eXomFfC7qjqnRG9xX2w/YYBSADlKa2yApIeFoVkaG3wcAYPJYviINbgvevPEyNlBLgfOjj9oClnt6JrstWZptbWNT+nXwzuNCoVChhdxgbWmmeVmdoCPVHejvN/gUANTubhO4NbOwIEENTY4l3d3GPCAB3x09Fhy0Y0fEqbPnAh2dnJ7nZGd/qeLnexEz0+KdKRoDcCoqg3cePHTAYDAiAQShPgAwx8amGM746iqSk/Y05dcIBAIoKuPhp+XM5/MVYJmyd6XucNtKoZgpKaFbDYxnAfsFXgCvqjb0KQAAABIzC4uK6SYmzaKeHgMIvJ+KxGIxQiYgFArhHJV2oC1nFktbNFpkZW1d5unllYLBYkXo0RZxKirs6SYmteWlpW5oFGAqKaEpDgu8ZhS8fGDvs3pVkwoez6SQyTaw7PUrVy49y83rdvUIBG4rt4ocnS0KPiX6xUuWZHl6eT0QCgSYxHfFi++ODEv5P54+Fd1KabFqb2szrygrc1+/0feaFNgATZ8sFAAi0ZQy2g5yrOEVq1bfZ9DpetlZWQFGRPzj+Yt8wJLVQQCjoKohEYtRG3w3RT1+km26Zp1vKqW5lph0cz8ofHGbyhqiK3wKABwON5L38sW6DWvX1t56cH+3ERoNglXUgNIIe1pcTMyJF8+e+XksX5G878CBcKihcd67woLV/WIRcHZxzRltRzoPjCYOm41b772mhsNmq12PTVjb1I5O5UMieKALjQzwqRpqiiTWCGTa1jnsT+vvVs7PuS1uJVcicTgc85uQkO83bvaLxmAw0i8Yk8HQ9PjXIpqvn1/EwcP/OSLz0dzUZBV55sy1ivIydw0CoTd0777Dbh3dtrysJ3vgeGgmxuXTAracJBgbt0ClZR79iUnHw6gd6gMYNOvxk2xzbR2dvgkBwESqrHQMDtr+CoVCibcEhmaoaduvAwgUXtbf2VYH2luqgNMib67bQjP/lsZ3vMvnI6Oo3d1mZhYWlfsPHdpla2df8vDevZ1XLl64Nmfu3LwTZyK2q6urM25eu3rq8aNHwfDY9vn3+piQPXuOq6mrM0hFRe66sbcvgvZ229GxdAkFIHKYAVpEAnD42PdB/964MeGjb0BG1SSS4/Ej/0nqaG+3xCooAW3d6QCJQgPGIBWwhgbhOoUVfuRosNeaNcmwPI/HU3yYfG9XYlzckZGREQ1dPb3W3p4eEwVFRTafx1OG5TFYLHeIydSZ7+z8dN+BA4csZlrWwLo/3bxx+FZ0dMQ0VTWaIyTU0kehAF8iAQ1CCJRBfIBEo6G9+/eHbfYPuPGnQGEAE10Qn4/KyszYsm9XSMbqZR7kFe5undv9t+THxcQcptFomuPpDAwMaO8NCc60t7aSnDt96rJAIEBVkUjzXOzt2IudnegFb94sG6sjEokQGWlp2zas9a6A9WTXAjvbkSPh4XcpLWTLiWL8KIDJXonx8QfhAFrIZBMZL/iroJyVS9wpf6VLHxwk1NfVzm0hky34fD7mr+T/9BWSBxkaGTbB7dNfsgLFYjFoa221qCaRXAwNDVv/SleDQKBbzppNmmFq2oTFYgV/JT9hDkyF4Po+cMuW3+pqa5xUVVV72Wy2JsyPuhm9wtnFJU+uzj7HEIKv4aEh/OXz58/AQ2nTOp+SyooKp8/h57MBgC8Gna4JA4iMOHPmc/n4LDnwT9L/APxNQnwuw58FwOO0R4GV5eUuo1jSlcilyMgfmQwGQZ6+5A4gMS7uYMSJEwlsNltVxhOJeVhIOKT29nW+z9fbtr4ZYjLV5eVPrgCam5pmRV+/dtraxqZwnp1dwQi/Tbrq6man7Pul2o5p7UE2b6VQrM6fPRslL59yBfDw3r3dEokEeTLirD9A0zUKyIHPR/fPcxOBGTZC8Gtujt9Af7+OPHzKFUB1FcnFzNycZGRs3NbUf+uAQMz601CZNV8ELxvRDXV1tvLwKVcAPVTqdD19/Q749yC7YsF4Mqqa70uXnp4eI3n4lBuArs5OIy6Xq2ZoZNwI33MFvcTx5KYZvAdAaWmxlodfuQEoKixcCbe2dnZvOVCvDiSk648nh1MDQFNfDIoKC5bDlepUSW4AMh+nf43H4wcXuLq+6B3OX/UxWWtXIeju6pr5W0HBsqn6lQuArIyMLY319Q6b/P0vYxUUoFZaytcfk7ddIgIKyhJw9dLFCxAEYabie8oA2lpbzS/8eO6mPpHYvHV70MXeofzlTG7VuAksIyUcAAvXCuA8sLl59eq4W/t/l6YEgMvlKoXtDs2A+HyFExERW9EYMbKy6+SVv6PrsFwEZswRgeSkOwffvs73nGwMUwLw4O7dkI72dquQPXsP2drZF5V1fBfLhtpnwX1CAQCtNe/ND3QhwNCY0wMkEgDvXRBQVhUhI06ejIEgCDuZGCa9pBSLxQiv5ctasVgsPy3rl9k9rNy1JW17pZvD1BYEyLyBBUO0/38+CIQEuH6hNLhiM57OEXSYy/ilz1Hg+V0sOPNjpO+KVatSPzWOSb+BstJS1/6+PuP1vpuuo9FIUV1P1HHw36d9/5wCAEJCX1h4+J7b95KdL1+/sdphvvOvBVk8zaost1wTzc3XZXbmLBQBNEYCfn2Wu2EycaAnC4BUUb4IvD/7yqGza+xG+JQ58P3rdDQQCVCCG0mxyyxnz66WybsuWpSzd1dIVtrDtF0bfDNma+JarAbZJe4KSgAQzcWgmkT6aOJPRJN+A50dHTMQCITQwNCwZWCkeDGQbhAA0FqFgkH9PDp4qSMkUvLltsDzcLH39vXr1Rba2y/K+rSIYkAfHCTyuNxP2iCeEgD2CFtJUUmJhUKhJByIKj3cEEJw8iIA0cCgfTydadra0iPZISZTi4Cb907GR/93JuDxeCr/GAANgsYwl8PR4PP5WCB5fyiBUQBAWVUMSBXjF3KN9fXSCtTA0KhZdnAhDZwNJzlCpILH0/8xAKZmZrVwW19bO08Jq9ct41stEIHamhqXlPvJH5xa9lCp+jeuRp3G4XCMJR4emQxOzR/ldG8bEhgYGTV97B8DE9Gkk3i+8wLpYiXv5YsNAcEef3z+FvoIAaUaBc6fPRud9/KVj72jw9uB/gG93KfZfjwuVyUi8vx6dQ0NRlXz7W9heWY/AH3tSOCz3nFSO3ZT2loM9N9SQG5unp2ZnW1Z2r85f4TfKp3E4CGR/wgDagpRQMBHwMNDbDVnTvHOXaFH5rvMf0PqPB1Bod0Nh2Wf3UGD8pcYEHs70cXOwaHoHwXwNj9/xbe7Q3MXuy9J333c/VFZx4GHHxpXZqiIlv1squ+ZQtDQ7WVyau3IA4l7h3nN0nM2eMJLOqUAHBydc6Pj4idVTkx5c/fooUOJuU+ztwYEboucv7bdkDr0dPPf0RvoRoAHZxUACqE+cDcl1Z5IJHZOxv+UAfB4PExYaGh2SfHvy9yWuqUv/ZJG4CDeuX9Mp+EdEuTEY4FEpMi5Gh3jae/o+Gay/v8vAAD//4wb/4wEdbX7AAAAAElFTkSuQmCC",alt:"Trustify Icon",style:ge})},U=1+(F.length>0?1:0),W=Math.min(12,Math.max(1,Math.floor(12/U))),Z=1+Number(R)+Number(E)+Number(M);4===Z&&(Z=2);var V=Math.min(12,Math.max(1,Math.floor(12/Z)));return(0,O.jsxs)(o.x,{hasGutter:!0,children:[(0,O.jsxs)(h.h,{headingLevel:"h3",size:h.J["2xl"],style:{paddingLeft:"15px"},children:[(0,O.jsx)(v.I,{isInline:!0,status:"info",children:(0,O.jsx)(S.Ay,{style:{fill:"#f0ab00"}})}),"\xa0",u.displayName," overview of security issues"]}),(0,O.jsx)(g.c,{}),(0,O.jsx)(l.E,{md:12,lg:W,children:(0,O.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,O.jsx)(x.a,{children:(0,O.jsx)(f.Z,{children:(0,O.jsx)(m.X,{style:{fontSize:"large"},children:t?(0,O.jsxs)(O.Fragment,{children:[a?_(a):"No Image name"," - Vendor Issues"]}):(0,O.jsx)(O.Fragment,{children:"Vendor Issues"})})})}),(0,O.jsxs)(j.b,{children:[(0,O.jsx)(y.W,{children:(0,O.jsx)(I.d,{children:(0,O.jsx)(m.X,{children:"Below is a list of dependencies affected with CVE."})})}),(0,O.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"10px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:c(i).map(function(e,n){return(0,O.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,O.jsx)(m.X,{style:{fontSize:"large"},children:s(e)}),(0,O.jsx)(I.d,{children:(0,O.jsx)(D,{summary:e.report.summary})})]},n)})})]}),(0,O.jsx)(g.c,{})]})}),F.length>0&&(0,O.jsx)(l.E,{md:12,lg:W,children:(0,O.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,O.jsx)(x.a,{children:(0,O.jsx)(f.Z,{children:(0,O.jsx)(m.X,{style:{fontSize:"large"},children:"License Summary"})})}),(0,O.jsx)(j.b,{children:(0,O.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"30px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:F.map(function(e,n){return(0,O.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,O.jsx)(m.X,{style:{fontSize:"large"},children:e.status.name||"Unknown"}),(0,O.jsx)(I.d,{children:(0,O.jsx)(he,{summary:e.summary})})]},n)})})})]})}),(0,O.jsxs)(l.E,{md:V,children:[(0,O.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,O.jsxs)(y.W,{children:[(0,O.jsx)(f.Z,{component:"h4",children:(0,O.jsxs)(m.X,{style:{fontSize:"large"},children:[z(),"\xa0",u.displayName," Dependency Remediations"]})}),(0,O.jsx)(j.b,{children:(0,O.jsx)(I.d,{children:(0,O.jsx)(C.B8,{isPlain:!0,children:c(i).map(function(e,n){var r=e&&e.source&&e.provider?e.source===e.provider?e.provider:"".concat(e.provider,"/").concat(e.source):"default_value";return Object.keys(e.report).length>0?(0,O.jsxs)(b.c,{children:[(0,O.jsx)(v.I,{isInline:!0,status:"success",children:(0,O.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",e.report.summary.remediations," remediations are available for ",r]}):(0,O.jsxs)(b.c,{children:[(0,O.jsx)(v.I,{isInline:!0,status:"success",children:(0,O.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0 There are no available remediations for your SBOM at this time for ",e.provider]})})})})})]})}),"\xa0"]}),R&&B&&(0,O.jsxs)(l.E,{md:V,children:[(0,O.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,O.jsxs)(y.W,{children:[(0,O.jsx)(f.Z,{component:"h4",children:(0,O.jsxs)(m.X,{style:{fontSize:"large"},children:["Project License ",(0,O.jsx)(w.o,{children:(0,O.jsx)(N.J,{color:se(B.category),children:B.expression||B.name||"\u2014"})})]})}),(0,O.jsx)(j.b,{children:(0,O.jsxs)(I.d,{children:[(0,O.jsx)(y.W,{children:(0,O.jsx)(m.X,{children:"License incompatibilities"})}),(0,O.jsx)(C.B8,{isPlain:!0,children:P.map(function(e,n){var r=function(e,n){for(var r=0,i=ae(n),t=0,a=Object.values(e);t=400||Object.keys(e.warnings).length>0},i=Object.keys(n.providers).map(function(e){return n.providers[e].status}).filter(function(e){return!e.ok||r(e)}),t=function(e){return e.ok&&!r(e)?fe.w.info:e.code>=500?fe.w.danger:fe.w.warning},a=function(e){var n=e.message;return e.ok&&r(e)?"".concat(J(e.name),": ").concat(Object.keys(e.warnings).length," package(s) could not be analyzed"):"".concat(J(e.name),": ").concat(n)};return(0,O.jsx)(O.Fragment,{children:i.map(function(e,n){return(0,O.jsx)(fe.F,{variant:t(e),title:a(e)},n)})})},je=r(6919),ye=r(5501),Ie=r(1792),Ae=r(3093),Ce=r(297),be=r(4072),we=r(6464),Ne=function(e){function n(e){var r;return(0,L.A)(this,n),(r=(0,je.A)(this,n,[e])).state={hasError:!1,error:null},r}return(0,ye.A)(n,e),(0,B.A)(n,[{key:"componentDidCatch",value:function(e,n){console.error("Report rendering error:",e,n)}},{key:"render",value:function(){var e;return this.state.hasError?(0,O.jsx)(M.a,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--200)",minHeight:"100vh"},children:(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ae.o,{icon:(0,O.jsx)(Ce.q,{icon:we.Ay,color:"var(--pf-v5-global--danger-color--100)"}),titleText:"Something went wrong",headingLevel:"h2"}),(0,O.jsx)(be.h,{children:(null===(e=this.state.error)||void 0===e?void 0:e.message)||"An unexpected error occurred while rendering the report."})]})}):this.props.children}}],[{key:"getDerivedStateFromError",value:function(e){return{hasError:!0,error:e}}}])}(i.Component),Te=r(6334),Se=r(4248),Me=r(4471),Ee=r(9379),Oe=r(8380),Pe=r(1417),De=r(7066),ke=r(2227),Fe=r(99),Le=r(7172),Be=r(8516),Re=r(8579),ze=r(9205),Ue=r(8099),We=r(4785),Ze=r(4224),Ve=r(5772),Ke=r(4593),Ge=r(8480),Ye=r(5458),He=r(4546),Qe=function(e){return e[e.SET_PAGE=0]="SET_PAGE",e[e.SET_SORT_BY=1]="SET_SORT_BY",e}(Qe||{}),Xe={changed:!1,currentPage:{page:1,perPage:10},sortBy:void 0},qe=function(e,n){switch(n.type){case Qe.SET_PAGE:var r=n.payload;return(0,Ee.A)((0,Ee.A)({},e),{},{changed:!0,currentPage:{page:r.page,perPage:r.perPage}});case Qe.SET_SORT_BY:var i=n.payload;return(0,Ee.A)((0,Ee.A)({},e),{},{changed:!0,sortBy:{index:i.index,direction:i.direction}});default:return e}},Je=r(2514),_e=r(3842),$e=function(e){var n,r=e.count,i=e.params,t=e.isTop,a=e.perPageOptions,o=e.onChange,l=function(){return i.perPage||10};return(0,O.jsx)(Je.d,{itemCount:r,page:i.page||1,perPage:l(),onPageInput:function(e,n){o({page:n,perPage:l()})},onSetPage:function(e,n){o({page:n,perPage:l()})},onPerPageSelect:function(e,n){o({page:1,perPage:n})},widgetId:"pagination-options-menu",variant:t?Je.A.top:Je.A.bottom,perPageOptions:(n=a||[10,20,50,100],n.map(function(e){return{title:String(e),value:e}})),toggleTemplate:function(e){return(0,O.jsx)(_e.D,(0,Ee.A)({},e))}})},en=r(9694),nn=r(6911),rn=r(1413),tn=function(e){var n=e.numRenderedColumns,r=e.isLoading,i=void 0!==r&&r,t=e.isError,a=void 0!==t&&t,o=e.isNoData,l=void 0!==o&&o,c=e.errorEmptyState,s=void 0===c?null:c,d=e.noDataEmptyState,u=void 0===d?null:d,v=e.children,g=(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ce.q,{icon:we.Ay,color:rn.D.value}),(0,O.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"Unable to connect"}),(0,O.jsx)(be.h,{children:"There was an error retrieving data. Check your connection and try again."})]}),p=(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ce.q,{icon:nn.Ay}),(0,O.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"No data available"}),(0,O.jsx)(be.h,{children:"No data available to be shown here."})]});return(0,O.jsx)(O.Fragment,{children:i?(0,O.jsx)(We.N,{children:(0,O.jsx)(ze.Tr,{children:(0,O.jsx)(Ze.Td,{colSpan:n,children:(0,O.jsx)(M.a,{children:(0,O.jsx)(en.y,{size:"xl"})})})})}):a?(0,O.jsx)(We.N,{"aria-label":"Table error",children:(0,O.jsx)(ze.Tr,{children:(0,O.jsx)(Ze.Td,{colSpan:n,children:(0,O.jsx)(M.a,{children:s||g})})})}):l?(0,O.jsx)(We.N,{"aria-label":"Table no data",children:(0,O.jsx)(ze.Tr,{children:(0,O.jsx)(Ze.Td,{colSpan:n,children:(0,O.jsx)(M.a,{children:u||p})})})}):v})};function an(e){var n=e.name,r=e.items,t=e.getRowKey,a=e.columns,o=e.filterConfig,l=e.compareToByColumn,c=e.filterItem,s=e.renderExpandContent,d=e.ariaLabelPrefix,u=void 0===d?"Table":d,h=e.expandId,v=void 0===h?"compound-expand-table":h,g=e.defaultExpanded,x=void 0===g?{}:g,f=e.initialSortBy,m=(0,i.useState)(""),y=(0,F.A)(m,2),I=y[0],A=y[1],C=function(e){var n=(0,i.useReducer)(qe,(0,Ee.A)((0,Ee.A)({},Xe),{},{currentPage:e&&e.page?(0,Ee.A)({},e.page):(0,Ee.A)({},Xe.currentPage),sortBy:e&&e.sortBy?(0,Ee.A)({},e.sortBy):Xe.sortBy})),r=(0,F.A)(n,2),t=r[0],a=r[1],o=(0,i.useCallback)(function(e){var n;a({type:Qe.SET_PAGE,payload:{page:e.page>=1?e.page:1,perPage:null!==(n=e.perPage)&&void 0!==n?n:Xe.currentPage.perPage}})},[]),l=(0,i.useCallback)(function(e,n,r,i){a({type:Qe.SET_SORT_BY,payload:{index:n,direction:r}})},[]);return{page:t.currentPage,sortBy:t.sortBy,changePage:o,changeSortBy:l}}(f?{sortBy:f}:void 0),b=C.page,w=C.sortBy,N=C.changePage,T=C.changeSortBy,S=function(e){var n=e.items,r=e.currentSortBy,t=e.currentPage,a=e.filterItem,o=e.compareToByColumn;return(0,i.useMemo)(function(){var e,i=(0,Ye.A)(n||[]).filter(a),l=!1;return e=(0,Ye.A)(i).sort(function(e,n){var i=o(e,n,null===r||void 0===r?void 0:r.index);return 0!==i&&(l=!0),i}),l&&(null===r||void 0===r?void 0:r.direction)===He.l.desc&&(e=e.reverse()),{pageItems:e.slice((t.page-1)*t.perPage,t.page*t.perPage),filteredItems:i}},[n,t,r,o,a])}({items:r,currentPage:b,currentSortBy:w,compareToByColumn:l,filterItem:function(e){return c(e,I)}}),M=S.pageItems,E=S.filteredItems,P=(0,i.useState)(x),D=(0,F.A)(P,2),k=D[0],L=D[1],B=function(e,n,r,i){return{isExpanded:k[t(e)]===n,onToggle:function(){return function(e,n){var r=!(arguments.length>2&&void 0!==arguments[2])||arguments[2],i=t(e),a=(0,Ee.A)({},k);r?a[i]=n:delete a[i],L(a)}(e,n,k[t(e)]!==n)},expandId:v,rowIndex:r,columnIndex:i}},R=a.length;return(0,O.jsx)(p.Z,{children:(0,O.jsx)(j.b,{children:(0,O.jsxs)("div",{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:[(0,O.jsx)(Oe.M,{children:(0,O.jsxs)(Pe.P,{children:[(0,O.jsx)(De.h,{toggleIcon:(0,O.jsx)(Ke.Ay,{}),breakpoint:"xl",children:(0,O.jsx)(ke.T,{variant:"search-filter",children:(0,O.jsx)(Fe.D,{id:n+o.idSuffix,style:{width:"250px"},placeholder:o.placeholder,value:I,onChange:function(e,n){return A(n)},onClear:function(){return A("")}})})}),(0,O.jsx)(ke.T,{variant:ke.U.pagination,align:{default:"alignRight"},children:(0,O.jsx)($e,{isTop:!0,count:E.length,params:b,onChange:N})})]})}),(0,O.jsxs)(Le.X,{"aria-label":(null!==n&&void 0!==n?n:u)+" table",variant:Be.a.compact,children:[(0,O.jsx)(Re.d,{children:(0,O.jsx)(ze.Tr,{children:a.map(function(e,n){return(0,O.jsx)(Ue.Th,{width:e.width,sort:null!=e.sortIndex?{columnIndex:e.sortIndex,sortBy:(0,Ee.A)({},w),onSort:T}:void 0,children:e.header},e.key)})})}),(0,O.jsx)(tn,{isNoData:0===E.length,numRenderedColumns:R,noDataEmptyState:(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ae.o,{icon:(0,O.jsx)(Ce.q,{icon:Ge.Ay}),titleText:"No results found",headingLevel:"h2"}),(0,O.jsx)(be.h,{children:"Clear all filters and try again."})]}),children:null===M||void 0===M?void 0:M.map(function(e,n){var r,i=t(e),o=k[i],l=!!o;return(0,O.jsxs)(We.N,{isExpanded:l,children:[(0,O.jsx)(ze.Tr,{children:a.map(function(r,i){return(0,O.jsx)(Ze.Td,{width:r.width,dataLabel:r.header,component:0===i?"th":void 0,compoundExpand:r.compoundExpand?B(e,r.key,n,i):void 0,children:r.render(e)},r.key)})}),l&&o?(0,O.jsx)(ze.Tr,{isExpanded:!0,children:(0,O.jsx)(Ze.Td,{dataLabel:null===(r=a.find(function(e){return e.key===o}))||void 0===r?void 0:r.header,noPadding:!0,colSpan:R,children:(0,O.jsx)(Ve.g,{children:(0,O.jsx)("div",{className:"pf-v5-u-m-md",children:s(e,o)})})})}):null]},i)})})]}),(0,O.jsx)($e,{isTop:!1,count:E.length,params:b,onChange:N})]})})})}var on=function(e){var n=e.name,r=e.showVersion,i=void 0!==r&&r;return(0,O.jsx)(O.Fragment,{children:(0,O.jsx)("a",{href:Q(n),target:"_blank",rel:"noreferrer",children:Y(n,i)})})},ln=function(e){var n=e.packageName;e.cves;return(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,status:"success",children:(0,O.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",(0,O.jsx)("a",{href:H(n),target:"_blank",rel:"noreferrer",children:X(n)})]})},cn=function(e){var n,r,i,t=e.packageRef,a=e.vulnerability,o=Kn();return(0,O.jsx)(O.Fragment,{children:null===(null===(n=a.remediation)||void 0===n?void 0:n.fixedIn)||0===(null===(r=a.remediation)||void 0===r||null===(i=r.fixedIn)||void 0===i?void 0:i.length)?(0,O.jsx)("p",{}):(0,O.jsx)("a",{href:q(t,o),target:"_blank",rel:"noreferrer",children:a.id})})},sn=r(8559),dn=r(7540),un=r(8762),hn=r(974),vn=function(e){var n,r=e.vulnerability;switch(r.severity){case"CRITICAL":n="bar-critical";break;case"HIGH":n="bar-high";break;case"MEDIUM":n="bar-medium";break;case"LOW":n="bar-low";break;default:n="bar-default"}return(0,O.jsx)(O.Fragment,{children:(0,O.jsx)(sn.B,{hasGutter:!0,children:(0,O.jsx)(dn.o,{isFilled:!0,children:(0,O.jsx)(un.k,{title:"".concat(r.cvssScore,"/10"),"aria-label":"cvss-score",value:r.cvssScore,min:0,max:10,size:un.j.sm,measureLocation:hn.Ri.none,className:"".concat(n)})})})})},gn=function(e){var n,r,i=e.vulnerability;switch(i.severity){case"CRITICAL":r="#800000";break;case"HIGH":r="#FF0000";break;case"MEDIUM":r="#FFA500";break;case"LOW":r="#5BA352";break;default:r="grey"}return(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:r,height:"13px"}})}),"\xa0",J(null!==(n=i.severity)&&void 0!==n?n:"UNKNOWN")]})},pn=function(e){var n,r,i=e.id,t=Kn();return(0,O.jsx)("a",{href:(n=i,r=t,r.cveIssueTemplate.replace("__ISSUE_ID__",n)),target:"_blank",rel:"noreferrer",children:i})},xn=r(4486),fn=function(e){var n=e.title,r=i.useState(!1),t=(0,F.A)(r,2),a=t[0],o=t[1];return(0,O.jsx)(xn.Q,{variant:xn.J.truncate,toggleText:a?"Show less":"Show more",onToggle:function(e,n){o(n)},isExpanded:a,children:n||"-"})},mn=function(e){var n,r,i,t,a,o=e.item,l=(e.providerName,e.rowIndex);return a=o.vulnerability.cves&&o.vulnerability.cves.length>0?o.vulnerability.cves:[o.vulnerability.id],(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ze.Td,{children:a.map(function(e,n){return(0,O.jsx)("p",{children:(0,O.jsx)(pn,{id:e})},n)})}),(0,O.jsx)(Ze.Td,{children:(0,O.jsx)(fn,{title:o.vulnerability.title})}),(0,O.jsx)(Ze.Td,{noPadding:!0,children:(0,O.jsx)(gn,{vulnerability:o.vulnerability})}),(0,O.jsx)(Ze.Td,{children:(0,O.jsx)(vn,{vulnerability:o.vulnerability})}),(0,O.jsx)(Ze.Td,{children:(0,O.jsx)(on,{name:o.dependencyRef,showVersion:!0})}),(0,O.jsx)(Ze.Td,{children:null!==(n=o.vulnerability.remediation)&&void 0!==n&&n.trustedContent?(0,O.jsx)(ln,{cves:o.vulnerability.cves||[],packageName:null===(r=o.vulnerability.remediation)||void 0===r||null===(i=r.trustedContent)||void 0===i?void 0:i.ref},l):null!==(t=o.vulnerability.remediation)&&void 0!==t&&t.fixedIn?(0,O.jsx)(cn,{packageRef:o.dependencyRef,vulnerability:o.vulnerability}):d(o.vulnerability)?null:(0,O.jsx)("span",{})})]},l)},jn=function(e){var n=e.providerName,r=e.transitiveDependencies;return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" transitive vulnerabilities",children:[(0,O.jsx)(Re.d,{children:(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ue.Th,{width:15,children:"Vulnerability ID"}),(0,O.jsx)(Ue.Th,{width:20,children:"Description"}),(0,O.jsx)(Ue.Th,{width:10,children:"Severity"}),(0,O.jsx)(Ue.Th,{width:15,children:"CVSS Score"}),(0,O.jsx)(Ue.Th,{width:20,children:"Transitive Dependency"}),(0,O.jsx)(Ue.Th,{width:20,children:"Remediation"})]})}),(0,O.jsx)(tn,{isNoData:0===r.length,numRenderedColumns:7,children:u(r).map(function(e,r){return(0,O.jsx)(We.N,{children:(0,O.jsx)(mn,{item:e,providerName:n,rowIndex:r})},r)})})]})})},yn=function(e){var n=e.providerName,r=e.dependency,i=e.vulnerabilities;return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" direct vulnerabilities",children:[(0,O.jsx)(Re.d,{children:(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ue.Th,{width:15,children:"Vulnerability ID"}),(0,O.jsx)(Ue.Th,{width:20,children:"Description"}),(0,O.jsx)(Ue.Th,{width:10,children:"Severity"}),(0,O.jsx)(Ue.Th,{width:15,children:"CVSS Score"}),(0,O.jsx)(Ue.Th,{width:20,children:"Direct Dependency"}),(0,O.jsx)(Ue.Th,{width:20,children:"Remediation"})]})}),(0,O.jsx)(tn,{isNoData:0===i.length,numRenderedColumns:6,children:null===i||void 0===i?void 0:i.map(function(e,i){var t=[];return e.cves&&e.cves.length>0?e.cves.forEach(function(e){return t.push(e)}):e.unique&&t.push(e.id),(0,O.jsx)(We.N,{children:t.map(function(t,a){return(0,O.jsx)(mn,{item:{id:e.id,dependencyRef:r.ref,vulnerability:e},providerName:n,rowIndex:i},"".concat(i,"-").concat(a))})},i)})})]})})},In=r(1640),An=function(e){var n=e.vulnerabilities,r=void 0===n?[]:n,i=e.transitiveDependencies,t=void 0===i?[]:i,a={CRITICAL:0,HIGH:0,MEDIUM:0,LOW:0,UNKNOWN:0};return r.length>0?r.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++}):null===t||void 0===t||t.forEach(function(e){var n;null===(n=e.issues)||void 0===n||n.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++})}),(0,O.jsxs)(In.Z,{children:[a.CRITICAL>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#800000",height:"13px"}})}),"\xa0",a.CRITICAL,"\xa0"]}),a.HIGH>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#FF0000",height:"13px"}})}),"\xa0",a.HIGH,"\xa0"]}),a.MEDIUM>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#FFA500",height:"13px"}})}),"\xa0",a.MEDIUM,"\xa0"]}),a.LOW>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#5BA352",height:"13px"}})}),"\xa0",a.LOW,"\xa0"]}),a.UNKNOWN>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#808080",height:"13px"}})}),"\xa0",a.UNKNOWN]})]})},Cn=function(e){var n,r,i=e.dependency,t=null===(n=i.issues)||void 0===n?void 0:n.some(function(e){return d(e)}),a=(null===(r=i.transitive)||void 0===r?void 0:r.some(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.some(function(e){return d(e)})}))||!1;return(0,O.jsx)(O.Fragment,{children:t||a?"Yes":"No"})},bn=function(e){var n=e.name,r=e.dependencies,i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,O.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"direct",header:"Direct Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n,r;return null!==(n=e.issues)&&void 0!==n&&n.length?(0,O.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,O.jsx)("div",{style:{width:"25px"},children:null===(r=e.issues)||void 0===r?void 0:r.length}),(0,O.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,O.jsx)(An,{vulnerabilities:e.issues})]}):0}},{key:"transitive",header:"Transitive Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n;return null!==(n=e.transitive)&&void 0!==n&&n.length?(0,O.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,O.jsx)("div",{style:{width:"25px"},children:e.transitive.map(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.length}).reduce(function(){return(arguments.length>0&&void 0!==arguments[0]?arguments[0]:0)+(arguments.length>1&&void 0!==arguments[1]?arguments[1]:0)})}),(0,O.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,O.jsx)(An,{transitiveDependencies:e.transitive})]}):0}},{key:"rhRemediation",header:"Remediation available",width:15,render:function(e){return(0,O.jsx)(Cn,{dependency:e})}}];return(0,O.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-dependency-filter"},compareToByColumn:function(e,n,r){return 1===r?e.ref.localeCompare(n.ref):0},filterItem:function(e,n){var r,i;return!!(null!==(r=e.issues)&&void 0!==r&&r.length||null!==(i=e.transitive)&&void 0!==i&&i.length)&&(!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase()))},renderExpandContent:function(e,r){var i,t;return"direct"===r&&null!==(i=e.issues)&&void 0!==i&&i.length?(0,O.jsx)(yn,{providerName:n,dependency:e,vulnerabilities:e.issues}):"transitive"===r&&null!==(t=e.transitive)&&void 0!==t&&t.length?(0,O.jsx)(jn,{providerName:n,transitiveDependencies:e.transitive}):null},ariaLabelPrefix:"Dependencies",expandId:"compound-expandable-example",defaultExpanded:{"siemur/test-space":"name"}})},wn=de;var Nn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=e.countBy,a="identifiers"===(void 0===t?"evidence":t)?function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){(e.identifiers||[]).forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++})}),n}(r):function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++}),n}(r);return(0,O.jsx)(In.Z,{children:wn.map(function(e){return a[e]>0&&(0,O.jsxs)(i.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:ie[e],height:"13px"}})}),"\xa0",a[e],"\xa0"]},e)})})},Tn=function(e){var n=e.concluded;return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(A.B,{children:[(0,O.jsxs)(y.W,{children:[(0,O.jsx)(m.X,{children:"License name"}),(0,O.jsx)(I.d,{children:n.name||"\u2014"})]}),(0,O.jsxs)(y.W,{children:[(0,O.jsx)(m.X,{children:"Expression"}),(0,O.jsx)(I.d,{children:n.expression||"\u2014"})]}),(0,O.jsxs)(y.W,{children:[(0,O.jsx)(m.X,{children:"Category"}),(0,O.jsx)(I.d,{children:n.category?le(n.category):"\u2014"})]})]})})},Sn=r(5435),Mn="Evidence",En="Expression",On="Identifiers",Pn="Category",Dn="Status";function kn(e){var n,r=e.info,i=null!==(n=null===r||void 0===r?void 0:r.identifiers)&&void 0!==n?n:[],t=i.some(function(e){return!0===e.isDeprecated}),a=i.some(function(e){return!0===e.isOsiApproved}),o=i.some(function(e){return!0===e.isFsfLibre});return t||a||o?(0,O.jsxs)(Sn.s,{gap:{default:"gapSm"},alignItems:{default:"alignItemsCenter"},children:[t&&(0,O.jsx)(In.Z,{children:(0,O.jsx)("span",{title:"Deprecated identifier",children:(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:oe,height:"13px"}})})})}),a&&(0,O.jsx)(In.Z,{children:(0,O.jsx)("img",{src:"https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/open-source-initiative.svg",alt:"OSI Approved",title:"OSI Approved",style:{height:"1.1em",verticalAlign:"middle"}})}),o&&(0,O.jsx)(In.Z,{children:(0,O.jsx)("img",{src:"https://www.gnu.org/graphics/fsf-logo-notext-small.png",alt:"FSF Libre",title:"FSF Free/Libre",style:{height:"1.1em",verticalAlign:"middle"}})})]}):(0,O.jsx)(O.Fragment,{children:"\u2014"})}var Fn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=(0,i.useMemo)(function(){return(0,Ye.A)(r).sort(function(e,n){return ue(e.category)-ue(n.category)})},[r]);return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":"Evidence licenses",children:[(0,O.jsx)(Re.d,{children:(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ue.Th,{width:30,children:Mn}),(0,O.jsx)(Ue.Th,{width:20,children:En}),(0,O.jsx)(Ue.Th,{width:25,children:On}),(0,O.jsx)(Ue.Th,{width:15,children:Pn}),(0,O.jsx)(Ue.Th,{width:10,children:Dn})]})}),(0,O.jsx)(tn,{isNoData:0===t.length,numRenderedColumns:5,children:(0,O.jsx)(We.N,{children:t.map(function(e,n){var r,i,t,a=e.name||(null===(r=e.identifiers)||void 0===r?void 0:r.map(function(e){return e.name||e.id}).join(", "))||e.expression||"\u2014",o=e.expression||"\u2014",l=null!==(i=null===(t=e.identifiers)||void 0===t?void 0:t.map(function(e){return e.id}))&&void 0!==i?i:[],c=e.category||"\u2014",s=ce(e.category);return(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ze.Td,{dataLabel:Mn,children:a}),(0,O.jsx)(Ze.Td,{dataLabel:En,children:o}),(0,O.jsx)(Ze.Td,{dataLabel:On,style:{whiteSpace:"pre-line"},children:l.length?l.join("\n"):"\u2014"}),(0,O.jsx)(Ze.Td,{dataLabel:Pn,children:"\u2014"!==c?(0,O.jsxs)("span",{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:s,height:"13px"}})}),"\xa0",le(e.category)]}):"\u2014"}),(0,O.jsx)(Ze.Td,{dataLabel:Dn,children:(0,O.jsx)(kn,{info:e})})]},n)})})})]})})};var Ln=function(e){var n=e.name,r=function(e){return Object.entries(e||{}).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return{ref:r,concluded:i.concluded,evidence:i.evidence||[]}})}(e.dependencies),i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,O.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"concluded",header:"Concluded",width:20,sortIndex:2,compoundExpand:!0,render:function(e){var n;if(!e.concluded)return"\u2014";var r=e.concluded.expression||e.concluded.name||"\u2014",i=null===(n=e.concluded.identifiers)||void 0===n?void 0:n.some(function(e){return!0===e.isDeprecated});return(0,O.jsxs)("span",{style:{display:"inline-flex",alignItems:"center",gap:6},children:[i&&(0,O.jsx)(v.I,{isInline:!0,title:"Concluded license is deprecated",children:(0,O.jsx)(ve.Ay,{style:{fill:"#F0AB00",height:"13px"}})}),r]})}},{key:"category",header:"Category",width:15,sortIndex:3,render:function(e){var n;return null!==(n=e.concluded)&&void 0!==n&&n.category?(0,O.jsxs)("span",{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:ce(e.concluded.category),height:"13px"}})}),"\xa0",le(e.concluded.category)]}):"\u2014"}},{key:"evidences",header:"Evidences",width:25,compoundExpand:!0,render:function(e){var n;return null!==(n=e.evidence)&&void 0!==n&&n.length?(0,O.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,O.jsx)("div",{style:{width:"25px"},children:e.evidence.length}),(0,O.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,O.jsx)(Nn,{evidence:e.evidence,countBy:"identifiers"})]}):0}}];return(0,O.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-license-filter"},compareToByColumn:function(e,n,r){switch(r){case 1:return e.ref.localeCompare(n.ref);case 2:var i,t,a,o,l=(null===(i=e.concluded)||void 0===i?void 0:i.expression)||(null===(t=e.concluded)||void 0===t?void 0:t.name)||"",c=(null===(a=n.concluded)||void 0===a?void 0:a.expression)||(null===(o=n.concluded)||void 0===o?void 0:o.name)||"";return l.localeCompare(c);case 3:var s,d,u=(null===(s=e.concluded)||void 0===s?void 0:s.category)||"",h=(null===(d=n.concluded)||void 0===d?void 0:d.category)||"";return u.localeCompare(h);default:return 0}},filterItem:function(e,n){return!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase())},renderExpandContent:function(e,n){var r;return"concluded"===n&&e.concluded?(0,O.jsx)(Tn,{concluded:e.concluded}):"evidences"===n&&null!==(r=e.evidence)&&void 0!==r&&r.length?(0,O.jsx)(Fn,{evidence:e.evidence}):null},ariaLabelPrefix:"Licenses",expandId:"evidences-compound-expand",initialSortBy:{index:3,direction:"desc"}})},Bn=r(1157),Rn="vulnerabilities",zn="licenses",Un=function(e){var n=e.report,r=Kn(),t=c(n),o=t.length>0,l=(0,i.useMemo)(function(){var e;return(null!==(e=n.licenses)&&void 0!==e?e:[]).filter(function(e){return e.summary.total>0})},[n.licenses]),d=l.length>0,u=o?s(t[0]):null,h=d?l[0].status.name:null,v=i.useState(o?Rn:zn),g=(0,F.A)(v,2),p=g[0],x=g[1],f=i.useState(null!==u&&void 0!==u?u:0),m=(0,F.A)(f,2),j=m[0],y=m[1],I=i.useState(null!==h&&void 0!==h?h:0),A=(0,F.A)(I,2),C=A[0],b=A[1],w=r.writeKey&&""!==r.writeKey.trim()?Bn.N.load({writeKey:r.writeKey}):null,N=(0,i.useRef)("");(0,i.useEffect)(function(){w&&null!=r.anonymousId&&w.setAnonymousId(r.anonymousId)},[w,r.anonymousId]),(0,i.useEffect)(function(){d&&null!=h&&(new Set(l.map(function(e){return e.status.name})).has(String(C))||b(h))},[d,h,l,C]);var T=p===Rn?j:C;(0,i.useEffect)(function(){w&&T!==N.current&&(w.track("rhda.exhort.tab",{tabName:T}),N.current=T)},[w,T]);var S=[];return o&&S.push((0,O.jsx)(Te.o,{eventKey:Rn,title:(0,O.jsx)(Se.V,{children:"Vulnerabilities"}),"aria-label":"Vulnerabilities",children:(0,O.jsx)(Me.t,{activeKey:j,onSelect:function(e,n){y(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"Vulnerability providers",role:"region",children:t.map(function(e){var n,r=s(e),i=null===(n=e.report.dependencies)||void 0===n?void 0:n.filter(function(e){return e.highestVulnerability});return(0,O.jsx)(Te.o,{eventKey:r,title:(0,O.jsx)(Se.V,{children:r}),"aria-label":"".concat(r," source"),children:(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(bn,{name:r,dependencies:i})})},r)})})},Rn)),d&&S.push((0,O.jsx)(Te.o,{eventKey:zn,title:(0,O.jsx)(Se.V,{children:"Licenses"}),"aria-label":"Licenses",children:(0,O.jsx)(Me.t,{activeKey:C,onSelect:function(e,n){b(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"License providers",role:"region",children:l.map(function(e){return(0,O.jsx)(Te.o,{eventKey:e.status.name,title:(0,O.jsx)(Se.V,{children:e.status.name}),"aria-label":"".concat(e.status.name," source"),children:(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Ln,{name:e.status.name,dependencies:e.packages})})},e.status.name)})})},zn)),0===S.length?null:(0,O.jsx)("div",{children:(0,O.jsx)(Me.t,{activeKey:p,onSelect:function(e,n){x(n)},"aria-label":"Providers",role:"region",variant:"light300",isBox:!0,children:S})})},Wn=function(e){var n,r=e.report,t=(0,i.useMemo)(function(){return Object.entries(r).sort(function(e,n){var r=(0,F.A)(e,1)[0],i=(0,F.A)(n,1)[0];return r.localeCompare(i)})},[r]),c=i.useState((null===(n=t[0])||void 0===n?void 0:n[0])||""),s=(0,F.A)(c,2),d=s[0],u=s[1],h=i.useState(!0),v=(0,F.A)(h,1)[0];(0,i.useEffect)(function(){var e,n=(null===(e=t[0])||void 0===e?void 0:e[0])||"";u(function(e){return new Set(t.map(function(e){return(0,F.A)(e,1)[0]})).has(String(e))?e:n})},[t]);var g=t.map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return(0,O.jsxs)(Te.o,{eventKey:r,title:(0,O.jsx)(Se.V,{children:_(r)}),"aria-label":"".concat(r," source"),children:[(0,O.jsx)(me,{report:i}),(0,O.jsx)(a.d8,{variant:a.zC.light,children:(0,O.jsx)(o.x,{hasGutter:!0,children:(0,O.jsx)(l.E,{children:(0,O.jsx)(xe,{report:i,isReportMap:!0,purl:r})})})}),(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Un,{report:i})})]})});return(0,O.jsx)("div",{children:(0,O.jsx)(Me.t,{activeKey:d,onSelect:function(e,n){u(n)},"aria-label":"Providers",role:"region",variant:v?"light300":"default",isBox:!0,children:g})})},Zn=window.appData,Vn=(0,i.createContext)(Zn),Kn=function(){return(0,i.useContext)(Vn)};var Gn=function(){return(0,O.jsx)(Vn.Provider,{value:Zn,children:(0,O.jsx)(Ne,{children:(e=Zn.report,"object"===typeof e&&null!==e&&Object.keys(e).every(function(n){return"scanned"in e[n]&&"providers"in e[n]&&"object"===typeof e[n].scanned&&"object"===typeof e[n].providers})?(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Wn,{report:Zn.report})}):(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(me,{report:Zn.report}),(0,O.jsx)(a.d8,{variant:a.zC.light,children:(0,O.jsx)(o.x,{hasGutter:!0,children:(0,O.jsx)(l.E,{children:(0,O.jsx)(xe,{report:Zn.report})})})}),(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Un,{report:Zn.report})})]}))})});var e},Yn=function(e){e&&e instanceof Function&&r.e(121).then(r.bind(r,6895)).then(function(n){var r=n.getCLS,i=n.getFID,t=n.getFCP,a=n.getLCP,o=n.getTTFB;r(e),i(e),t(e),a(e),o(e)})};t.createRoot(document.getElementById("root")).render((0,O.jsx)(i.StrictMode,{children:(0,O.jsx)(Gn,{})})),Yn()}},n={};function r(i){var t=n[i];if(void 0!==t)return t.exports;var a=n[i]={id:i,loaded:!1,exports:{}};return e[i].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=e,function(){var e=[];r.O=function(n,i,t,a){if(!i){var o=1/0;for(d=0;d=a)&&Object.keys(r.O).every(function(e){return r.O[e](i[c])})?i.splice(c--,1):(l=!1,a0&&e[d-1][2]>a;d--)e[d]=e[d-1];e[d]=[i,t,a]}}(),r.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(n,{a:n}),n},function(){var e,n=Object.getPrototypeOf?function(e){return Object.getPrototypeOf(e)}:function(e){return e.__proto__};r.t=function(i,t){if(1&t&&(i=this(i)),8&t)return i;if("object"===typeof i&&i){if(4&t&&i.__esModule)return i;if(16&t&&"function"===typeof i.then)return i}var a=Object.create(null);r.r(a);var o={};e=e||[null,n({}),n([]),n(n)];for(var l=2&t&&i;("object"==typeof l||"function"==typeof l)&&!~e.indexOf(l);l=n(l))Object.getOwnPropertyNames(l).forEach(function(e){o[e]=function(){return i[e]}});return o.default=function(){return i},r.d(a,o),a}}(),r.d=function(e,n){for(var i in n)r.o(n,i)&&!r.o(e,i)&&Object.defineProperty(e,i,{enumerable:!0,get:n[i]})},r.e=function(){return Promise.resolve()},r.g=function(){if("object"===typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"===typeof window)return window}}(),r.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},r.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.nmd=function(e){return e.paths=[],e.children||(e.children=[]),e},function(){var e={792:0};r.O.j=function(n){return 0===e[n]};var n=function(n,i){var t,a,o=i[0],l=i[1],c=i[2],s=0;if(o.some(function(n){return 0!==e[n]})){for(t in l)r.o(l,t)&&(r.m[t]=l[t]);if(c)var d=c(r)}for(n&&n(i);s0?Object.keys(i).forEach(function(e){n.push({provider:r,source:e,report:i[e]})}):"trusted-content"!==r&&n.push({provider:r,source:r,report:{}})}),n.sort(function(e,n){return 0===Object.keys(e.report).length&&0===Object.keys(n.report).length?1:Object.keys(n.report).length-Object.keys(e.report).length})}function s(e){var n,r;if(!e||!e.provider)return"unknown";var i=null!==(n=e.provider)&&void 0!==n?n:"unknown";return i===(null!==(r=e.source)&&void 0!==r?r:"unknown")?i:"".concat(e.provider,"/").concat(e.source)}function d(e){var n;return!(!e.remediation||!(e.remediation.fixedIn||null!==(n=e.remediation)&&void 0!==n&&n.trustedContent))}function u(e){var n=[];return e.map(function(e){return{dependencyRef:e.ref,vulnerabilities:e.issues||[]}}).forEach(function(e){var r;null===(r=e.vulnerabilities)||void 0===r||r.forEach(function(r){r.cves&&r.cves.length>0?r.cves.forEach(function(i){n.push({id:i,dependencyRef:e.dependencyRef,vulnerability:r})}):n.push({id:r.id,dependencyRef:e.dependencyRef,vulnerability:r})})}),n.sort(function(e,n){return n.vulnerability.cvssScore-e.vulnerability.cvssScore})}var h=r(9292),v=r(6180),g=r(9341),p=r(3844),x=r(2881),f=r(4900),m=r(3144),j=r(2092),y=r(5767),I=r(4646),A=r(260),C=r(1352),b=r(3571),w=r(2995),N=r(9133),T=r(628),S=r(2972),M=r(8056),O=r(2008),E=r(481),P=["#800000","#FF0000","#FFA500","#5BA352","#808080"],D=function(e){var n,r,i,t,a,o,l=e.summary,c=null!==(n=null===l||void 0===l?void 0:l.critical)&&void 0!==n?n:0,s=null!==(r=null===l||void 0===l?void 0:l.high)&&void 0!==r?r:0,d=null!==(i=null===l||void 0===l?void 0:l.medium)&&void 0!==i?i:0,u=null!==(t=null===l||void 0===l?void 0:l.low)&&void 0!==t?t:0,h=null!==(a=null===l||void 0===l?void 0:l.unknown)&&void 0!==a?a:0,v=null!==(o=null===l||void 0===l?void 0:l.total)&&void 0!==o?o:0,g=c+s+d+u+h>0,p=g?P:["#D5F5E3"],x=[{name:"Critical: ".concat(c),symbol:{type:"square",fill:P[0]}},{name:"High: ".concat(s),symbol:{type:"square",fill:P[1]}},{name:"Medium: ".concat(d),symbol:{type:"square",fill:P[2]}},{name:"Low: ".concat(u),symbol:{type:"square",fill:P[3]}},{name:"Unknown: ".concat(h),symbol:{type:"square",fill:P[4]}}];return(0,E.jsx)("div",{children:(0,E.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,E.jsx)(M.a,{children:(0,E.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,E.jsx)(O.H,{constrainToVisibleArea:!0,data:g?[{x:"Critical",y:c},{x:"High",y:s},{x:"Medium",y:d},{x:"Low",y:u},{x:"Unknown",y:h}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return g?"".concat(n.x,": ").concat(n.y):"No vulnerabilities"},legendData:x,legendOrientation:"vertical",legendPosition:"right",padding:{left:20,right:140},subTitle:"Unique vulnerabilities",title:"".concat(v),width:350,colorScale:p})})})})})},k="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMTJweCIgaGVpZ2h0PSIxM3B4IiB2aWV3Qm94PSIwIDAgMTIgMTMiIGlkPSJTZWN1cml0eUNoZWNrSWNvbiIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDx0aXRsZT5Db21iaW5lZCBTaGFwZTwvdGl0bGU+CiAgICA8ZyBpZD0iTXVsdGktdmVuZG9yIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyBpZD0iT3ZlcnZpZXctQ29weSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyMDcsIC05OTMpIiBmaWxsPSIjM0U4NjM1Ij4KICAgICAgICAgICAgPGcgaWQ9IkRldGFpbHMtb2YtZGVwZW5kZW5jeS1jb20uZ2l0aHViIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjcsIDgxOSkiPgogICAgICAgICAgICAgICAgPGcgaWQ9IkRlcGVuZGVuY3ktMSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMTQ0KSI+CiAgICAgICAgICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTkiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDc4MC4xNzI4LCAyNCkiPgogICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iR3JvdXAtNCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMy4yKSI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iSWNvbnMvMi4tU2l6ZS1zbS9BY3Rpb25zL2NoZWNrIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLCAyLjgpIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTAuNTU2NTc4OSwwIEMxMC43OTA2MjQ5LDAgMTAuOTc5MzMyMiwwLjE4MTU0Mjk2OSAxMC45NzkzMzIyLDAuNDA2MjUgTDEwLjk3OTMzMjIsNS43NDA4MjAzMSBDMTAuOTc5MzMyMiw5Ljc1IDYuMjQwODE5MDcsMTMgNS40OTU3OTI5NiwxMyBDNC43NTA3NjY4NCwxMyAwLDkuNzUgMCw1LjczOTU1MDc4IEwwLDAuNDA2MjUgQzAsMC4xODE1NDI5NjkgMC4xODg3MDcyNzIsMCAwLjQyMjc1MzMwNCwwIFogTTguNTQyNzc4ODMsMy4xMTc4MjY2NyBMNC43OTEyOTYxLDYuODkwODczNTMgTDMuMDM5ODEzMzgsNS4xMjkzMjQ0IEMyLjg4MzYwOSw0Ljk3MjIwNjgzIDIuNjMwMzI4MTIsNC45NzIyMDY4MyAyLjQ3NDEyMzc1LDUuMTI5MzI0NCBMMS45MDg0NDkzOCw1LjY5ODI2NTU2IEMxLjc1MjI0NTAxLDUuODU1MzgzMTIgMS43NTIyNDUwMSw2LjExMDEwNDQ5IDEuOTA4NDQ5MzgsNi4yNjcyMDY3MSBMNC41MDg0NTc5Nyw4Ljg4MjE1OTkxIEM0LjY2NDY0NzA4LDkuMDM5Mjc3NDcgNC45MTc5MTI3LDkuMDM5Mjc3NDcgNS4wNzQxMzIzMyw4Ljg4MjE3NTI1IEw5LjY3NDE0MjgyLDQuMjU1NzA4OTggQzkuODMwMzQ3Miw0LjA5ODU5MTQxIDkuODMwMzQ3MiwzLjg0Mzg3MDA0IDkuNjc0MTQyODIsMy42ODY3Njc4MiBMOS4xMDg0Njg0NiwzLjExNzgyNjY3IEM4Ljk1MjI2NDA4LDIuOTYwNzI0NDQgOC42OTg5ODMyLDIuOTYwNzI0NDQgOC41NDI3Nzg4MywzLjExNzgyNjY3IFoiIGlkPSJDb21iaW5lZC1TaGFwZSI+PC9wYXRoPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgICAgICAgICA8L2c+CiAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICA8L2c+CiAgICAgICAgPC9nPgogICAgPC9nPgo8L3N2Zz4=",F=r(296),L=r(3029),B=r(2901),R="maven",U="https://central.sonatype.com/artifact/",W="https://pkg.go.dev/",z="https://www.npmjs.com/package/",Z="https://pypi.org/project/",V="pkg:",K=/%[0-9A-Fa-f]{2}/,G=function(e){var n="";return e.namespace&&(n=e.type===R?"".concat(e.namespace,":"):"".concat(e.namespace,"/")),n+="".concat(e.name)},Y=function(e,n){var r=re.fromString(e),i=G(r),t=r.version?decodeURIComponent(r.version):"";return n?i+"@".concat(t):i},H=function(e){var n=re.fromString(e);if(n.qualifiers&&n.qualifiers.has("repository_url")){var r=decodeURIComponent(n.qualifiers.get("repository_url")||"");r.endsWith("/")&&(r=r.substring(0,r.length-1));var i=n.namespace;return i&&(i=i.replace(/\./g,"/")),"".concat(r,"/").concat(i,"/").concat(n.name,"/").concat(n.version)}var t=U;return n.namespace?"".concat(U).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):t},Q=function(e){var n=re.fromString(e);switch(n.type){case R:return"".concat(U).concat(n.namespace,"/").concat(n.name,"/").concat(n.version);case"golang":var r=n.version;return null!==r&&void 0!==r&&r.match(/v\d\.\d.\d-\d{14}-\w{12}/)?"".concat(W).concat(n.namespace,"/").concat(n.name):"".concat(W).concat(n.namespace,"/").concat(n.name,"@").concat(n.version);case"npm":return n.namespace?"".concat(z).concat(n.namespace,"/").concat(n.name,"/v/").concat(n.version):"".concat(z).concat(n.name,"/v/").concat(n.version);case"pypi":return n.namespace?"".concat(Z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):"".concat(Z).concat(n.name,"/").concat(n.version);case"deb":return"".concat("https://sources.debian.org/patches/").concat(n.name,"/").concat(n.version);case"cargo":return"".concat("https://crates.io/crates/").concat(n.name,"/").concat(n.version);default:return n.toString()}},X=function(e){var n=re.fromString(e).version;return n?decodeURIComponent(n):""},q=function(e,n){var r=re.fromString(e),i=encodeURIComponent(G(r));return n.remediationTemplate.replace("__PACKAGE_TYPE__",r.type).replace("__PACKAGE_NAME__",i).replace("__PACKAGE_VERSION__",r.version||"")},J=function(e){return e.toLowerCase().replace(/./,function(e){return e.toUpperCase()})},_=function(e){var n=$(e),r="";if(n.repository_url){var i=n.repository_url.indexOf("/");r+=-1!==i?n.repository_url.substring(i+1):""}else r+="".concat(n.short_name);return n.tag&&(r+=":".concat(n.tag)),r},$=function(e){var n=e.split("?"),r=n[0],i=n[1],t=new URLSearchParams(i),a=t.get("repository_url")||"",o=t.get("tag")||"",l=t.get("arch")||"",c=r.split("@");return{repository_url:a,tag:o,short_name:c[0].substring(c[0].indexOf("/")+1),version:r.substring(r.lastIndexOf("@")).replace("%3A",":"),arch:l}},ee=function(e,n,r,i){var t=c(n),a=i||"";for(var o in t){var l=t[o].report.dependencies;if(l){var s=Object.values(l).find(function(n){var r,i=n.ref,t=decodeURIComponent(i),a=(r=e,K.test(r)?decodeURIComponent(e):e);return re.fromString(t).toString()===re.fromString(a).toString()});if(s&&s.recommendation&&a){var d=decodeURIComponent(s.recommendation);if(void 0!==ne(d,r))return a+_(d)}}}return a},ne=function(e,n){var r=JSON.parse(n).find(function(n){return re.fromString(n.purl).toString()===re.fromString(e).toString()});return null===r||void 0===r?void 0:r.catalogUrl},re=function(){function e(n,r,i,t,a){(0,L.A)(this,e),this.type=void 0,this.namespace=void 0,this.name=void 0,this.version=void 0,this.qualifiers=void 0,this.type=n,this.namespace=r,this.name=i,this.version=t,this.qualifiers=a}return(0,B.A)(e,[{key:"toString",value:function(){var e=this.name;return this.version&&(e+="@".concat(this.version)),this.namespace?"".concat(V).concat(this.type,"/").concat(this.namespace,"/").concat(e):this.qualifiers?"".concat(V).concat(this.type,"/").concat(e,"?").concat(Array.from(this.qualifiers.entries()).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return"".concat(r,"=").concat(i)}).join("&")):"".concat(V).concat(this.type,"/").concat(e)}}],[{key:"fromString",value:function(n){var r,i,t=n.replace(V,""),a=t.indexOf("?");-1!==a&&(i=t.substring(a+1),t=t.substring(0,a));var o,l,c=t.substring(0,t.indexOf("/")),s=t.split("/");s.length>2&&(o=s.slice(1,s.length-1).join("/")),-1!==t.indexOf("@")&&(l=t.substring(t.indexOf("@")+1));var d=s[s.length-1];return l&&(d=d.substring(0,d.indexOf("@"))),new e(c,o,d,l,new Map((null===(r=i)||void 0===r?void 0:r.split("&").map(function(e){return e.split("=")}))||[]))}}])}(),ie={PERMISSIVE:"#0066CC",WEAK_COPYLEFT:"#3E8635",STRONG_COPYLEFT:"#F0AB00",UNKNOWN:"#C46100"},te={PERMISSIVE:"Permissive",WEAK_COPYLEFT:"Weak copyleft",STRONG_COPYLEFT:"Strong copyleft",UNKNOWN:"Unknown"};function ae(e){if(!e)return 1;switch(e.toUpperCase().replace(/-/g,"_")){case"PERMISSIVE":return 4;case"WEAK_COPYLEFT":return 3;case"STRONG_COPYLEFT":return 2;default:return 1}}var oe="#F0AB00";function le(e){var n;if(!e)return te.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=te[r])&&void 0!==n?n:e}function ce(e){var n;if(!e)return ie.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=ie[r])&&void 0!==n?n:ie.UNKNOWN}function se(e){var n;if(e){var r=e.toUpperCase().replace(/-/g,"_");n="PERMISSIVE"===r?"blue":"WEAK_COPYLEFT"===r?"green":"STRONG_COPYLEFT"===r?"yellow":"gray"}else n="gray";return n}var de=["PERMISSIVE","WEAK_COPYLEFT","STRONG_COPYLEFT","UNKNOWN"];function ue(e){if(!e)return de.length;var n=e.toUpperCase().replace(/-/g,"_"),r=de.indexOf(n);return r>=0?r:de.length}var he=function(e){var n,r,i,t,a,o=e.summary,l=null!==(n=o.permissive)&&void 0!==n?n:0,c=null!==(r=o.strongCopyleft)&&void 0!==r?r:0,s=null!==(i=o.unknown)&&void 0!==i?i:0,d=null!==(t=o.weakCopyleft)&&void 0!==t?t:0,u=null!==(a=o.total)&&void 0!==a?a:0,h=l+c+s+d>0,v=[{name:"Permissive: ".concat(l),symbol:{type:"square",fill:ie.PERMISSIVE}},{name:"Weak Copyleft: ".concat(d),symbol:{type:"square",fill:ie.WEAK_COPYLEFT}},{name:"Strong Copyleft: ".concat(c),symbol:{type:"square",fill:ie.STRONG_COPYLEFT}},{name:"Unknown: ".concat(s),symbol:{type:"square",fill:ie.UNKNOWN}}];return(0,E.jsx)("div",{children:(0,E.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,E.jsx)(M.a,{children:(0,E.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,E.jsx)(O.H,{constrainToVisibleArea:!0,data:h?[{x:"Permissive",y:l},{x:"Weak Copyleft",y:d},{x:"Strong Copyleft",y:c},{x:"Unknown",y:s}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return h?"".concat(n.x,": ").concat(n.y):"No licenses"},legendData:v,legendOrientation:"vertical",legendPosition:"right",padding:{left:0,right:160},subTitle:"Total licenses",title:"".concat(u),width:350,colorScale:Object.values(ie)})})})})})},ve=r(4102),ge={width:"16px",height:"16px",verticalAlign:"middle"},pe="330px";var xe=function(e){var n,r,i=e.report,t=e.isReportMap,a=e.purl,d=Kn(),u=d.brandingConfig||{displayName:"Trustify",exploreUrl:"https://guac.sh/trustify/",exploreTitle:"Learn more about Trustify",exploreDescription:"The Trustify project is a collection of software components that enables you to store and retrieve Software Bill of Materials (SBOMs), and advisory documents.",imageRecommendation:"",imageRecommendationLink:""},M=Boolean(u.exploreTitle.trim().length>0)&&Boolean(u.exploreUrl.trim().length>0)&&Boolean(u.exploreDescription.trim().length>0),O=Boolean(t)&&u.imageRecommendation.trim().length>0&&u.imageRecommendationLink.trim().length>0,P=i.licenses||[],F=(null!==(n=i.licenses)&&void 0!==n?n:[]).filter(function(e){return e.summary.total>0}),L=null===(r=i.licenses)||void 0===r?void 0:r.find(function(e){return"SBOM"===e.status.name}),B=null===L||void 0===L?void 0:L.projectLicense,R=Boolean(B),U=function(){return(0,E.jsx)("img",{src:"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAON0lEQVR4nOxad1xTV/s/mYwQRkBWGCJDFERZgqCvoDhQKuKroghVpK2COIqK9VVrXWhx4oIiIKKoIAilIlgHqFAKssIeIeywQhIIWTfr97nxTX9IwVaI/et9Pp/7ObnPedb33vPc85xzghYIBAg0Gi0BExCPy1UsKytd3EahWAqFIqy2jnaHo5NznpaWVv9EOslJSbsvn4+8mnAv2d5m7txymLdlw/piFoulnpX7bOZEejCxWCyVQRqNiMFg+Dq6up1oNFoE82urq+119fQ6Ncf4RXh7etaJxWKss4tLrrmFRZW2jna3UCjC9PZQp1dVVjoVFxWtHBkZUR+thEKhoKXLlqfuDgs7pKenRx0bRFdn5/QN3mvqdXT1Ojds8r3aUF8/L+fJkyC/gIALYeGHDo6VF4lEyMz09O1pqSk7yU1N8yQSCQrmKysrM//l7p7lv3XbxcePHn1FNCC2bd0edOkDAD/duHE0NvrmqfGeBgqFEtg5OLxauWr1Q2ubOcUCAVBraCAvfPU8x/u3t69cNQiEvpj4hKWmZmZ1Y3WfPX3qe/qH47e4XC4evl+0eHH6mcjz/srKyrzRcgw6XWv/3j1pVZWViwkEAtVtydJMoqFhAwTxVSvLK1xKfi9aiUAgRBgsFtLV1aWk//LEhsvlKvZQu41nmJo1IiQSCYj7Kea7mOvXz862si78JiTkHCQQq6mrq/dPNzFtgYRIQ9ogx7WLyvJhDPEdZI7byCTwJPUSwOOVu5LT0m01NTVpY0H0UqkGXiuWd3qvW3fp2ImT+8f2QxCEDQoIeN1QXzc/aMeOH4K+2XFOQm6x4WZm7RI0NDpJOBxcG5+PutzZatAkFEh19PSJlP6+XuKla9e9XRcteoaGmV/t2Hmuoa7eNv/Vy43KOBwT4miFNLZzPBvbu6RKbBYDNNQUAojPAybmtkCXaAqmm80FK31Cwc8PIw1uRkWdPnby5M6xASoqKXGlraIib7w3nHAr9kB9Xa3zvgMHv/XfuvUKKz7xB1byg2NtAgipikSCaSg0MAIAnFPXAmGMAdAmEoIeaveMsPDwUDh42AZSZuzQkSN7sFjsSOzNG987zNPdAwAQwvyermaQcG0fyM+9A37LSwHJsd+BtoYXeWp4bJXZLEegZ2AOcp9m+3M4HOXxgpyIID4fk3r//rcWlpZlfgEBUZzcX/2Kbt8+HjjYg9zDHADb6H0gYpguEhkZViogkOAbFbU/dGk0mq7s9x8Apmlr96364ou7pSUly+g0qsRAXyUd5r/MjgcYNIJ5ISrKKzH5vuNsK+vff34U72JjqbRWTRVbaWHlAvh8Pq6upsb+UwDUVFc7Dg8Pa32xxvsOUixGdMbFR5wcogOhqmp/cOjuI55eXomFfC7qjqnRG9xX2w/YYBSADlKa2yApIeFoVkaG3wcAYPJYviINbgvevPEyNlBLgfOjj9oClnt6JrstWZptbWNT+nXwzuNCoVChhdxgbWmmeVmdoCPVHejvN/gUANTubhO4NbOwIEENTY4l3d3GPCAB3x09Fhy0Y0fEqbPnAh2dnJ7nZGd/qeLnexEz0+KdKRoDcCoqg3cePHTAYDAiAQShPgAwx8amGM746iqSk/Y05dcIBAIoKuPhp+XM5/MVYJmyd6XucNtKoZgpKaFbDYxnAfsFXgCvqjb0KQAAABIzC4uK6SYmzaKeHgMIvJ+KxGIxQiYgFArhHJV2oC1nFktbNFpkZW1d5unllYLBYkXo0RZxKirs6SYmteWlpW5oFGAqKaEpDgu8ZhS8fGDvs3pVkwoez6SQyTaw7PUrVy49y83rdvUIBG4rt4ocnS0KPiX6xUuWZHl6eT0QCgSYxHfFi++ODEv5P54+Fd1KabFqb2szrygrc1+/0feaFNgATZ8sFAAi0ZQy2g5yrOEVq1bfZ9DpetlZWQFGRPzj+Yt8wJLVQQCjoKohEYtRG3w3RT1+km26Zp1vKqW5lph0cz8ofHGbyhqiK3wKABwON5L38sW6DWvX1t56cH+3ERoNglXUgNIIe1pcTMyJF8+e+XksX5G878CBcKihcd67woLV/WIRcHZxzRltRzoPjCYOm41b772mhsNmq12PTVjb1I5O5UMieKALjQzwqRpqiiTWCGTa1jnsT+vvVs7PuS1uJVcicTgc85uQkO83bvaLxmAw0i8Yk8HQ9PjXIpqvn1/EwcP/OSLz0dzUZBV55sy1ivIydw0CoTd0777Dbh3dtrysJ3vgeGgmxuXTAracJBgbt0ClZR79iUnHw6gd6gMYNOvxk2xzbR2dvgkBwESqrHQMDtr+CoVCibcEhmaoaduvAwgUXtbf2VYH2luqgNMib67bQjP/lsZ3vMvnI6Oo3d1mZhYWlfsPHdpla2df8vDevZ1XLl64Nmfu3LwTZyK2q6urM25eu3rq8aNHwfDY9vn3+piQPXuOq6mrM0hFRe66sbcvgvZ229GxdAkFIHKYAVpEAnD42PdB/964MeGjb0BG1SSS4/Ej/0nqaG+3xCooAW3d6QCJQgPGIBWwhgbhOoUVfuRosNeaNcmwPI/HU3yYfG9XYlzckZGREQ1dPb3W3p4eEwVFRTafx1OG5TFYLHeIydSZ7+z8dN+BA4csZlrWwLo/3bxx+FZ0dMQ0VTWaIyTU0kehAF8iAQ1CCJRBfIBEo6G9+/eHbfYPuPGnQGEAE10Qn4/KyszYsm9XSMbqZR7kFe5undv9t+THxcQcptFomuPpDAwMaO8NCc60t7aSnDt96rJAIEBVkUjzXOzt2IudnegFb94sG6sjEokQGWlp2zas9a6A9WTXAjvbkSPh4XcpLWTLiWL8KIDJXonx8QfhAFrIZBMZL/iroJyVS9wpf6VLHxwk1NfVzm0hky34fD7mr+T/9BWSBxkaGTbB7dNfsgLFYjFoa221qCaRXAwNDVv/SleDQKBbzppNmmFq2oTFYgV/JT9hDkyF4Po+cMuW3+pqa5xUVVV72Wy2JsyPuhm9wtnFJU+uzj7HEIKv4aEh/OXz58/AQ2nTOp+SyooKp8/h57MBgC8Gna4JA4iMOHPmc/n4LDnwT9L/APxNQnwuw58FwOO0R4GV5eUuo1jSlcilyMgfmQwGQZ6+5A4gMS7uYMSJEwlsNltVxhOJeVhIOKT29nW+z9fbtr4ZYjLV5eVPrgCam5pmRV+/dtraxqZwnp1dwQi/Tbrq6man7Pul2o5p7UE2b6VQrM6fPRslL59yBfDw3r3dEokEeTLirD9A0zUKyIHPR/fPcxOBGTZC8Gtujt9Af7+OPHzKFUB1FcnFzNycZGRs3NbUf+uAQMz601CZNV8ELxvRDXV1tvLwKVcAPVTqdD19/Q749yC7YsF4Mqqa70uXnp4eI3n4lBuArs5OIy6Xq2ZoZNwI33MFvcTx5KYZvAdAaWmxlodfuQEoKixcCbe2dnZvOVCvDiSk648nh1MDQFNfDIoKC5bDlepUSW4AMh+nf43H4wcXuLq+6B3OX/UxWWtXIeju6pr5W0HBsqn6lQuArIyMLY319Q6b/P0vYxUUoFZaytcfk7ddIgIKyhJw9dLFCxAEYabie8oA2lpbzS/8eO6mPpHYvHV70MXeofzlTG7VuAksIyUcAAvXCuA8sLl59eq4W/t/l6YEgMvlKoXtDs2A+HyFExERW9EYMbKy6+SVv6PrsFwEZswRgeSkOwffvs73nGwMUwLw4O7dkI72dquQPXsP2drZF5V1fBfLhtpnwX1CAQCtNe/ND3QhwNCY0wMkEgDvXRBQVhUhI06ejIEgCDuZGCa9pBSLxQiv5ctasVgsPy3rl9k9rNy1JW17pZvD1BYEyLyBBUO0/38+CIQEuH6hNLhiM57OEXSYy/ilz1Hg+V0sOPNjpO+KVatSPzWOSb+BstJS1/6+PuP1vpuuo9FIUV1P1HHw36d9/5wCAEJCX1h4+J7b95KdL1+/sdphvvOvBVk8zaost1wTzc3XZXbmLBQBNEYCfn2Wu2EycaAnC4BUUb4IvD/7yqGza+xG+JQ58P3rdDQQCVCCG0mxyyxnz66WybsuWpSzd1dIVtrDtF0bfDNma+JarAbZJe4KSgAQzcWgmkT6aOJPRJN+A50dHTMQCITQwNCwZWCkeDGQbhAA0FqFgkH9PDp4qSMkUvLltsDzcLH39vXr1Rba2y/K+rSIYkAfHCTyuNxP2iCeEgD2CFtJUUmJhUKhJByIKj3cEEJw8iIA0cCgfTydadra0iPZISZTi4Cb907GR/93JuDxeCr/GAANgsYwl8PR4PP5WCB5fyiBUQBAWVUMSBXjF3KN9fXSCtTA0KhZdnAhDZwNJzlCpILH0/8xAKZmZrVwW19bO08Jq9ct41stEIHamhqXlPvJH5xa9lCp+jeuRp3G4XCMJR4emQxOzR/ldG8bEhgYGTV97B8DE9Gkk3i+8wLpYiXv5YsNAcEef3z+FvoIAaUaBc6fPRud9/KVj72jw9uB/gG93KfZfjwuVyUi8vx6dQ0NRlXz7W9heWY/AH3tSOCz3nFSO3ZT2loM9N9SQG5unp2ZnW1Z2r85f4TfKp3E4CGR/wgDagpRQMBHwMNDbDVnTvHOXaFH5rvMf0PqPB1Bod0Nh2Wf3UGD8pcYEHs70cXOwaHoHwXwNj9/xbe7Q3MXuy9J333c/VFZx4GHHxpXZqiIlv1squ+ZQtDQ7WVyau3IA4l7h3nN0nM2eMJLOqUAHBydc6Pj4idVTkx5c/fooUOJuU+ztwYEboucv7bdkDr0dPPf0RvoRoAHZxUACqE+cDcl1Z5IJHZOxv+UAfB4PExYaGh2SfHvy9yWuqUv/ZJG4CDeuX9Mp+EdEuTEY4FEpMi5Gh3jae/o+Gay/v8vAAD//4wb/4wEdbX7AAAAAElFTkSuQmCC",alt:"Trustify Icon",style:ge})},W=1+(F.length>0?1:0),z=Math.min(12,Math.max(1,Math.floor(12/W))),Z=1+Number(R)+Number(O)+Number(M);4===Z&&(Z=2);var V=Math.min(12,Math.max(1,Math.floor(12/Z)));return(0,E.jsxs)(o.x,{hasGutter:!0,children:[(0,E.jsxs)(h.h,{headingLevel:"h3",size:h.J["2xl"],style:{paddingLeft:"15px"},children:[(0,E.jsx)(v.I,{isInline:!0,status:"info",children:(0,E.jsx)(S.Ay,{style:{fill:"#f0ab00"}})}),"\xa0",u.displayName," overview of security issues"]}),(0,E.jsx)(g.c,{}),(0,E.jsx)(l.E,{md:12,lg:z,children:(0,E.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,E.jsx)(x.a,{children:(0,E.jsx)(f.Z,{children:(0,E.jsx)(m.X,{style:{fontSize:"large"},children:t?(0,E.jsxs)(E.Fragment,{children:[a?_(a):"No Image name"," - Vendor Issues"]}):(0,E.jsx)(E.Fragment,{children:"Vendor Issues"})})})}),(0,E.jsxs)(j.b,{children:[(0,E.jsx)(y.W,{children:(0,E.jsx)(I.d,{children:(0,E.jsx)(m.X,{children:"Below is a list of dependencies affected with CVE."})})}),(0,E.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"10px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:c(i).map(function(e,n){return(0,E.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,E.jsx)(m.X,{style:{fontSize:"large"},children:s(e)}),(0,E.jsx)(I.d,{children:(0,E.jsx)(D,{summary:e.report.summary})})]},n)})})]}),(0,E.jsx)(g.c,{})]})}),F.length>0&&(0,E.jsx)(l.E,{md:12,lg:z,children:(0,E.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,E.jsx)(x.a,{children:(0,E.jsx)(f.Z,{children:(0,E.jsx)(m.X,{style:{fontSize:"large"},children:"License Summary"})})}),(0,E.jsx)(j.b,{children:(0,E.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"30px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:F.map(function(e,n){return(0,E.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,E.jsx)(m.X,{style:{fontSize:"large"},children:e.status.name||"Unknown"}),(0,E.jsx)(I.d,{children:(0,E.jsx)(he,{summary:e.summary})})]},n)})})})]})}),(0,E.jsxs)(l.E,{md:V,children:[(0,E.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,E.jsxs)(y.W,{children:[(0,E.jsx)(f.Z,{component:"h4",children:(0,E.jsxs)(m.X,{style:{fontSize:"large"},children:[U(),"\xa0",u.displayName," Dependency Remediations"]})}),(0,E.jsx)(j.b,{children:(0,E.jsx)(I.d,{children:(0,E.jsx)(C.B8,{isPlain:!0,children:c(i).map(function(e,n){var r=e&&e.source&&e.provider?e.source===e.provider?e.provider:"".concat(e.provider,"/").concat(e.source):"default_value";return Object.keys(e.report).length>0?(0,E.jsxs)(b.c,{children:[(0,E.jsx)(v.I,{isInline:!0,status:"success",children:(0,E.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",e.report.summary.remediations," remediations are available for ",r]}):(0,E.jsxs)(b.c,{children:[(0,E.jsx)(v.I,{isInline:!0,status:"success",children:(0,E.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0 There are no available remediations for your SBOM at this time for ",e.provider]})})})})})]})}),"\xa0"]}),R&&B&&(0,E.jsxs)(l.E,{md:V,children:[(0,E.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,E.jsxs)(y.W,{children:[(0,E.jsx)(f.Z,{component:"h4",children:(0,E.jsxs)(m.X,{style:{fontSize:"large"},children:["Project License ",(0,E.jsx)(w.o,{children:(0,E.jsx)(N.J,{color:se(B.category),children:B.expression||B.name||"\u2014"})})]})}),(0,E.jsx)(j.b,{children:(0,E.jsxs)(I.d,{children:[(0,E.jsx)(y.W,{children:(0,E.jsx)(m.X,{children:"License incompatibilities"})}),(0,E.jsx)(C.B8,{isPlain:!0,children:P.map(function(e,n){var r=function(e,n){for(var r=0,i=ae(n),t=0,a=Object.values(e);t=400||Object.keys(e.warnings).length>0},i=Object.keys(n.providers).map(function(e){return n.providers[e].status}).filter(function(e){return!e.ok||r(e)}),t=function(e){return e.ok&&!r(e)?fe.w.info:e.code>=500?fe.w.danger:fe.w.warning},a=function(e){var n=e.message;return e.ok&&r(e)?"".concat(J(e.name),": ").concat(Object.keys(e.warnings).length," package(s) could not be analyzed"):"".concat(J(e.name),": ").concat(n)};return(0,E.jsx)(E.Fragment,{children:i.map(function(e,n){return(0,E.jsx)(fe.F,{variant:t(e),title:a(e)},n)})})},je=r(6919),ye=r(5501),Ie=r(1792),Ae=r(3093),Ce=r(297),be=r(4072),we=r(6464),Ne=function(e){function n(e){var r;return(0,L.A)(this,n),(r=(0,je.A)(this,n,[e])).state={hasError:!1,error:null},r}return(0,ye.A)(n,e),(0,B.A)(n,[{key:"componentDidCatch",value:function(e,n){console.error("Report rendering error:",e,n)}},{key:"render",value:function(){var e;return this.state.hasError?(0,E.jsx)(M.a,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--200)",minHeight:"100vh"},children:(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ae.o,{icon:(0,E.jsx)(Ce.q,{icon:we.Ay,color:"var(--pf-v5-global--danger-color--100)"}),titleText:"Something went wrong",headingLevel:"h2"}),(0,E.jsx)(be.h,{children:(null===(e=this.state.error)||void 0===e?void 0:e.message)||"An unexpected error occurred while rendering the report."})]})}):this.props.children}}],[{key:"getDerivedStateFromError",value:function(e){return{hasError:!0,error:e}}}])}(i.Component),Te=r(6334),Se=r(4248),Me=r(4471),Oe=r(9379),Ee=r(8380),Pe=r(1417),De=r(7066),ke=r(2227),Fe=r(99),Le=r(7172),Be=r(8516),Re=r(8579),Ue=r(9205),We=r(8099),ze=r(4785),Ze=r(4224),Ve=r(5772),Ke=r(4593),Ge=r(8480),Ye=r(5458),He=r(4546),Qe=function(e){return e[e.SET_PAGE=0]="SET_PAGE",e[e.SET_SORT_BY=1]="SET_SORT_BY",e}(Qe||{}),Xe={changed:!1,currentPage:{page:1,perPage:10},sortBy:void 0},qe=function(e,n){switch(n.type){case Qe.SET_PAGE:var r=n.payload;return(0,Oe.A)((0,Oe.A)({},e),{},{changed:!0,currentPage:{page:r.page,perPage:r.perPage}});case Qe.SET_SORT_BY:var i=n.payload;return(0,Oe.A)((0,Oe.A)({},e),{},{changed:!0,sortBy:{index:i.index,direction:i.direction}});default:return e}},Je=r(2514),_e=r(3842),$e=function(e){var n,r=e.count,i=e.params,t=e.isTop,a=e.perPageOptions,o=e.onChange,l=function(){return i.perPage||10};return(0,E.jsx)(Je.d,{itemCount:r,page:i.page||1,perPage:l(),onPageInput:function(e,n){o({page:n,perPage:l()})},onSetPage:function(e,n){o({page:n,perPage:l()})},onPerPageSelect:function(e,n){o({page:1,perPage:n})},widgetId:"pagination-options-menu",variant:t?Je.A.top:Je.A.bottom,perPageOptions:(n=a||[10,20,50,100],n.map(function(e){return{title:String(e),value:e}})),toggleTemplate:function(e){return(0,E.jsx)(_e.D,(0,Oe.A)({},e))}})},en=r(9694),nn=r(6911),rn=r(1413),tn=function(e){var n=e.numRenderedColumns,r=e.isLoading,i=void 0!==r&&r,t=e.isError,a=void 0!==t&&t,o=e.isNoData,l=void 0!==o&&o,c=e.errorEmptyState,s=void 0===c?null:c,d=e.noDataEmptyState,u=void 0===d?null:d,v=e.children,g=(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ce.q,{icon:we.Ay,color:rn.D.value}),(0,E.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"Unable to connect"}),(0,E.jsx)(be.h,{children:"There was an error retrieving data. Check your connection and try again."})]}),p=(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ce.q,{icon:nn.Ay}),(0,E.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"No data available"}),(0,E.jsx)(be.h,{children:"No data available to be shown here."})]});return(0,E.jsx)(E.Fragment,{children:i?(0,E.jsx)(ze.N,{children:(0,E.jsx)(Ue.Tr,{children:(0,E.jsx)(Ze.Td,{colSpan:n,children:(0,E.jsx)(M.a,{children:(0,E.jsx)(en.y,{size:"xl"})})})})}):a?(0,E.jsx)(ze.N,{"aria-label":"Table error",children:(0,E.jsx)(Ue.Tr,{children:(0,E.jsx)(Ze.Td,{colSpan:n,children:(0,E.jsx)(M.a,{children:s||g})})})}):l?(0,E.jsx)(ze.N,{"aria-label":"Table no data",children:(0,E.jsx)(Ue.Tr,{children:(0,E.jsx)(Ze.Td,{colSpan:n,children:(0,E.jsx)(M.a,{children:u||p})})})}):v})};function an(e){var n=e.name,r=e.items,t=e.getRowKey,a=e.columns,o=e.filterConfig,l=e.compareToByColumn,c=e.filterItem,s=e.renderExpandContent,d=e.ariaLabelPrefix,u=void 0===d?"Table":d,h=e.expandId,v=void 0===h?"compound-expand-table":h,g=e.defaultExpanded,x=void 0===g?{}:g,f=e.initialSortBy,m=(0,i.useState)(""),y=(0,F.A)(m,2),I=y[0],A=y[1],C=function(e){var n=(0,i.useReducer)(qe,(0,Oe.A)((0,Oe.A)({},Xe),{},{currentPage:e&&e.page?(0,Oe.A)({},e.page):(0,Oe.A)({},Xe.currentPage),sortBy:e&&e.sortBy?(0,Oe.A)({},e.sortBy):Xe.sortBy})),r=(0,F.A)(n,2),t=r[0],a=r[1],o=(0,i.useCallback)(function(e){var n;a({type:Qe.SET_PAGE,payload:{page:e.page>=1?e.page:1,perPage:null!==(n=e.perPage)&&void 0!==n?n:Xe.currentPage.perPage}})},[]),l=(0,i.useCallback)(function(e,n,r,i){a({type:Qe.SET_SORT_BY,payload:{index:n,direction:r}})},[]);return{page:t.currentPage,sortBy:t.sortBy,changePage:o,changeSortBy:l}}(f?{sortBy:f}:void 0),b=C.page,w=C.sortBy,N=C.changePage,T=C.changeSortBy,S=function(e){var n=e.items,r=e.currentSortBy,t=e.currentPage,a=e.filterItem,o=e.compareToByColumn;return(0,i.useMemo)(function(){var e,i=(0,Ye.A)(n||[]).filter(a),l=!1;return e=(0,Ye.A)(i).sort(function(e,n){var i=o(e,n,null===r||void 0===r?void 0:r.index);return 0!==i&&(l=!0),i}),l&&(null===r||void 0===r?void 0:r.direction)===He.l.desc&&(e=e.reverse()),{pageItems:e.slice((t.page-1)*t.perPage,t.page*t.perPage),filteredItems:i}},[n,t,r,o,a])}({items:r,currentPage:b,currentSortBy:w,compareToByColumn:l,filterItem:function(e){return c(e,I)}}),M=S.pageItems,O=S.filteredItems,P=(0,i.useState)(x),D=(0,F.A)(P,2),k=D[0],L=D[1],B=function(e,n,r,i){return{isExpanded:k[t(e)]===n,onToggle:function(){return function(e,n){var r=!(arguments.length>2&&void 0!==arguments[2])||arguments[2],i=t(e),a=(0,Oe.A)({},k);r?a[i]=n:delete a[i],L(a)}(e,n,k[t(e)]!==n)},expandId:v,rowIndex:r,columnIndex:i}},R=a.length;return(0,E.jsx)(p.Z,{children:(0,E.jsx)(j.b,{children:(0,E.jsxs)("div",{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:[(0,E.jsx)(Ee.M,{children:(0,E.jsxs)(Pe.P,{children:[(0,E.jsx)(De.h,{toggleIcon:(0,E.jsx)(Ke.Ay,{}),breakpoint:"xl",children:(0,E.jsx)(ke.T,{variant:"search-filter",children:(0,E.jsx)(Fe.D,{id:n+o.idSuffix,style:{width:"250px"},placeholder:o.placeholder,value:I,onChange:function(e,n){return A(n)},onClear:function(){return A("")}})})}),(0,E.jsx)(ke.T,{variant:ke.U.pagination,align:{default:"alignRight"},children:(0,E.jsx)($e,{isTop:!0,count:O.length,params:b,onChange:N})})]})}),(0,E.jsxs)(Le.X,{"aria-label":(null!==n&&void 0!==n?n:u)+" table",variant:Be.a.compact,children:[(0,E.jsx)(Re.d,{children:(0,E.jsx)(Ue.Tr,{children:a.map(function(e,n){return(0,E.jsx)(We.Th,{width:e.width,sort:null!=e.sortIndex?{columnIndex:e.sortIndex,sortBy:(0,Oe.A)({},w),onSort:T}:void 0,children:e.header},e.key)})})}),(0,E.jsx)(tn,{isNoData:0===O.length,numRenderedColumns:R,noDataEmptyState:(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ae.o,{icon:(0,E.jsx)(Ce.q,{icon:Ge.Ay}),titleText:"No results found",headingLevel:"h2"}),(0,E.jsx)(be.h,{children:"Clear all filters and try again."})]}),children:null===M||void 0===M?void 0:M.map(function(e,n){var r,i=t(e),o=k[i],l=!!o;return(0,E.jsxs)(ze.N,{isExpanded:l,children:[(0,E.jsx)(Ue.Tr,{children:a.map(function(r,i){return(0,E.jsx)(Ze.Td,{width:r.width,dataLabel:r.header,component:0===i?"th":void 0,compoundExpand:r.compoundExpand?B(e,r.key,n,i):void 0,children:r.render(e)},r.key)})}),l&&o?(0,E.jsx)(Ue.Tr,{isExpanded:!0,children:(0,E.jsx)(Ze.Td,{dataLabel:null===(r=a.find(function(e){return e.key===o}))||void 0===r?void 0:r.header,noPadding:!0,colSpan:R,children:(0,E.jsx)(Ve.g,{children:(0,E.jsx)("div",{className:"pf-v5-u-m-md",children:s(e,o)})})})}):null]},i)})})]}),(0,E.jsx)($e,{isTop:!1,count:O.length,params:b,onChange:N})]})})})}var on=function(e){var n=e.name,r=e.showVersion,i=void 0!==r&&r;return(0,E.jsx)(E.Fragment,{children:(0,E.jsx)("a",{href:Q(n),target:"_blank",rel:"noreferrer",children:Y(n,i)})})},ln=function(e){var n=e.packageName;e.cves;return(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,status:"success",children:(0,E.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",(0,E.jsx)("a",{href:H(n),target:"_blank",rel:"noreferrer",children:X(n)})]})},cn=function(e){var n,r,i,t=e.packageRef,a=e.vulnerability,o=Kn();return(0,E.jsx)(E.Fragment,{children:null===(null===(n=a.remediation)||void 0===n?void 0:n.fixedIn)||0===(null===(r=a.remediation)||void 0===r||null===(i=r.fixedIn)||void 0===i?void 0:i.length)?(0,E.jsx)("p",{}):(0,E.jsx)("a",{href:q(t,o),target:"_blank",rel:"noreferrer",children:a.id})})},sn=r(8559),dn=r(7540),un=r(8762),hn=r(974),vn=function(e){var n,r=e.vulnerability;if("UNKNOWN"===r.severity)return(0,E.jsx)(E.Fragment,{children:"N/A"});switch(r.severity){case"CRITICAL":n="bar-critical";break;case"HIGH":n="bar-high";break;case"MEDIUM":n="bar-medium";break;case"LOW":n="bar-low";break;default:n="bar-default"}return(0,E.jsx)(E.Fragment,{children:(0,E.jsx)(sn.B,{hasGutter:!0,children:(0,E.jsx)(dn.o,{isFilled:!0,children:(0,E.jsx)(un.k,{title:"".concat(r.cvssScore,"/10"),"aria-label":"cvss-score",value:r.cvssScore,min:0,max:10,size:un.j.sm,measureLocation:hn.Ri.none,className:"".concat(n)})})})})},gn=function(e){var n,r,i=e.vulnerability;switch(i.severity){case"CRITICAL":r="#800000";break;case"HIGH":r="#FF0000";break;case"MEDIUM":r="#FFA500";break;case"LOW":r="#5BA352";break;default:r="#808080"}return(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:r,height:"13px"}})}),"\xa0",J(null!==(n=i.severity)&&void 0!==n?n:"UNKNOWN")]})},pn=function(e){var n,r,i=e.id,t=Kn();return(0,E.jsx)("a",{href:(n=i,r=t,r.cveIssueTemplate.replace("__ISSUE_ID__",n)),target:"_blank",rel:"noreferrer",children:i})},xn=r(4486),fn=function(e){var n=e.title,r=i.useState(!1),t=(0,F.A)(r,2),a=t[0],o=t[1];return(0,E.jsx)(xn.Q,{variant:xn.J.truncate,toggleText:a?"Show less":"Show more",onToggle:function(e,n){o(n)},isExpanded:a,children:n||"-"})},mn=function(e){var n,r,i,t,a,o=e.item,l=(e.providerName,e.rowIndex);return a=o.vulnerability.cves&&o.vulnerability.cves.length>0?o.vulnerability.cves:[o.vulnerability.id],(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(Ze.Td,{children:a.map(function(e,n){return(0,E.jsx)("p",{children:(0,E.jsx)(pn,{id:e})},n)})}),(0,E.jsx)(Ze.Td,{children:(0,E.jsx)(fn,{title:o.vulnerability.title})}),(0,E.jsx)(Ze.Td,{noPadding:!0,children:(0,E.jsx)(gn,{vulnerability:o.vulnerability})}),(0,E.jsx)(Ze.Td,{children:(0,E.jsx)(vn,{vulnerability:o.vulnerability})}),(0,E.jsx)(Ze.Td,{children:(0,E.jsx)(on,{name:o.dependencyRef,showVersion:!0})}),(0,E.jsx)(Ze.Td,{children:null!==(n=o.vulnerability.remediation)&&void 0!==n&&n.trustedContent?(0,E.jsx)(ln,{cves:o.vulnerability.cves||[],packageName:null===(r=o.vulnerability.remediation)||void 0===r||null===(i=r.trustedContent)||void 0===i?void 0:i.ref},l):null!==(t=o.vulnerability.remediation)&&void 0!==t&&t.fixedIn?(0,E.jsx)(cn,{packageRef:o.dependencyRef,vulnerability:o.vulnerability}):d(o.vulnerability)?null:(0,E.jsx)("span",{})})]},l)},jn=function(e){var n=e.providerName,r=e.transitiveDependencies;return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" transitive vulnerabilities",children:[(0,E.jsx)(Re.d,{children:(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(We.Th,{width:15,children:"Vulnerability ID"}),(0,E.jsx)(We.Th,{width:20,children:"Description"}),(0,E.jsx)(We.Th,{width:10,children:"Severity"}),(0,E.jsx)(We.Th,{width:15,children:"CVSS Score"}),(0,E.jsx)(We.Th,{width:20,children:"Transitive Dependency"}),(0,E.jsx)(We.Th,{width:20,children:"Remediation"})]})}),(0,E.jsx)(tn,{isNoData:0===r.length,numRenderedColumns:7,children:u(r).map(function(e,r){return(0,E.jsx)(ze.N,{children:(0,E.jsx)(mn,{item:e,providerName:n,rowIndex:r})},r)})})]})})},yn=function(e){var n=e.providerName,r=e.dependency,i=e.vulnerabilities;return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" direct vulnerabilities",children:[(0,E.jsx)(Re.d,{children:(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(We.Th,{width:15,children:"Vulnerability ID"}),(0,E.jsx)(We.Th,{width:20,children:"Description"}),(0,E.jsx)(We.Th,{width:10,children:"Severity"}),(0,E.jsx)(We.Th,{width:15,children:"CVSS Score"}),(0,E.jsx)(We.Th,{width:20,children:"Direct Dependency"}),(0,E.jsx)(We.Th,{width:20,children:"Remediation"})]})}),(0,E.jsx)(tn,{isNoData:0===i.length,numRenderedColumns:6,children:null===i||void 0===i?void 0:i.map(function(e,i){var t=[];return e.cves&&e.cves.length>0?e.cves.forEach(function(e){return t.push(e)}):e.unique&&t.push(e.id),(0,E.jsx)(ze.N,{children:t.map(function(t,a){return(0,E.jsx)(mn,{item:{id:e.id,dependencyRef:r.ref,vulnerability:e},providerName:n,rowIndex:i},"".concat(i,"-").concat(a))})},i)})})]})})},In=r(1640),An=function(e){var n=e.vulnerabilities,r=void 0===n?[]:n,i=e.transitiveDependencies,t=void 0===i?[]:i,a={CRITICAL:0,HIGH:0,MEDIUM:0,LOW:0,UNKNOWN:0};return r.length>0?r.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++}):null===t||void 0===t||t.forEach(function(e){var n;null===(n=e.issues)||void 0===n||n.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++})}),(0,E.jsxs)(In.Z,{children:[a.CRITICAL>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#800000",height:"13px"}})}),"\xa0",a.CRITICAL,"\xa0"]}),a.HIGH>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#FF0000",height:"13px"}})}),"\xa0",a.HIGH,"\xa0"]}),a.MEDIUM>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#FFA500",height:"13px"}})}),"\xa0",a.MEDIUM,"\xa0"]}),a.LOW>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#5BA352",height:"13px"}})}),"\xa0",a.LOW,"\xa0"]}),a.UNKNOWN>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#808080",height:"13px"}})}),"\xa0",a.UNKNOWN]})]})},Cn=function(e){var n,r,i=e.dependency,t=null===(n=i.issues)||void 0===n?void 0:n.some(function(e){return d(e)}),a=(null===(r=i.transitive)||void 0===r?void 0:r.some(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.some(function(e){return d(e)})}))||!1;return(0,E.jsx)(E.Fragment,{children:t||a?"Yes":"No"})},bn=function(e){var n=e.name,r=e.dependencies,i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,E.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"direct",header:"Direct Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n,r;return null!==(n=e.issues)&&void 0!==n&&n.length?(0,E.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,E.jsx)("div",{style:{width:"25px"},children:null===(r=e.issues)||void 0===r?void 0:r.length}),(0,E.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,E.jsx)(An,{vulnerabilities:e.issues})]}):0}},{key:"transitive",header:"Transitive Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n;return null!==(n=e.transitive)&&void 0!==n&&n.length?(0,E.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,E.jsx)("div",{style:{width:"25px"},children:e.transitive.map(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.length}).reduce(function(){return(arguments.length>0&&void 0!==arguments[0]?arguments[0]:0)+(arguments.length>1&&void 0!==arguments[1]?arguments[1]:0)})}),(0,E.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,E.jsx)(An,{transitiveDependencies:e.transitive})]}):0}},{key:"rhRemediation",header:"Remediation available",width:15,render:function(e){return(0,E.jsx)(Cn,{dependency:e})}}];return(0,E.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-dependency-filter"},compareToByColumn:function(e,n,r){return 1===r?e.ref.localeCompare(n.ref):0},filterItem:function(e,n){var r,i;return!!(null!==(r=e.issues)&&void 0!==r&&r.length||null!==(i=e.transitive)&&void 0!==i&&i.length)&&(!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase()))},renderExpandContent:function(e,r){var i,t;return"direct"===r&&null!==(i=e.issues)&&void 0!==i&&i.length?(0,E.jsx)(yn,{providerName:n,dependency:e,vulnerabilities:e.issues}):"transitive"===r&&null!==(t=e.transitive)&&void 0!==t&&t.length?(0,E.jsx)(jn,{providerName:n,transitiveDependencies:e.transitive}):null},ariaLabelPrefix:"Dependencies",expandId:"compound-expandable-example",defaultExpanded:{"siemur/test-space":"name"}})},wn=de;var Nn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=e.countBy,a="identifiers"===(void 0===t?"evidence":t)?function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){(e.identifiers||[]).forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++})}),n}(r):function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++}),n}(r);return(0,E.jsx)(In.Z,{children:wn.map(function(e){return a[e]>0&&(0,E.jsxs)(i.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:ie[e],height:"13px"}})}),"\xa0",a[e],"\xa0"]},e)})})},Tn=function(e){var n=e.concluded;return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(A.B,{children:[(0,E.jsxs)(y.W,{children:[(0,E.jsx)(m.X,{children:"License name"}),(0,E.jsx)(I.d,{children:n.name||"\u2014"})]}),(0,E.jsxs)(y.W,{children:[(0,E.jsx)(m.X,{children:"Expression"}),(0,E.jsx)(I.d,{children:n.expression||"\u2014"})]}),(0,E.jsxs)(y.W,{children:[(0,E.jsx)(m.X,{children:"Category"}),(0,E.jsx)(I.d,{children:n.category?le(n.category):"\u2014"})]})]})})},Sn=r(5435),Mn="Evidence",On="Expression",En="Identifiers",Pn="Category",Dn="Status";function kn(e){var n,r=e.info,i=null!==(n=null===r||void 0===r?void 0:r.identifiers)&&void 0!==n?n:[],t=i.some(function(e){return!0===e.isDeprecated}),a=i.some(function(e){return!0===e.isOsiApproved}),o=i.some(function(e){return!0===e.isFsfLibre});return t||a||o?(0,E.jsxs)(Sn.s,{gap:{default:"gapSm"},alignItems:{default:"alignItemsCenter"},children:[t&&(0,E.jsx)(In.Z,{children:(0,E.jsx)("span",{title:"Deprecated identifier",children:(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:oe,height:"13px"}})})})}),a&&(0,E.jsx)(In.Z,{children:(0,E.jsx)("img",{src:"https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/open-source-initiative.svg",alt:"OSI Approved",title:"OSI Approved",style:{height:"1.1em",verticalAlign:"middle"}})}),o&&(0,E.jsx)(In.Z,{children:(0,E.jsx)("img",{src:"https://www.gnu.org/graphics/fsf-logo-notext-small.png",alt:"FSF Libre",title:"FSF Free/Libre",style:{height:"1.1em",verticalAlign:"middle"}})})]}):(0,E.jsx)(E.Fragment,{children:"\u2014"})}var Fn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=(0,i.useMemo)(function(){return(0,Ye.A)(r).sort(function(e,n){return ue(e.category)-ue(n.category)})},[r]);return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":"Evidence licenses",children:[(0,E.jsx)(Re.d,{children:(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(We.Th,{width:30,children:Mn}),(0,E.jsx)(We.Th,{width:20,children:On}),(0,E.jsx)(We.Th,{width:25,children:En}),(0,E.jsx)(We.Th,{width:15,children:Pn}),(0,E.jsx)(We.Th,{width:10,children:Dn})]})}),(0,E.jsx)(tn,{isNoData:0===t.length,numRenderedColumns:5,children:(0,E.jsx)(ze.N,{children:t.map(function(e,n){var r,i,t,a=e.name||(null===(r=e.identifiers)||void 0===r?void 0:r.map(function(e){return e.name||e.id}).join(", "))||e.expression||"\u2014",o=e.expression||"\u2014",l=null!==(i=null===(t=e.identifiers)||void 0===t?void 0:t.map(function(e){return e.id}))&&void 0!==i?i:[],c=e.category||"\u2014",s=ce(e.category);return(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(Ze.Td,{dataLabel:Mn,children:a}),(0,E.jsx)(Ze.Td,{dataLabel:On,children:o}),(0,E.jsx)(Ze.Td,{dataLabel:En,style:{whiteSpace:"pre-line"},children:l.length?l.join("\n"):"\u2014"}),(0,E.jsx)(Ze.Td,{dataLabel:Pn,children:"\u2014"!==c?(0,E.jsxs)("span",{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:s,height:"13px"}})}),"\xa0",le(e.category)]}):"\u2014"}),(0,E.jsx)(Ze.Td,{dataLabel:Dn,children:(0,E.jsx)(kn,{info:e})})]},n)})})})]})})};var Ln=function(e){var n=e.name,r=function(e){return Object.entries(e||{}).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return{ref:r,concluded:i.concluded,evidence:i.evidence||[]}})}(e.dependencies),i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,E.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"concluded",header:"Concluded",width:20,sortIndex:2,compoundExpand:!0,render:function(e){var n;if(!e.concluded)return"\u2014";var r=e.concluded.expression||e.concluded.name||"\u2014",i=null===(n=e.concluded.identifiers)||void 0===n?void 0:n.some(function(e){return!0===e.isDeprecated});return(0,E.jsxs)("span",{style:{display:"inline-flex",alignItems:"center",gap:6},children:[i&&(0,E.jsx)(v.I,{isInline:!0,title:"Concluded license is deprecated",children:(0,E.jsx)(ve.Ay,{style:{fill:"#F0AB00",height:"13px"}})}),r]})}},{key:"category",header:"Category",width:15,sortIndex:3,render:function(e){var n;return null!==(n=e.concluded)&&void 0!==n&&n.category?(0,E.jsxs)("span",{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:ce(e.concluded.category),height:"13px"}})}),"\xa0",le(e.concluded.category)]}):"\u2014"}},{key:"evidences",header:"Evidences",width:25,compoundExpand:!0,render:function(e){var n;return null!==(n=e.evidence)&&void 0!==n&&n.length?(0,E.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,E.jsx)("div",{style:{width:"25px"},children:e.evidence.length}),(0,E.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,E.jsx)(Nn,{evidence:e.evidence,countBy:"identifiers"})]}):0}}];return(0,E.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-license-filter"},compareToByColumn:function(e,n,r){switch(r){case 1:return e.ref.localeCompare(n.ref);case 2:var i,t,a,o,l=(null===(i=e.concluded)||void 0===i?void 0:i.expression)||(null===(t=e.concluded)||void 0===t?void 0:t.name)||"",c=(null===(a=n.concluded)||void 0===a?void 0:a.expression)||(null===(o=n.concluded)||void 0===o?void 0:o.name)||"";return l.localeCompare(c);case 3:var s,d,u=(null===(s=e.concluded)||void 0===s?void 0:s.category)||"",h=(null===(d=n.concluded)||void 0===d?void 0:d.category)||"";return u.localeCompare(h);default:return 0}},filterItem:function(e,n){return!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase())},renderExpandContent:function(e,n){var r;return"concluded"===n&&e.concluded?(0,E.jsx)(Tn,{concluded:e.concluded}):"evidences"===n&&null!==(r=e.evidence)&&void 0!==r&&r.length?(0,E.jsx)(Fn,{evidence:e.evidence}):null},ariaLabelPrefix:"Licenses",expandId:"evidences-compound-expand",initialSortBy:{index:3,direction:"desc"}})},Bn=r(1157),Rn="vulnerabilities",Un="licenses",Wn=function(e){var n=e.report,r=Kn(),t=c(n),o=t.length>0,l=(0,i.useMemo)(function(){var e;return(null!==(e=n.licenses)&&void 0!==e?e:[]).filter(function(e){return e.summary.total>0})},[n.licenses]),d=l.length>0,u=o?s(t[0]):null,h=d?l[0].status.name:null,v=i.useState(o?Rn:Un),g=(0,F.A)(v,2),p=g[0],x=g[1],f=i.useState(null!==u&&void 0!==u?u:0),m=(0,F.A)(f,2),j=m[0],y=m[1],I=i.useState(null!==h&&void 0!==h?h:0),A=(0,F.A)(I,2),C=A[0],b=A[1],w=r.writeKey&&""!==r.writeKey.trim()?Bn.N.load({writeKey:r.writeKey}):null,N=(0,i.useRef)("");(0,i.useEffect)(function(){w&&null!=r.anonymousId&&w.setAnonymousId(r.anonymousId)},[w,r.anonymousId]),(0,i.useEffect)(function(){d&&null!=h&&(new Set(l.map(function(e){return e.status.name})).has(String(C))||b(h))},[d,h,l,C]);var T=p===Rn?j:C;(0,i.useEffect)(function(){w&&T!==N.current&&(w.track("rhda.exhort.tab",{tabName:T}),N.current=T)},[w,T]);var S=[];return o&&S.push((0,E.jsx)(Te.o,{eventKey:Rn,title:(0,E.jsx)(Se.V,{children:"Vulnerabilities"}),"aria-label":"Vulnerabilities",children:(0,E.jsx)(Me.t,{activeKey:j,onSelect:function(e,n){y(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"Vulnerability providers",role:"region",children:t.map(function(e){var n,r=s(e),i=null===(n=e.report.dependencies)||void 0===n?void 0:n.filter(function(e){return e.highestVulnerability});return(0,E.jsx)(Te.o,{eventKey:r,title:(0,E.jsx)(Se.V,{children:r}),"aria-label":"".concat(r," source"),children:(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(bn,{name:r,dependencies:i})})},r)})})},Rn)),d&&S.push((0,E.jsx)(Te.o,{eventKey:Un,title:(0,E.jsx)(Se.V,{children:"Licenses"}),"aria-label":"Licenses",children:(0,E.jsx)(Me.t,{activeKey:C,onSelect:function(e,n){b(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"License providers",role:"region",children:l.map(function(e){return(0,E.jsx)(Te.o,{eventKey:e.status.name,title:(0,E.jsx)(Se.V,{children:e.status.name}),"aria-label":"".concat(e.status.name," source"),children:(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(Ln,{name:e.status.name,dependencies:e.packages})})},e.status.name)})})},Un)),0===S.length?null:(0,E.jsx)("div",{children:(0,E.jsx)(Me.t,{activeKey:p,onSelect:function(e,n){x(n)},"aria-label":"Providers",role:"region",variant:"light300",isBox:!0,children:S})})},zn=function(e){var n,r=e.report,t=(0,i.useMemo)(function(){return Object.entries(r).sort(function(e,n){var r=(0,F.A)(e,1)[0],i=(0,F.A)(n,1)[0];return r.localeCompare(i)})},[r]),c=i.useState((null===(n=t[0])||void 0===n?void 0:n[0])||""),s=(0,F.A)(c,2),d=s[0],u=s[1],h=i.useState(!0),v=(0,F.A)(h,1)[0];(0,i.useEffect)(function(){var e,n=(null===(e=t[0])||void 0===e?void 0:e[0])||"";u(function(e){return new Set(t.map(function(e){return(0,F.A)(e,1)[0]})).has(String(e))?e:n})},[t]);var g=t.map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return(0,E.jsxs)(Te.o,{eventKey:r,title:(0,E.jsx)(Se.V,{children:_(r)}),"aria-label":"".concat(r," source"),children:[(0,E.jsx)(me,{report:i}),(0,E.jsx)(a.d8,{variant:a.zC.light,children:(0,E.jsx)(o.x,{hasGutter:!0,children:(0,E.jsx)(l.E,{children:(0,E.jsx)(xe,{report:i,isReportMap:!0,purl:r})})})}),(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(Wn,{report:i})})]})});return(0,E.jsx)("div",{children:(0,E.jsx)(Me.t,{activeKey:d,onSelect:function(e,n){u(n)},"aria-label":"Providers",role:"region",variant:v?"light300":"default",isBox:!0,children:g})})},Zn=window.appData,Vn=(0,i.createContext)(Zn),Kn=function(){return(0,i.useContext)(Vn)};var Gn=function(){return(0,E.jsx)(Vn.Provider,{value:Zn,children:(0,E.jsx)(Ne,{children:(e=Zn.report,"object"===typeof e&&null!==e&&Object.keys(e).every(function(n){return"scanned"in e[n]&&"providers"in e[n]&&"object"===typeof e[n].scanned&&"object"===typeof e[n].providers})?(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(zn,{report:Zn.report})}):(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(me,{report:Zn.report}),(0,E.jsx)(a.d8,{variant:a.zC.light,children:(0,E.jsx)(o.x,{hasGutter:!0,children:(0,E.jsx)(l.E,{children:(0,E.jsx)(xe,{report:Zn.report})})})}),(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(Wn,{report:Zn.report})})]}))})});var e},Yn=function(e){e&&e instanceof Function&&r.e(121).then(r.bind(r,6895)).then(function(n){var r=n.getCLS,i=n.getFID,t=n.getFCP,a=n.getLCP,o=n.getTTFB;r(e),i(e),t(e),a(e),o(e)})};t.createRoot(document.getElementById("root")).render((0,E.jsx)(i.StrictMode,{children:(0,E.jsx)(Gn,{})})),Yn()}},n={};function r(i){var t=n[i];if(void 0!==t)return t.exports;var a=n[i]={id:i,loaded:!1,exports:{}};return e[i].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=e,function(){var e=[];r.O=function(n,i,t,a){if(!i){var o=1/0;for(d=0;d=a)&&Object.keys(r.O).every(function(e){return r.O[e](i[c])})?i.splice(c--,1):(l=!1,a0&&e[d-1][2]>a;d--)e[d]=e[d-1];e[d]=[i,t,a]}}(),r.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(n,{a:n}),n},function(){var e,n=Object.getPrototypeOf?function(e){return Object.getPrototypeOf(e)}:function(e){return e.__proto__};r.t=function(i,t){if(1&t&&(i=this(i)),8&t)return i;if("object"===typeof i&&i){if(4&t&&i.__esModule)return i;if(16&t&&"function"===typeof i.then)return i}var a=Object.create(null);r.r(a);var o={};e=e||[null,n({}),n([]),n(n)];for(var l=2&t&&i;("object"==typeof l||"function"==typeof l)&&!~e.indexOf(l);l=n(l))Object.getOwnPropertyNames(l).forEach(function(e){o[e]=function(){return i[e]}});return o.default=function(){return i},r.d(a,o),a}}(),r.d=function(e,n){for(var i in n)r.o(n,i)&&!r.o(e,i)&&Object.defineProperty(e,i,{enumerable:!0,get:n[i]})},r.e=function(){return Promise.resolve()},r.g=function(){if("object"===typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"===typeof window)return window}}(),r.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},r.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.nmd=function(e){return e.paths=[],e.children||(e.children=[]),e},function(){var e={792:0};r.O.j=function(n){return 0===e[n]};var n=function(n,i){var t,a,o=i[0],l=i[1],c=i[2],s=0;if(o.some(function(n){return 0!==e[n]})){for(t in l)r.o(l,t)&&(r.m[t]=l[t]);if(c)var d=c(r)}for(n&&n(i);s getSummaryValues() { tree().direct("aa").withTransitive("aaa").direct("ab").withTransitive("aab").build(), new SourceSummary().direct(0).transitive(2).total(2).high(1).medium(1).dependencies(2), TEST_SOURCE), - // Case 6: issues with null CVSS score produce UNKNOWN severity + // Case 6: issue with upstream-only remediation (fixedIn, no trustedContent) + Arguments.of( + Map.of( + "pkg:npm/aa@1", + new PackageItem( + "pkg:npm/aa@1", + null, + List.of(buildIssueWithUpstreamRemediation(1, 7f, "2.0.0")), + Collections.emptyList())), + tree().direct("aa").build(), + new SourceSummary().direct(1).total(1).high(1).dependencies(1).remediations(1), + TEST_SOURCE), + // Case 7: issues with null CVSS score produce UNKNOWN severity Arguments.of( Map.of( "pkg:npm/aa@1", @@ -670,6 +682,19 @@ private static Issue buildIssue(int id, Float score) { .cvssScore(score); } + private static Issue buildIssueWithUpstreamRemediation(int id, Float score, String fixedVersion) { + var r = new Remediation(); + r.addFixedInItem(fixedVersion); + return new Issue() + .id(String.format("ISSUE-00%d", id)) + .title(String.format("ISSUE Example 00%d", id)) + .source(TEST_SOURCE) + .severity(SeverityUtils.fromScore(score)) + .cves(List.of(String.format("CVE-00%d", id))) + .cvssScore(score) + .remediation(r); + } + private static Issue buildIssueWithTcRemediation(int id, Float score, String remediation) { var r = new Remediation(); r.trustedContent(new RemediationTrustedContent().ref(new PackageRef(remediation))); diff --git a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java index a74bf220..77880ee9 100644 --- a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java +++ b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java @@ -46,8 +46,10 @@ import io.github.guacsec.trustifyda.api.PackageRef; import io.github.guacsec.trustifyda.api.v5.Issue; import io.github.guacsec.trustifyda.api.v5.ProviderStatus; +import io.github.guacsec.trustifyda.api.v5.Remediation; import io.github.guacsec.trustifyda.api.v5.RemediationTrustedContent; import io.github.guacsec.trustifyda.api.v5.SeverityUtils; +import io.github.guacsec.trustifyda.api.v5.VersionRange; import io.github.guacsec.trustifyda.model.PackageItem; import io.github.guacsec.trustifyda.model.ProviderResponse; import io.github.guacsec.trustifyda.model.trustify.IndexedRecommendation; @@ -557,6 +559,54 @@ void testSourceNamePreservedWhenMergingWithIssues() { assertEquals(1, item.issues().size()); } + @Test + void testUpstreamRemediationPreservedWhenTrustedContentMerged() { + Exchange oldExchange = mock(Exchange.class); + Exchange newExchange = mock(Exchange.class); + Message oldMessage = createMessageWithBodyStorage(); + Message newMessage = mock(Message.class); + + var existingRemediation = new Remediation(); + existingRemediation.addFixedInItem("2.0.0"); + existingRemediation.addVersionRangesItem( + new VersionRange().lowVersion("1.0.0").highVersion("2.0.0")); + + var issue = createIssue("CVE-001", "Issue 1", 7.0f); + issue.remediation(existingRemediation); + + oldMessage.setBody(createProviderResponseWithIssues(List.of(issue))); + when(oldExchange.getIn()).thenReturn(oldMessage); + when(newExchange.getIn()).thenReturn(newMessage); + when(newMessage.getBody()) + .thenReturn( + createRecommendations( + "pkg:npm/package1@1.0.0", + "pkg:npm/package1@2.0.0", + Map.of("CVE-001", new Vulnerability("CVE-001", Fixed, NotProvided)))); + + Exchange result = aggregation.aggregate(oldExchange, newExchange); + ProviderResponse response = result.getIn().getBody(ProviderResponse.class); + + PackageItem resultItem = response.pkgItems().get("pkg:npm/package1@1.0.0"); + assertNotNull(resultItem); + assertEquals(1, resultItem.issues().size()); + + var remediation = resultItem.issues().get(0).getRemediation(); + assertNotNull(remediation); + + assertNotNull(remediation.getFixedIn()); + assertEquals(1, remediation.getFixedIn().size()); + assertEquals("2.0.0", remediation.getFixedIn().get(0)); + + assertNotNull(remediation.getVersionRanges()); + assertEquals(1, remediation.getVersionRanges().size()); + assertEquals("1.0.0", remediation.getVersionRanges().get(0).getLowVersion()); + assertEquals("2.0.0", remediation.getVersionRanges().get(0).getHighVersion()); + + assertNotNull(remediation.getTrustedContent()); + assertEquals("pkg:npm/package1@2.0.0", remediation.getTrustedContent().getRef().ref()); + } + /** Creates a mock Message that actually stores and retrieves the body. */ @SuppressWarnings("unchecked") private Message createMessageWithBodyStorage() { diff --git a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java index 3f8c2641..161adb2f 100644 --- a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java +++ b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java @@ -48,6 +48,7 @@ import io.github.guacsec.trustifyda.api.PackageRef; import io.github.guacsec.trustifyda.api.v5.Issue; +import io.github.guacsec.trustifyda.api.v5.RemediationCategory; import io.github.guacsec.trustifyda.api.v5.Severity; import io.github.guacsec.trustifyda.integration.Constants; import io.github.guacsec.trustifyda.integration.providers.trustify.ubi.UBIRecommendation; @@ -99,7 +100,7 @@ void setUp() { private static Stream testResponseToIssuesWithValidData() { return Stream.of( - // old response without details field + // v3 response without details field (fallback path) """ { "pkg:maven/org.postgresql/postgresql@42.5.0": [ @@ -112,29 +113,25 @@ private static Stream testResponseToIssuesWithValidData() { "CWE-200", "CWE-377" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "score": 5.8, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed", "identifier": "GHSA-562r-vg33-8x8h", "document_id": "GHSA-562r-vg33-8x8h", "title": "TemporaryFolder on unix-like systems does not limit access to created files", - "labels": { - "type": "osv", - "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json", - "importer": "osv-github", - "source": "https://github.com/github/advisory-database" - }, - "scores": [ - { - "type": "3.1", - "value": 5.8, - "severity": "medium" - } - ] - } - ] - } + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -144,61 +141,48 @@ private static Stream testResponseToIssuesWithValidData() { "cwes": [ "CWE-89" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277", "identifier": "https://www.redhat.com/#RHSA-2024_1797", "document_id": "RHSA-2024:1797", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", "name": "Red Hat Product Security" - }, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", - "labels": { - "importer": "redhat-csaf", - "file": "2024/rhsa-2024_1797.json", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e", "identifier": "https://www.redhat.com/#RHSA-2024_1662", "document_id": "RHSA-2024:1662", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", "name": "Red Hat Product Security" - }, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] - } - ] - } + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ] } """, - // new response with details field + // v3 response with details field """ { "pkg:maven/org.postgresql/postgresql@42.5.0": { @@ -212,29 +196,25 @@ private static Stream testResponseToIssuesWithValidData() { "CWE-200", "CWE-377" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "score": 5.8, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed", "identifier": "GHSA-562r-vg33-8x8h", "document_id": "GHSA-562r-vg33-8x8h", "title": "TemporaryFolder on unix-like systems does not limit access to created files", - "labels": { - "type": "osv", - "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json", - "importer": "osv-github", - "source": "https://github.com/github/advisory-database" - }, - "scores": [ - { - "type": "3.1", - "value": 5.8, - "severity": "medium" - } - ] - } - ] - } + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -244,63 +224,50 @@ private static Stream testResponseToIssuesWithValidData() { "cwes": [ "CWE-89" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277", "identifier": "https://www.redhat.com/#RHSA-2024_1797", "document_id": "RHSA-2024:1797", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", "name": "Red Hat Product Security" - }, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", - "labels": { - "importer": "redhat-csaf", - "file": "2024/rhsa-2024_1797.json", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e", "identifier": "https://www.redhat.com/#RHSA-2024_1662", "document_id": "RHSA-2024:1662", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", "name": "Red Hat Product Security" - }, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] - } - ] - } + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ] }, "warnings": [] }, """, - // new response with withdrawn field + // v3 response with withdrawn field """ { "pkg:maven/org.postgresql/postgresql@42.5.0": { @@ -311,30 +278,20 @@ private static Stream testResponseToIssuesWithValidData() { "title": "This CVE is a placeholder for a vulnerability that has been withdrawn", "description": "This CVE is a placeholder for a vulnerability that has been withdrawn", "withdrawn": "2024-01-01T00:00:00Z", - "status": { - "affected": [ - { + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d9900", "identifier": "CVE-2022-41948", "document_id": "CVE-2022-41948", "title": "This CVE is a placeholder for a vulnerability that has been withdrawn", - "withdrawn": "2024-01-01T00:00:00Z", - "labels": { - "type": "osv", - "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json", - "importer": "osv-github", - "source": "https://github.com/github/advisory-database" - }, - "scores": [ - { - "type": "3.1", - "value": 5.8, - "severity": "medium" - } - ] - } - ] - } + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -345,49 +302,38 @@ private static Stream testResponseToIssuesWithValidData() { "CWE-200", "CWE-377" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "score": 5.8, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed", "identifier": "GHSA-562r-vg33-8x8h", "document_id": "GHSA-562r-vg33-8x8h", "title": "TemporaryFolder on unix-like systems does not limit access to created files", - "labels": { - "type": "osv", - "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json", - "importer": "osv-github", - "source": "https://github.com/github/advisory-database" - }, - "scores": [ - { - "type": "3.1", - "value": 5.8, - "severity": "medium" - } - ] + "issuer": null }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d9908", "identifier": "CVE-2022-41946", "document_id": "CVE-2022-41946", "title": "This CVE is a placeholder for a vulnerability that has been withdrawn", - "withdrawn": "2024-01-01T00:00:00Z", - "labels": { - "type": "osv", - "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json", - "importer": "osv-github", - "source": "https://github.com/github/advisory-database" - }, - "scores": [ - { - "type": "3.1", - "value": 5.8, - "severity": "medium" - } - ] - } - ] - } + "issuer": null, + "withdrawn": "2024-01-01T00:00:00Z" + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -397,56 +343,43 @@ private static Stream testResponseToIssuesWithValidData() { "cwes": [ "CWE-89" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277", "identifier": "https://www.redhat.com/#RHSA-2024_1797", "document_id": "RHSA-2024:1797", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", "name": "Red Hat Product Security" - }, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", - "labels": { - "importer": "redhat-csaf", - "file": "2024/rhsa-2024_1797.json", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e", "identifier": "https://www.redhat.com/#RHSA-2024_1662", "document_id": "RHSA-2024:1662", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", "name": "Red Hat Product Security" - }, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] - } - ] - } + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ] }, @@ -478,8 +411,6 @@ void testResponseToIssuesWithValidData(String jsonResponse) throws IOException { assertEquals("pgjdbc SQL Injection via line comment generation", issue.getTitle()); assertEquals(9.8f, issue.getCvssScore()); assertEquals(Severity.CRITICAL, issue.getSeverity()); - // assertNotNull(issue.getRemediation()); - // assertEquals(List.of("42.5.5"), issue.getRemediation().getFixedIn()); issue = issues.stream().filter(i -> i.getId().equals("CVE-2022-41946")).findFirst().orElseThrow(); @@ -501,46 +432,30 @@ void testResponseToIssuesWithMultipleScoreTypes() throws IOException { { "identifier": "CVE-2024-1597", "title": "Test CVE", - "status": { - "affected": [ - { - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "4", - "value": 7.2, - "severity": "high" - }, - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - }, - { - "type": "2", - "value": 8.5, - "severity": "high" - } - ], - "ranges": [ - { - "events": [ - { - "fixed": "42.5.5" - } - ] - } - ] - } - ] + "base_score": { + "type": "4.0", + "score": 7.2, + "severity": "high" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:1662", + "document_id": "RHSA-2024:1662", + "title": "Advisory", + "issuer": { + "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] } - } - ]}, + ] + } + ]}, "warnings": [] } """; @@ -554,7 +469,7 @@ void testResponseToIssuesWithMultipleScoreTypes() throws IOException { List issues = packageItem.issues(); Issue issue = issues.get(0); - // Should prioritize V4 based on SCORE_TYPE_ORDER + // v3 provides pre-computed base_score assertEquals(7.2f, issue.getCvssScore()); assertEquals(Severity.HIGH, issue.getSeverity()); } @@ -630,7 +545,7 @@ void testResponseToIssuesWithMissingAffectedField() throws IOException { { "identifier": "CVE-2024-1597", "title": "Test CVE", - "status": {} + "purl_statuses": [] } ]}, "warnings": [] @@ -658,25 +573,20 @@ void testResponseToIssuesWithNoScores() throws IOException { { "identifier": "CVE-2024-1597", "title": "Test CVE", - "status": { - "affected": [ - { - "id": "advisory-1", - "labels": { - "importer": "redhat-csaf" - }, - "ranges": [ - { - "events": [ - { - "fixed": "42.5.5" - } - ] - } - ] - } - ] - } + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:advisory-1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory 1", + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ]}, "warnings": [] @@ -706,33 +616,25 @@ void testResponseToIssuesWithFallbackToDescription() throws IOException { { "identifier": "CVE-2024-1597", "description": "This is a description used as title", - "status": { - "affected": [ + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ { - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:1662", + "document_id": "RHSA-2024:1662", + "title": "Advisory", + "issuer": null }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ], - "ranges": [ - { - "events": [ - { - "fixed": "42.5.5" - } - ] - } - ] + "status": "affected", + "version_range": null, + "remediations": [] } - ]} + ] } ] } @@ -760,32 +662,25 @@ void testResponseToIssuesWithDefaultSource() throws IOException { { "identifier": "CVE-2024-1597", "description": "This is a description used as title", - "status": { - "affected": [ + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ { - "labels": { - "file": "2024/rhsa-2024_1662.json", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:1662", + "document_id": "RHSA-2024:1662", + "title": "Advisory", + "issuer": null }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ], - "ranges": [ - { - "events": [ - { - "fixed": "42.5.5" - } - ] - } - ] + "status": "affected", + "version_range": null, + "remediations": [] } - ]} + ] } ] } @@ -801,7 +696,7 @@ void testResponseToIssuesWithDefaultSource() throws IOException { assertEquals(1, issues.size()); Issue issue = issues.get(0); - assertEquals("manual", issue.getSource()); + assertEquals("unknown", issue.getSource()); } @Test @@ -814,43 +709,36 @@ void testResponseToIssuesWithMultipleFixedVersions() throws IOException { { "identifier": "CVE-2024-1597", "title": "Test CVE", - "status": { - "affected": [ - { - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ], - "ranges": [ - { - "events": [ - { - "fixed": "42.5.5" - }, - { - "fixed": "42.6.0" - } - ] - }, - { - "events": [ - { - "fixed": "43.0.0" - } - ] - } - ] - } - ]} + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:1662", + "document_id": "RHSA-2024:1662", + "title": "Advisory", + "issuer": { + "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": { + "high_version": "42.5.5", + "high_inclusive": false + }, + "remediations": [ + { + "category": "vendor_fix", + "details": "Update to version 42.5.5" + } + ] + } + ] } ] }, @@ -870,50 +758,110 @@ void testResponseToIssuesWithMultipleFixedVersions() throws IOException { Issue issue = issues.get(0); assertNotNull(issue.getRemediation()); List fixedVersions = issue.getRemediation().getFixedIn(); - assertEquals(3, fixedVersions.size()); - assertTrue(fixedVersions.contains("42.5.5")); - assertTrue(fixedVersions.contains("42.6.0")); - assertTrue(fixedVersions.contains("43.0.0")); + assertEquals(1, fixedVersions.size()); + assertEquals("42.5.5", fixedVersions.get(0)); + assertNotNull(issue.getRemediation().getVersionRanges()); + assertEquals(1, issue.getRemediation().getVersionRanges().size()); + assertEquals("42.5.5", issue.getRemediation().getVersionRanges().get(0).getHighVersion()); + assertEquals(false, issue.getRemediation().getVersionRanges().get(0).getHighInclusive()); + assertNotNull(issue.getRemediation().getRemediations()); + assertEquals(1, issue.getRemediation().getRemediations().size()); + assertEquals( + RemediationCategory.VENDOR_FIX, + issue.getRemediation().getRemediations().get(0).getCategory()); + assertEquals( + "Update to version 42.5.5", issue.getRemediation().getRemediations().get(0).getDetails()); } @Test - void testResponseToIssuesWithDependencyNotInTree() throws IOException { + void testResponseToIssuesWithHighInclusiveVersionRange() throws IOException { String jsonResponse = """ { - "pkg:maven/some.other/package@1.0.0": { + "pkg:maven/org.postgresql/postgresql@42.5.0": { "details": [ - { - "identifier": "CVE-2024-1597", - "title": "Test CVE", - "status": { - "affected": [ + { + "identifier": "CVE-2024-1597", + "title": "Test CVE", + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ { - "labels": { - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ], - "ranges": [ - { - "events": [ - { - "fixed": "1.0.1" - } - ] + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:1662", + "document_id": "RHSA-2024:1662", + "title": "Advisory", + "issuer": { + "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", + "name": "Red Hat Product Security" } - ] + }, + "status": "affected", + "version_range": { + "high_version": "42.5.5", + "high_inclusive": true + }, + "remediations": [] } ] } + ] + }, + "warnings": [] + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + List issues = packageItem.issues(); + assertEquals(1, issues.size()); + + Issue issue = issues.get(0); + assertNotNull(issue.getRemediation()); + assertNull(issue.getRemediation().getFixedIn()); + assertNotNull(issue.getRemediation().getVersionRanges()); + assertEquals(1, issue.getRemediation().getVersionRanges().size()); + assertEquals("42.5.5", issue.getRemediation().getVersionRanges().get(0).getHighVersion()); + assertEquals(true, issue.getRemediation().getVersionRanges().get(0).getHighInclusive()); + } + + @Test + void testResponseToIssuesWithDependencyNotInTree() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/some.other/package@1.0.0": { + "details": [ + { + "identifier": "CVE-2024-1597", + "title": "Test CVE", + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:1662", + "document_id": "RHSA-2024:1662", + "title": "Advisory", + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ]}, "warnings": [] @@ -1087,22 +1035,25 @@ void testResponseToIssuesWithUnscannedRefs() throws IOException { { "identifier": "CVE-2024-1597", "title": "Test CVE", - "status": { - "affected": [ - { - "labels": { - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] - } - ] - } + "base_score": { + "type": "3.1", + "score": 9.8, + "severity": "critical" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ], "warnings": [] @@ -1116,22 +1067,25 @@ void testResponseToIssuesWithUnscannedRefs() throws IOException { { "identifier": "CVE-2024-1234", "title": "Test CVE", - "status": { - "affected": [ - { - "labels": { - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 7.5, - "severity": "high" - } - ] - } - ] - } + "base_score": { + "type": "3.1", + "score": 7.5, + "severity": "high" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a2", + "identifier": "advisory-2", + "document_id": "advisory-2", + "title": "Advisory", + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ] } @@ -1203,23 +1157,28 @@ void testResponseToIssuesWithInvalidSeverity() throws IOException { { "identifier": "CVE-2024-1597", "title": "Test CVE", - "status": { - "affected": [ - { - "labels": { - "type": "csaf", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 0.0, - "severity": "none" - } - ] - } - ] - } + "base_score": { + "type": "3.1", + "score": 0.0, + "severity": "none" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ], "warnings": [] @@ -1229,28 +1188,28 @@ void testResponseToIssuesWithInvalidSeverity() throws IOException { { "identifier": "CVE-2024-1234", "title": "Test CVE", - "status": { - "affected": [ - { - "labels": { - "type": "csaf", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 7.5, - "severity": "high" - }, - { - "type": "3.1", - "value": 0.0, - "severity": "none" - } - ] - } - ] - } + "base_score": { + "type": "3.1", + "score": 7.5, + "severity": "high" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a2", + "identifier": "advisory-2", + "document_id": "advisory-2", + "title": "Advisory", + "issuer": { + "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ] } @@ -1283,7 +1242,14 @@ void testResponseToIssuesWithInvalidSeverity() throws IOException { List issues = packageItem1.issues(); assertFalse(issues.isEmpty(), "CVE with invalid scores should still produce an issue"); assertEquals(1, issues.size()); - assertNull(issues.get(0).getSeverity(), "Issue with no valid scores should have null severity"); + assertEquals( + 0.0f, + issues.get(0).getCvssScore(), + "Issue with 'none' severity should still have the score"); + assertEquals( + Severity.LOW, + issues.get(0).getSeverity(), + "Issue with 'none' severity should fall back to score-based severity"); // Package with mixed valid/invalid scores should use the valid score PackageItem packageItem2 = result.pkgItems().get("pkg:maven/com.other/package@2.0.0"); @@ -1306,25 +1272,20 @@ void testResponseToIssuesWithEmptyScoresArray() throws IOException { { "identifier": "CVE-2025-24898", "title": "Test CVE with empty scores", - "status": { - "affected": [ - { - "labels": { - "importer": "osv-rustsec" - }, - "scores": [], - "ranges": [ - { - "events": [ - { - "fixed": "0.10.70" - } - ] - } - ] - } - ] - } + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": null + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ], "warnings": [] @@ -1345,4 +1306,505 @@ void testResponseToIssuesWithEmptyScoresArray() throws IOException { assertEquals("CVE-2025-24898", issues.get(0).getId()); assertNull(issues.get(0).getSeverity(), "Issue with empty scores should have null severity"); } + + @Test + void testResponseToIssuesWithFallbackToPurlStatusScores() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-9999", + "title": "CVE with scores only in purlStatus", + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "id-1", + "name": "Test Issuer" + } + }, + "status": "affected", + "scores": [ + { "value": 6.5, "severity": "medium" }, + { "value": 8.1, "severity": "high" } + ], + "version_range": null, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + List issues = packageItem.issues(); + assertEquals(1, issues.size()); + assertEquals(8.1f, issues.get(0).getCvssScore(), "Should pick highest score from purlStatus"); + assertEquals(Severity.HIGH, issues.get(0).getSeverity()); + } + + @Test + void testResponseToIssuesWithVersionRangeAllFields() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-8888", + "title": "CVE with full version range", + "base_score": { + "type": "3.1", + "score": 7.0, + "severity": "high" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "id-1", + "name": "Test Issuer" + } + }, + "status": "affected", + "version_range": { + "version_scheme_id": "semver", + "low_version": "42.0.0", + "low_inclusive": true, + "high_version": "42.5.5", + "high_inclusive": false + }, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + Issue issue = packageItem.issues().get(0); + assertNotNull(issue.getRemediation()); + var vr = issue.getRemediation().getVersionRanges().get(0); + assertEquals("semver", vr.getVersionSchemeId()); + assertEquals("42.0.0", vr.getLowVersion()); + assertEquals(true, vr.getLowInclusive()); + assertEquals("42.5.5", vr.getHighVersion()); + assertEquals(false, vr.getHighInclusive()); + assertEquals(List.of("42.5.5"), issue.getRemediation().getFixedIn()); + } + + @Test + void testResponseToIssuesWithRemediationUrl() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-7777", + "title": "CVE with remediation URL", + "base_score": { + "type": "3.1", + "score": 5.0, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "id-1", + "name": "Test Issuer" + } + }, + "status": "affected", + "version_range": null, + "remediations": [ + { + "category": "vendor_fix", + "details": "Update to latest version", + "url": "https://example.com/fix" + } + ] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + Issue issue = packageItem.issues().get(0); + assertNotNull(issue.getRemediation()); + var rem = issue.getRemediation().getRemediations().get(0); + assertEquals(RemediationCategory.VENDOR_FIX, rem.getCategory()); + assertEquals("Update to latest version", rem.getDetails()); + assertEquals("https://example.com/fix", rem.getUrl()); + } + + @Test + void testResponseToIssuesWithUnknownRemediationCategory() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-6666", + "title": "CVE with unknown remediation category", + "base_score": { + "type": "3.1", + "score": 5.0, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "id-1", + "name": "Test Issuer" + } + }, + "status": "affected", + "version_range": null, + "remediations": [ + { + "category": "unknown_category", + "details": "Some details" + } + ] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + Issue issue = packageItem.issues().get(0); + assertNotNull(issue.getRemediation()); + var rem = issue.getRemediation().getRemediations().get(0); + assertNull(rem.getCategory(), "Unknown category should result in null"); + assertEquals("Some details", rem.getDetails()); + } + + @Test + void testResponseToIssuesWithNoAdvisory() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-5555", + "title": "CVE with no advisory in purlStatus", + "base_score": { + "type": "3.1", + "score": 4.0, + "severity": "medium" + }, + "purl_statuses": [ + { + "status": "affected", + "version_range": null, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + List issues = packageItem.issues(); + assertEquals(1, issues.size()); + assertEquals("unknown", issues.get(0).getSource()); + } + + @Test + void testResponseToIssuesWithBlankIssuerName() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-4444", + "title": "CVE with blank issuer name", + "base_score": { + "type": "3.1", + "score": 6.0, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "id-1", + "name": " " + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + List issues = packageItem.issues(); + assertEquals(1, issues.size()); + assertEquals( + "unknown", issues.get(0).getSource(), "Blank issuer name should fall back to 'unknown'"); + } + + @Test + void testResponseToIssuesWithNoSeverityButScorePresent() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-3333", + "title": "CVE with score but no severity", + "base_score": { + "type": "3.1", + "score": 9.1 + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "advisory-1", + "document_id": "advisory-1", + "title": "Advisory", + "issuer": { + "id": "id-1", + "name": "Test Issuer" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + Issue issue = packageItem.issues().get(0); + assertEquals(9.1f, issue.getCvssScore()); + assertEquals( + Severity.CRITICAL, issue.getSeverity(), "Score-based severity should be CRITICAL for 9.1"); + } + + @Test + void testResponseToIssuesCveDeduplicationBySameSource() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-2222", + "title": "CVE appearing in multiple advisories from same source", + "base_score": { + "type": "3.1", + "score": 7.5, + "severity": "high" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:001", + "document_id": "RHSA-2024:001", + "title": "Advisory 1", + "issuer": { + "id": "id-1", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { + "uuid": "urn:uuid:a2", + "identifier": "RHSA-2024:002", + "document_id": "RHSA-2024:002", + "title": "Advisory 2", + "issuer": { + "id": "id-1", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + List issues = packageItem.issues(); + assertEquals(1, issues.size(), "Same CVE from same source should be deduplicated to one issue"); + assertEquals("CVE-2024-2222", issues.get(0).getId()); + assertEquals("Red Hat Product Security", issues.get(0).getSource()); + } + + @Test + void testResponseToIssuesSameCveDifferentSources() throws IOException { + String jsonResponse = + """ + { + "pkg:maven/org.postgresql/postgresql@42.5.0": { + "details": [ + { + "identifier": "CVE-2024-1111", + "title": "CVE from different sources", + "base_score": { + "type": "3.1", + "score": 6.0, + "severity": "medium" + }, + "purl_statuses": [ + { + "advisory": { + "uuid": "urn:uuid:a1", + "identifier": "RHSA-2024:001", + "document_id": "RHSA-2024:001", + "title": "Advisory 1", + "issuer": { + "id": "id-1", + "name": "Red Hat Product Security" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { + "uuid": "urn:uuid:a2", + "identifier": "GHSA-xxxx", + "document_id": "GHSA-xxxx", + "title": "GHSA Advisory", + "issuer": { + "id": "id-2", + "name": "GitHub" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] + } + ], + "warnings": [] + } + } + """; + + byte[] responseBytes = jsonResponse.getBytes(); + ProviderResponse result = + handler.responseToIssues(buildExchange(responseBytes, dependencyTree)); + + PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0"); + assertNotNull(packageItem); + List issues = packageItem.issues(); + assertEquals(2, issues.size(), "Same CVE from different sources should produce two issues"); + assertTrue(issues.stream().anyMatch(i -> "Red Hat Product Security".equals(i.getSource()))); + assertTrue(issues.stream().anyMatch(i -> "GitHub".equals(i.getSource()))); + } } diff --git a/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java b/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java index 951fcb09..fc3bc9b8 100644 --- a/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java +++ b/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java @@ -38,8 +38,10 @@ import io.github.guacsec.trustifyda.api.v5.DependencyReport; import io.github.guacsec.trustifyda.api.v5.Issue; import io.github.guacsec.trustifyda.api.v5.ProviderReport; +import io.github.guacsec.trustifyda.api.v5.Remediation; import io.github.guacsec.trustifyda.api.v5.Source; import io.github.guacsec.trustifyda.api.v5.SourceSummary; +import io.github.guacsec.trustifyda.api.v5.VersionRange; import io.github.guacsec.trustifyda.model.DependencyTree; import io.github.guacsec.trustifyda.model.DirectDependency; @@ -167,6 +169,39 @@ void setIssueRemediationAlongsideRecommendation() { assertEquals(dep.getRecommendation(), issue.getRemediation().getTrustedContent().getRef()); } + @Test + void preserveUpstreamRemediationWhenAddingTrustedContent() { + var report = buildReportWithPypiDep("pkg:pypi/requests@2.31.0"); + var dep = getFirstDep(report); + + var existingRemediation = new Remediation(); + existingRemediation.addFixedInItem("2.32.0"); + existingRemediation.addVersionRangesItem( + new VersionRange().lowVersion("2.31.0").highVersion("2.32.0")); + + var issue = new Issue().id("CVE-2024-35195").remediation(existingRemediation); + dep.issues(new ArrayList<>(List.of(issue))); + + var tree = buildTree("pkg:pypi/requests@2.31.0", Map.of("SHA-256", "abc123")); + + service.enrichReport(report, tree, PKG_PYPI_PREFIX, alwaysRecommend); + + var resultIssue = dep.getIssues().get(0); + var remediation = resultIssue.getRemediation(); + assertNotNull(remediation); + + assertNotNull(remediation.getFixedIn()); + assertEquals(1, remediation.getFixedIn().size()); + assertEquals("2.32.0", remediation.getFixedIn().get(0)); + + assertNotNull(remediation.getVersionRanges()); + assertEquals(1, remediation.getVersionRanges().size()); + assertEquals("2.31.0", remediation.getVersionRanges().get(0).getLowVersion()); + + assertNotNull(remediation.getTrustedContent()); + assertEquals(dep.getRecommendation(), remediation.getTrustedContent().getRef()); + } + @Test void noEnrichmentWhenRegistryReturnsEmpty() { var report = buildReportWithPypiDep("pkg:pypi/requests@2.31.0"); diff --git a/src/test/resources/__files/reports/batch_report.json b/src/test/resources/__files/reports/batch_report.json index 5d29b9c0..c3adfd1b 100644 --- a/src/test/resources/__files/reports/batch_report.json +++ b/src/test/resources/__files/reports/batch_report.json @@ -45,7 +45,7 @@ "id": "CVE-2024-1597", "title": "pgjdbc SQL Injection via line comment generation", "source": "osv-github", - "cvssScore": 10.0, + "cvssScore": 9.8, "severity": "CRITICAL", "cves": [ "CVE-2024-1597" @@ -68,7 +68,7 @@ "id": "CVE-2024-1597", "title": "pgjdbc SQL Injection via line comment generation", "source": "osv-github", - "cvssScore": 10.0, + "cvssScore": 9.8, "severity": "CRITICAL", "cves": [ "CVE-2024-1597" @@ -81,7 +81,7 @@ "id": "CVE-2024-1597", "title": "pgjdbc SQL Injection via line comment generation", "source": "osv-github", - "cvssScore": 10.0, + "cvssScore": 9.8, "severity": "CRITICAL", "cves": [ "CVE-2024-1597" diff --git a/src/test/resources/__files/reports/report.json b/src/test/resources/__files/reports/report.json index f1142c52..60c754f1 100644 --- a/src/test/resources/__files/reports/report.json +++ b/src/test/resources/__files/reports/report.json @@ -44,7 +44,7 @@ "id": "CVE-2024-1597", "title": "pgjdbc SQL Injection via line comment generation", "source": "osv-github", - "cvssScore": 10.0, + "cvssScore": 9.8, "severity": "CRITICAL", "cves": [ "CVE-2024-1597" @@ -67,7 +67,7 @@ "id": "CVE-2024-1597", "title": "pgjdbc SQL Injection via line comment generation", "source": "osv-github", - "cvssScore": 10.0, + "cvssScore": 9.8, "severity": "CRITICAL", "cves": [ "CVE-2024-1597" @@ -80,7 +80,7 @@ "id": "CVE-2024-1597", "title": "pgjdbc SQL Injection via line comment generation", "source": "osv-github", - "cvssScore": 10.0, + "cvssScore": 9.8, "severity": "CRITICAL", "cves": [ "CVE-2024-1597" diff --git a/src/test/resources/__files/trustify/maven_report.json b/src/test/resources/__files/trustify/maven_report.json index f788bfc8..ac4b9a55 100644 --- a/src/test/resources/__files/trustify/maven_report.json +++ b/src/test/resources/__files/trustify/maven_report.json @@ -13,33 +13,27 @@ "discovered": null, "released": null, "cwes": [], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "high", + "score": 8.2 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:6466bd7c-1996-4c47-a5c6-23b77acf12ed", "identifier": "GHSA-57j2-w4cx-62h2", "document_id": "GHSA-57j2-w4cx-62h2", - "issuer": null, - "published": "2022-03-12T00:00:36Z", - "modified": "2024-03-15T00:24:56Z", - "withdrawn": null, "title": "Deeply nested json in jackson-databind", - "labels": { - "file": "github-reviewed/2022/03/GHSA-57j2-w4cx-62h2/GHSA-57j2-w4cx-62h2.json", - "importer": "osv-github", - "source": "https://github.com/github/advisory-database", - "type": "osv" - }, - "scores": [ - { - "type": "3.1", - "value": 8.2, - "severity": "high" - } - ] - } - ] - } + "issuer": { + "name": "osv-github" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -53,33 +47,27 @@ "discovered": null, "released": null, "cwes": [], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "high", + "score": 8.2 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:355800f5-7dc0-4ccd-9b67-4a3376c9aa27", "identifier": "GHSA-jjjh-jjxp-wpff", "document_id": "GHSA-jjjh-jjxp-wpff", - "issuer": null, - "published": "2022-10-03T00:00:31Z", - "modified": "2024-09-13T18:29:13Z", - "withdrawn": null, "title": "Uncontrolled Resource Consumption in Jackson-databind", - "labels": { - "source": "https://github.com/github/advisory-database", - "type": "osv", - "file": "github-reviewed/2022/10/GHSA-jjjh-jjxp-wpff/GHSA-jjjh-jjxp-wpff.json", - "importer": "osv-github" - }, - "scores": [ - { - "type": "3.1", - "value": 8.2, - "severity": "high" - } - ] - } - ] - } + "issuer": { + "name": "osv-github" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -93,33 +81,27 @@ "discovered": null, "released": null, "cwes": [], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "high", + "score": 8.2 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:c81dee15-f217-4f82-9341-4c33fe3329ff", "identifier": "GHSA-rgv9-q543-rqg4", "document_id": "GHSA-rgv9-q543-rqg4", - "issuer": null, - "published": "2022-10-03T00:00:31Z", - "modified": "2024-12-02T16:17:21Z", - "withdrawn": null, "title": "Uncontrolled Resource Consumption in FasterXML jackson-databind", - "labels": { - "importer": "osv-github", - "source": "https://github.com/github/advisory-database", - "file": "github-reviewed/2022/10/GHSA-rgv9-q543-rqg4/GHSA-rgv9-q543-rqg4.json", - "type": "osv" - }, - "scores": [ - { - "type": "3.1", - "value": 8.2, - "severity": "high" - } - ] - } - ] - } + "issuer": { + "name": "osv-github" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ] }, @@ -140,33 +122,27 @@ "cwes": [ "CWE-757" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "medium", + "score": 6.7 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:79474942-d60c-4e59-a876-4c2cbc04649c", "identifier": "GHSA-3fhx-3vvg-2j84", "document_id": "GHSA-3fhx-3vvg-2j84", - "issuer": null, - "published": "2023-07-04T15:30:18Z", - "modified": "2023-07-06T15:32:02Z", - "withdrawn": null, "title": "quarkus-core vulnerable to client driven TLS cipher downgrading", - "labels": { - "importer": "osv-github", - "file": "github-reviewed/2023/07/GHSA-3fhx-3vvg-2j84/GHSA-3fhx-3vvg-2j84.json", - "source": "https://github.com/github/advisory-database", - "type": "osv" - }, - "scores": [ - { - "type": "3.1", - "value": 6.7, - "severity": "medium" - } - ] - } - ] - } + "issuer": { + "name": "osv-github" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -182,145 +158,95 @@ "cwes": [ "CWE-526" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "high", + "score": 7 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:3bfc1236-c7fd-4b2d-b483-ac8a8d98d5f0", "identifier": "GHSA-f8h5-v2vg-46rr", "document_id": "GHSA-f8h5-v2vg-46rr", - "issuer": null, - "published": "2024-04-04T15:30:34Z", - "modified": "2024-12-13T00:30:50Z", - "withdrawn": null, "title": "quarkus-core leaks local environment variables from Quarkus namespace during application's build", - "labels": { - "type": "osv", - "source": "https://github.com/github/advisory-database", - "file": "github-reviewed/2024/04/GHSA-f8h5-v2vg-46rr/GHSA-f8h5-v2vg-46rr.json", - "importer": "osv-github" - }, - "scores": [ - { - "type": "3.1", - "value": 7, - "severity": "high" - } - ] + "issuer": { + "name": "osv-github" + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:71539fc2-a170-4189-90b7-3584119ae418", "identifier": "https://www.redhat.com/#CVE-2024-2700", "document_id": "CVE-2024-2700", + "title": "quarkus-core: Leak of local configuration properties into Quarkus applications", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-04-03T00:00:00Z", - "modified": "2025-06-18T18:10:32Z", - "withdrawn": null, - "title": "quarkus-core: Leak of local configuration properties into Quarkus applications", - "labels": { - "source": "https://security.access.redhat.com/data/csaf/v2/vex/", - "file": "2024/cve-2024-2700.json", - "type": "csaf", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 7, - "severity": "high" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:8cd936a2-4583-40dd-ac1b-2c2eea038e7d", "identifier": "https://www.redhat.com/#CVE-2024-2700", "document_id": "CVE-2024-2700", + "title": "quarkus-core: Leak of local configuration properties into Quarkus applications", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-04-03T00:00:00Z", - "modified": "2025-03-03T16:41:17Z", - "withdrawn": null, - "title": "quarkus-core: Leak of local configuration properties into Quarkus applications", - "labels": { - "file": "2024/cve-2024-2700.json", - "source": "https://security.access.redhat.com/data/csaf/v2/vex/", - "type": "csaf", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 7, - "severity": "high" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:8d11d8c4-b7ac-4520-ac55-f0b4251b496e", "identifier": "https://www.redhat.com/#RHSA-2024_2705", "document_id": "RHSA-2024:2705", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-05-09T11:56:56Z", - "modified": "2025-06-26T02:53:02Z", - "withdrawn": null, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12 release and security update", - "labels": { - "importer": "redhat-csaf", - "file": "2024/rhsa-2024_2705.json", - "type": "csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/" - }, - "scores": [ - { - "type": "3.1", - "value": 7, - "severity": "high" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:c7ccfee4-2723-4aa5-9968-fd6e6b744102", "identifier": "https://www.redhat.com/#RHSA-2024_2106", "document_id": "RHSA-2024:2106", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.8.4 release", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-05-07T16:21:20Z", - "modified": "2025-06-26T02:53:20Z", - "withdrawn": null, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.8.4 release", - "labels": { - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "file": "2024/rhsa-2024_2106.json", - "type": "csaf", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 7, - "severity": "high" - } - ] - } - ] - } + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ], "warnings": [] @@ -342,33 +268,27 @@ "CWE-200", "CWE-377" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "medium", + "score": 5.8 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed", "identifier": "GHSA-562r-vg33-8x8h", "document_id": "GHSA-562r-vg33-8x8h", - "issuer": null, - "published": "2022-11-23T22:17:25Z", - "modified": "2024-03-29T15:42:58Z", - "withdrawn": null, "title": "TemporaryFolder on unix-like systems does not limit access to created files", - "labels": { - "type": "osv", - "importer": "osv-github", - "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json", - "source": "https://github.com/github/advisory-database" - }, - "scores": [ - { - "type": "3.1", - "value": 5.8, - "severity": "medium" - } - ] - } - ] - } + "issuer": { + "name": "osv-github" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] }, { "normative": true, @@ -384,257 +304,163 @@ "cwes": [ "CWE-89" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "critical", + "score": 9.8 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277", "identifier": "https://www.redhat.com/#RHSA-2024_1797", "document_id": "RHSA-2024:1797", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-04-22T10:59:06Z", - "modified": "2025-06-26T02:54:07Z", - "withdrawn": null, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", - "labels": { - "type": "csaf", - "file": "2024/rhsa-2024_1797.json", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:0aeb82c2-3bdd-41dd-a3e3-c30480726986", "identifier": "https://www.redhat.com/#CVE-2024-1597", "document_id": "CVE-2024-1597", + "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-02-19T00:00:00Z", - "modified": "2025-07-10T09:23:53Z", - "withdrawn": null, - "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", - "labels": { - "file": "2024/cve-2024-1597.json", - "source": "https://security.access.redhat.com/data/csaf/v2/vex/", - "importer": "redhat-csaf", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:35c6db3d-ddcc-4c6b-9c65-4fe823937971", "identifier": "https://www.redhat.com/#CVE-2024-1597", "document_id": "CVE-2024-1597", + "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-02-19T00:00:00Z", - "modified": "2025-06-25T01:49:37Z", - "withdrawn": null, - "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", - "labels": { - "source": "https://security.access.redhat.com/data/csaf/v2/vex/", - "type": "csaf", - "importer": "redhat-csaf", - "file": "2024/cve-2024-1597.json" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:6b500ddc-8971-482a-a56d-b835a77904dd", "identifier": "https://www.redhat.com/#CVE-2024-1597", "document_id": "CVE-2024-1597", + "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-02-19T00:00:00Z", - "modified": "2025-05-20T16:30:50Z", - "withdrawn": null, - "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", - "labels": { - "file": "2024/cve-2024-1597.json", - "source": "https://security.access.redhat.com/data/csaf/v2/vex/", - "importer": "redhat-csaf", - "type": "csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:7a3fa444-f1c7-4c70-9276-25ba4a25bf59", "identifier": "https://www.redhat.com/#RHSA-2024_1662", "document_id": "RHSA-2024:1662", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-04-03T10:53:02Z", - "modified": "2025-06-26T02:52:45Z", - "withdrawn": null, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", - "labels": { - "type": "csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "file": "2024/rhsa-2024_1662.json", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:9ba57b5f-e234-4a3e-b5a3-7b64cd2bf3a3", "identifier": "https://www.redhat.com/#CVE-2024-1597", "document_id": "CVE-2024-1597", + "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-02-19T00:00:00Z", - "modified": "2025-06-24T18:27:58Z", - "withdrawn": null, - "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", - "labels": { - "file": "2024/cve-2024-1597.json", - "type": "csaf", - "importer": "redhat-csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/vex/" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:b8be1866-e7a2-4e12-8c61-8b06ec95fdc7", "identifier": "https://www.redhat.com/#RHSA-2024_1797", "document_id": "RHSA-2024:1797", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-04-22T10:59:06Z", - "modified": "2025-07-10T09:25:47Z", - "withdrawn": null, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update", - "labels": { - "type": "csaf", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "importer": "redhat-csaf", - "file": "2024/rhsa-2024_1797.json" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:d5b874f9-7dde-409a-98bc-15c68f1bc52c", "identifier": "GHSA-24rp-q3w6-vc56", "document_id": "GHSA-24rp-q3w6-vc56", - "issuer": null, - "published": "2024-02-21T23:33:43Z", - "modified": "2024-02-21T23:33:43Z", - "withdrawn": null, "title": "org.postgresql:postgresql vulnerable to SQL Injection via line comment generation", - "labels": { - "type": "osv", - "source": "https://github.com/github/advisory-database", - "importer": "osv-github", - "file": "github-reviewed/2024/02/GHSA-24rp-q3w6-vc56/GHSA-24rp-q3w6-vc56.json" - }, - "scores": [ - { - "type": "3.1", - "value": 10, - "severity": "critical" - } - ] + "issuer": { + "name": "osv-github" + } }, - { + "status": "affected", + "version_range": null, + "remediations": [] + }, + { + "advisory": { "uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e", "identifier": "https://www.redhat.com/#RHSA-2024_1662", "document_id": "RHSA-2024:1662", + "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", "issuer": { "id": "aa42c1b1-0591-447c-b2bb-80888252c85f", - "name": "Red Hat Product Security", + "name": "redhat-csaf", "cpe_key": null, "website": null - }, - "published": "2024-04-03T10:53:02Z", - "modified": "2025-07-10T09:24:30Z", - "withdrawn": null, - "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update", - "labels": { - "type": "csaf", - "file": "2024/rhsa-2024_1662.json", - "source": "https://security.access.redhat.com/data/csaf/v2/advisories/", - "importer": "redhat-csaf" - }, - "scores": [ - { - "type": "3.1", - "value": 9.8, - "severity": "critical" - } - ] - } - ] - } + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ], "warnings": [] @@ -645,4 +471,4 @@ "I don't like this package" ] } -} \ No newline at end of file +} diff --git a/src/test/resources/__files/trustify/pypi_report.json b/src/test/resources/__files/trustify/pypi_report.json index 2f434210..ea49333c 100644 --- a/src/test/resources/__files/trustify/pypi_report.json +++ b/src/test/resources/__files/trustify/pypi_report.json @@ -15,33 +15,27 @@ "cwes": [ "CWE-295" ], - "status": { - "affected": [ - { + "base_score": { + "type": "3.1", + "severity": "medium", + "score": 5.6 + }, + "purl_statuses": [ + { + "advisory": { "uuid": "urn:uuid:a1b2c3d4-e5f6-7890-abcd-ef1234567890", "identifier": "GHSA-9wx4-h78v-vm56", "document_id": "GHSA-9wx4-h78v-vm56", - "issuer": null, - "published": "2024-05-20T20:15:00Z", - "modified": "2024-06-10T18:39:00Z", - "withdrawn": null, "title": "Requests Session object does not verify requests after making first request with verify=False", - "labels": { - "importer": "osv-github", - "source": "https://github.com/github/advisory-database", - "file": "github-reviewed/2024/05/GHSA-9wx4-h78v-vm56/GHSA-9wx4-h78v-vm56.json", - "type": "osv" - }, - "scores": [ - { - "type": "3.1", - "value": 5.6, - "severity": "medium" - } - ] - } - ] - } + "issuer": { + "name": "osv-github" + } + }, + "status": "affected", + "version_range": null, + "remediations": [] + } + ] } ], "warnings": []