diff --git a/pom.xml b/pom.xml
index 76906d34..35b0c524 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
3.1.1
- 2.0.9
+ 2.0.10
11.0.1
7.8.0
2.0.2
diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java b/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java
index 013d0957..9e1f4c92 100644
--- a/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java
+++ b/src/main/java/io/github/guacsec/trustifyda/integration/Constants.java
@@ -86,8 +86,8 @@ private Constants() {}
public static final String CACHE_LICENSES_PROPERTY = "cacheLicenses";
public static final String CACHE_LICENSES_HITS_PROPERTY = "cacheLicensesHits";
- public static final String TRUSTIFY_RECOMMEND_PATH = "/api/v2/purl/recommend";
- public static final String TRUSTIFY_ANALYZE_PATH = "/api/v2/vulnerability/analyze";
+ public static final String TRUSTIFY_RECOMMEND_PATH = "/api/v3/purl/recommend";
+ public static final String TRUSTIFY_ANALYZE_PATH = "/api/v3/vulnerability/analyze";
public static final String TRUSTIFY_HEALTH_PATH = "/.well-known/trustify";
public static final String DEPS_DEV_LICENSES_PATH = "/v3alpha/purlbatch";
diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java b/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java
index 5fd8ee79..500d990e 100644
--- a/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java
+++ b/src/main/java/io/github/guacsec/trustifyda/integration/providers/ProviderResponseHandler.java
@@ -44,6 +44,7 @@
import io.github.guacsec.trustifyda.api.v5.RecommendationReport;
import io.github.guacsec.trustifyda.api.v5.RecommendationSource;
import io.github.guacsec.trustifyda.api.v5.RecommendationSummary;
+import io.github.guacsec.trustifyda.api.v5.Remediation;
import io.github.guacsec.trustifyda.api.v5.Source;
import io.github.guacsec.trustifyda.api.v5.SourceSummary;
import io.github.guacsec.trustifyda.api.v5.TransitiveDependencyReport;
@@ -535,15 +536,23 @@ private void incrementCounter(PackageItem item, VulnerabilityCounter counter, bo
counter.direct.addAndGet(vulnerabilities);
}
if (i.getRemediation() != null
- && i.getRemediation().getTrustedContent() != null
- && i.getRemediation().getTrustedContent().getRef() != null) {
+ && (hasUpstreamRemediation(i.getRemediation())
+ || hasTrustedContentRemediation(i.getRemediation()))) {
counter.remediations.incrementAndGet();
}
});
}
- // The number of vulnerabilities is the total count of public CVEs
- // or if it is private it will be 1
+ private boolean hasUpstreamRemediation(Remediation r) {
+ return (r.getFixedIn() != null && !r.getFixedIn().isEmpty())
+ || (r.getVersionRanges() != null && !r.getVersionRanges().isEmpty())
+ || (r.getRemediations() != null && !r.getRemediations().isEmpty());
+ }
+
+ private boolean hasTrustedContentRemediation(Remediation r) {
+ return r.getTrustedContent() != null && r.getTrustedContent().getRef() != null;
+ }
+
private int countVulnerabilities(Issue i) {
if (i.getCves() != null && !i.getCves().isEmpty()) {
return i.getCves().size();
diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java
index b2afb0a3..3795fd87 100644
--- a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java
+++ b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregation.java
@@ -177,7 +177,12 @@ private void setTrustedContent(
.status(Vulnerability.Status.toString(vuln.getStatus()))
.justification(
Vulnerability.Justification.toString(vuln.getJustification()));
- issue.remediation(new Remediation().trustedContent(remediation));
+ var existing = issue.getRemediation();
+ if (existing == null) {
+ existing = new Remediation();
+ }
+ existing.trustedContent(remediation);
+ issue.remediation(existing);
});
}
providerResponse
diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java
index 5f296edd..4067474d 100644
--- a/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java
+++ b/src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java
@@ -20,7 +20,6 @@
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -37,15 +36,16 @@
import io.github.guacsec.trustifyda.api.PackageRef;
import io.github.guacsec.trustifyda.api.v5.Issue;
import io.github.guacsec.trustifyda.api.v5.Remediation;
+import io.github.guacsec.trustifyda.api.v5.RemediationCategory;
+import io.github.guacsec.trustifyda.api.v5.RemediationInfo;
import io.github.guacsec.trustifyda.api.v5.SeverityUtils;
+import io.github.guacsec.trustifyda.api.v5.VersionRange;
import io.github.guacsec.trustifyda.integration.Constants;
import io.github.guacsec.trustifyda.integration.backend.JsonUtils;
import io.github.guacsec.trustifyda.integration.providers.ProviderResponseHandler;
import io.github.guacsec.trustifyda.model.DependencyTree;
import io.github.guacsec.trustifyda.model.PackageItem;
import io.github.guacsec.trustifyda.model.ProviderResponse;
-import io.github.guacsec.trustifyda.model.trustify.AdvisoryScore;
-import io.github.guacsec.trustifyda.model.trustify.ScoreType;
import io.quarkus.runtime.annotations.RegisterForReflection;
import jakarta.enterprise.context.ApplicationScoped;
@@ -56,14 +56,7 @@
public class TrustifyResponseHandler extends ProviderResponseHandler {
private static final Logger LOGGER = Logger.getLogger(TrustifyResponseHandler.class);
- private static final String DEFAULT_SOURCE = "manual";
-
- private static final Map SCORE_TYPE_ORDER =
- Map.of(
- ScoreType.V4, 1,
- ScoreType.V3_1, 2,
- ScoreType.V3_0, 3,
- ScoreType.V2, 4);
+ private static final String DEFAULT_SOURCE = "unknown";
@Inject ObjectMapper mapper;
@@ -112,11 +105,10 @@ private List toIssues(JsonNode response) {
return;
}
- var status = (ObjectNode) vuln.get("status");
- if (status == null || !status.hasNonNull("affected")) {
+ var purlStatuses = (ArrayNode) vuln.get("purl_statuses");
+ if (purlStatuses == null || purlStatuses.isEmpty()) {
return;
}
- var affected = (ArrayNode) status.get("affected");
var title = JsonUtils.getTextValue(vuln, "title");
final String iTitle;
if (title == null) {
@@ -124,14 +116,16 @@ private List toIssues(JsonNode response) {
} else {
iTitle = title;
}
+
Map issuesByCveSource = new HashMap<>();
- affected.forEach(
- data -> {
- if (data.hasNonNull("withdrawn")) {
+ purlStatuses.forEach(
+ purlStatus -> {
+ var advisory = purlStatus.get("advisory");
+ if (advisory != null && advisory.hasNonNull("withdrawn")) {
return;
}
- var source = getSource(data);
+ var source = getSource(purlStatus);
if (source == null) {
return;
}
@@ -140,7 +134,7 @@ private List toIssues(JsonNode response) {
return;
}
var issue = new Issue().id(id).title(iTitle).source(source).cves(List.of(id));
- setCvssData(issue, data);
+ setCvssData(issue, vuln, purlStatus);
issuesByCveSource.put(key, issue);
});
issues.addAll(issuesByCveSource.values());
@@ -163,69 +157,122 @@ private List getWarnings(JsonNode entryValue) {
return warnings;
}
- private void setCvssData(Issue issue, JsonNode node) {
- var scores = (ArrayNode) node.get("scores");
-
- if (scores != null && !scores.isEmpty()) {
- var advisoryScores = getAdvisoryScore(issue.getId(), scores);
- if (!advisoryScores.isEmpty()) {
- var score = advisoryScores.get(0);
- issue.cvssScore(score.score().floatValue());
- if (score.severity() != null) {
- issue.setSeverity(score.severity());
- } else {
- issue.setSeverity(SeverityUtils.fromScore(score.score().floatValue()));
+ private void setCvssData(Issue issue, JsonNode vuln, JsonNode purlStatus) {
+ Float score = null;
+ String severity = null;
+
+ var baseScore = vuln.get("base_score");
+ if (baseScore != null && !baseScore.isNull()) {
+ score = baseScore.has("score") ? (float) baseScore.get("score").asDouble() : null;
+ severity = JsonUtils.getTextValue(baseScore, "severity");
+ }
+
+ if (score == null) {
+ var scores = purlStatus.get("scores");
+ if (scores != null && scores.isArray() && !scores.isEmpty()) {
+ for (var entry : scores) {
+ var entryValue = entry.has("value") ? (float) entry.get("value").asDouble() : null;
+ if (entryValue != null && (score == null || entryValue > score)) {
+ score = entryValue;
+ severity = JsonUtils.getTextValue(entry, "severity");
+ }
}
}
}
- var ranges = (ArrayNode) node.get("ranges");
- if (ranges == null) {
- return;
+
+ if (score != null) {
+ issue.cvssScore(score);
+ }
+ if (severity != null) {
+ try {
+ issue.setSeverity(SeverityUtils.fromValue(severity.toUpperCase()));
+ } catch (IllegalArgumentException e) {
+ LOGGER.infof("Unknown severity value: %s, falling back to score-based severity", severity);
+ if (score != null) {
+ issue.setSeverity(SeverityUtils.fromScore(score));
+ }
+ }
+ } else if (score != null) {
+ issue.setSeverity(SeverityUtils.fromScore(score));
}
+
var r = new Remediation();
- ranges.forEach(
- rangeNode -> {
- var events = (ArrayNode) rangeNode.get("events");
- events.forEach(
- eventNode -> {
- var fixed = JsonUtils.getTextValue(eventNode, "fixed");
- if (fixed != null) {
- r.addFixedInItem(fixed);
- }
- });
- });
- issue.setRemediation(r);
- }
+ boolean hasRemediation = false;
- private List getAdvisoryScore(String cveId, ArrayNode scores) {
- var result = new ArrayList();
- scores.forEach(
- score -> {
- try {
- var scoreType = ScoreType.fromValue(JsonUtils.getTextValue(score, "type"));
- var severity = JsonUtils.getTextValue(score, "severity");
- var scoreValue = score.get("value").asDouble();
- result.add(
- new AdvisoryScore(
- scoreType, SeverityUtils.fromValue(severity.toUpperCase()), scoreValue));
- } catch (IllegalArgumentException e) {
- LOGGER.infof(
- "Unable to parse advisory score: %s for CVE %s: %s",
- score.toString(), cveId, e.getMessage());
- }
- });
+ var versionRange = purlStatus.get("version_range");
+ if (versionRange != null && !versionRange.isNull()) {
+ var vr = new VersionRange();
+ var schemeId = JsonUtils.getTextValue(versionRange, "version_scheme_id");
+ if (schemeId != null) {
+ vr.versionSchemeId(schemeId);
+ }
+ var lowVersion = JsonUtils.getTextValue(versionRange, "low_version");
+ if (lowVersion != null) {
+ vr.lowVersion(lowVersion);
+ }
+ var lowInclusive = JsonUtils.getBooleanValue(versionRange, "low_inclusive");
+ if (lowInclusive != null) {
+ vr.lowInclusive(lowInclusive);
+ }
+ var highVersion = JsonUtils.getTextValue(versionRange, "high_version");
+ var highInclusive = JsonUtils.getBooleanValue(versionRange, "high_inclusive");
+ if (highVersion != null) {
+ vr.highVersion(highVersion);
+ if (highInclusive == null || !highInclusive) {
+ r.addFixedInItem(highVersion);
+ }
+ }
+ if (highInclusive != null) {
+ vr.highInclusive(highInclusive);
+ }
+ r.addVersionRangesItem(vr);
+ hasRemediation = true;
+ }
- result.sort(
- Comparator.comparing(advisoryScore -> SCORE_TYPE_ORDER.get(advisoryScore.scoreType())));
- return result;
+ var remediations = (ArrayNode) purlStatus.get("remediations");
+ if (remediations != null && !remediations.isEmpty()) {
+ remediations.forEach(
+ rem -> {
+ var info = new RemediationInfo();
+ var category = JsonUtils.getTextValue(rem, "category");
+ if (category != null) {
+ try {
+ info.category(RemediationCategory.fromValue(category.toUpperCase()));
+ } catch (IllegalArgumentException e) {
+ LOGGER.infof("Unknown remediation category: %s", category);
+ }
+ }
+ var details = JsonUtils.getTextValue(rem, "details");
+ if (details != null) {
+ info.details(details);
+ }
+ var url = JsonUtils.getTextValue(rem, "url");
+ if (url != null) {
+ info.url(url);
+ }
+ r.addRemediationsItem(info);
+ });
+ hasRemediation = true;
+ }
+
+ if (hasRemediation) {
+ issue.setRemediation(r);
+ }
}
- private String getSource(JsonNode node) {
- var labels = node.get("labels");
- var importer = JsonUtils.getTextValue(labels, "importer");
- if (importer == null || importer.isBlank()) {
+ private String getSource(JsonNode purlStatus) {
+ var advisory = purlStatus.get("advisory");
+ if (advisory == null) {
+ return DEFAULT_SOURCE;
+ }
+ var issuer = advisory.get("issuer");
+ if (issuer == null || issuer.isNull()) {
+ return DEFAULT_SOURCE;
+ }
+ var name = JsonUtils.getTextValue(issuer, "name");
+ if (name == null || name.isBlank()) {
return DEFAULT_SOURCE;
}
- return importer;
+ return name;
}
}
diff --git a/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java b/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java
index b88f34ca..5c58ccae 100644
--- a/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java
+++ b/src/main/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentService.java
@@ -111,7 +111,14 @@ private Set enrichExistingDependencies(
depReport
.getIssues()
.forEach(
- issue -> issue.remediation(new Remediation().trustedContent(trustedContent)));
+ issue -> {
+ var existing = issue.getRemediation();
+ if (existing == null) {
+ existing = new Remediation();
+ }
+ existing.trustedContent(trustedContent);
+ issue.remediation(existing);
+ });
}
// Backward compat: set deprecated per-dependency recommendation
diff --git a/src/main/java/io/github/guacsec/trustifyda/model/trustify/AdvisoryScore.java b/src/main/java/io/github/guacsec/trustifyda/model/trustify/AdvisoryScore.java
deleted file mode 100644
index 18f56ed9..00000000
--- a/src/main/java/io/github/guacsec/trustifyda/model/trustify/AdvisoryScore.java
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright 2023-2025 Trustify Dependency Analytics Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.github.guacsec.trustifyda.model.trustify;
-
-import io.github.guacsec.trustifyda.api.v5.Severity;
-
-public record AdvisoryScore(ScoreType scoreType, Severity severity, Double score) {}
diff --git a/src/main/java/io/github/guacsec/trustifyda/model/trustify/ScoreType.java b/src/main/java/io/github/guacsec/trustifyda/model/trustify/ScoreType.java
deleted file mode 100644
index 410cba7c..00000000
--- a/src/main/java/io/github/guacsec/trustifyda/model/trustify/ScoreType.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2023-2025 Trustify Dependency Analytics Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.github.guacsec.trustifyda.model.trustify;
-
-import java.util.Arrays;
-
-public enum ScoreType {
- V2("2"),
- V3_0("3.0"),
- V3_1("3.1"),
- V4("4");
-
- private final String value;
-
- ScoreType(String value) {
- this.value = value;
- }
-
- public String getValue() {
- return value;
- }
-
- public static ScoreType fromValue(String value) {
- return Arrays.stream(ScoreType.values())
- .filter(scoreType -> scoreType.getValue().equals(value))
- .findFirst()
- .orElse(null);
- }
-}
diff --git a/src/main/resources/freemarker/templates/generated/main.js b/src/main/resources/freemarker/templates/generated/main.js
index 657968c5..cfbdd243 100644
--- a/src/main/resources/freemarker/templates/generated/main.js
+++ b/src/main/resources/freemarker/templates/generated/main.js
@@ -1 +1 @@
-!function(){"use strict";var e={4712:function(e,n,r){var i=r(1477),t=r(5741),a=(r(9220),r(4685)),o=r(3457),l=r(3710);function c(e){var n=[];return Object.keys(e.providers).forEach(function(r){var i=e.providers[r].sources;void 0!==i&&Object.keys(i).length>0?Object.keys(i).forEach(function(e){n.push({provider:r,source:e,report:i[e]})}):"trusted-content"!==r&&n.push({provider:r,source:r,report:{}})}),n.sort(function(e,n){return 0===Object.keys(e.report).length&&0===Object.keys(n.report).length?1:Object.keys(n.report).length-Object.keys(e.report).length})}function s(e){var n,r;if(!e||!e.provider)return"unknown";var i=null!==(n=e.provider)&&void 0!==n?n:"unknown";return i===(null!==(r=e.source)&&void 0!==r?r:"unknown")?i:"".concat(e.provider,"/").concat(e.source)}function d(e){var n;return!(!e.remediation||!(e.remediation.fixedIn||null!==(n=e.remediation)&&void 0!==n&&n.trustedContent))}function u(e){var n=[];return e.map(function(e){return{dependencyRef:e.ref,vulnerabilities:e.issues||[]}}).forEach(function(e){var r;null===(r=e.vulnerabilities)||void 0===r||r.forEach(function(r){r.cves&&r.cves.length>0?r.cves.forEach(function(i){n.push({id:i,dependencyRef:e.dependencyRef,vulnerability:r})}):n.push({id:r.id,dependencyRef:e.dependencyRef,vulnerability:r})})}),n.sort(function(e,n){return n.vulnerability.cvssScore-e.vulnerability.cvssScore})}var h=r(9292),v=r(6180),g=r(9341),p=r(3844),x=r(2881),f=r(4900),m=r(3144),j=r(2092),y=r(5767),I=r(4646),A=r(260),C=r(1352),b=r(3571),w=r(2995),N=r(9133),T=r(628),S=r(2972),M=r(8056),E=r(2008),O=r(481),P=["#800000","#FF0000","#FFA500","#5BA352","#808080"],D=function(e){var n,r,i,t,a,o,l=e.summary,c=null!==(n=null===l||void 0===l?void 0:l.critical)&&void 0!==n?n:0,s=null!==(r=null===l||void 0===l?void 0:l.high)&&void 0!==r?r:0,d=null!==(i=null===l||void 0===l?void 0:l.medium)&&void 0!==i?i:0,u=null!==(t=null===l||void 0===l?void 0:l.low)&&void 0!==t?t:0,h=null!==(a=null===l||void 0===l?void 0:l.unknown)&&void 0!==a?a:0,v=null!==(o=null===l||void 0===l?void 0:l.total)&&void 0!==o?o:0,g=c+s+d+u+h>0,p=g?P:["#D5F5E3"],x=[{name:"Critical: ".concat(c),symbol:{type:"square",fill:P[0]}},{name:"High: ".concat(s),symbol:{type:"square",fill:P[1]}},{name:"Medium: ".concat(d),symbol:{type:"square",fill:P[2]}},{name:"Low: ".concat(u),symbol:{type:"square",fill:P[3]}},{name:"Unknown: ".concat(h),symbol:{type:"square",fill:P[4]}}];return(0,O.jsx)("div",{children:(0,O.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,O.jsx)(M.a,{children:(0,O.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,O.jsx)(E.H,{constrainToVisibleArea:!0,data:g?[{x:"Critical",y:c},{x:"High",y:s},{x:"Medium",y:d},{x:"Low",y:u},{x:"Unknown",y:h}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return g?"".concat(n.x,": ").concat(n.y):"No vulnerabilities"},legendData:x,legendOrientation:"vertical",legendPosition:"right",padding:{left:20,right:140},subTitle:"Unique vulnerabilities",title:"".concat(v),width:350,colorScale:p})})})})})},k="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMTJweCIgaGVpZ2h0PSIxM3B4IiB2aWV3Qm94PSIwIDAgMTIgMTMiIGlkPSJTZWN1cml0eUNoZWNrSWNvbiIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDx0aXRsZT5Db21iaW5lZCBTaGFwZTwvdGl0bGU+CiAgICA8ZyBpZD0iTXVsdGktdmVuZG9yIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyBpZD0iT3ZlcnZpZXctQ29weSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyMDcsIC05OTMpIiBmaWxsPSIjM0U4NjM1Ij4KICAgICAgICAgICAgPGcgaWQ9IkRldGFpbHMtb2YtZGVwZW5kZW5jeS1jb20uZ2l0aHViIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjcsIDgxOSkiPgogICAgICAgICAgICAgICAgPGcgaWQ9IkRlcGVuZGVuY3ktMSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMTQ0KSI+CiAgICAgICAgICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTkiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDc4MC4xNzI4LCAyNCkiPgogICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iR3JvdXAtNCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMy4yKSI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iSWNvbnMvMi4tU2l6ZS1zbS9BY3Rpb25zL2NoZWNrIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLCAyLjgpIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTAuNTU2NTc4OSwwIEMxMC43OTA2MjQ5LDAgMTAuOTc5MzMyMiwwLjE4MTU0Mjk2OSAxMC45NzkzMzIyLDAuNDA2MjUgTDEwLjk3OTMzMjIsNS43NDA4MjAzMSBDMTAuOTc5MzMyMiw5Ljc1IDYuMjQwODE5MDcsMTMgNS40OTU3OTI5NiwxMyBDNC43NTA3NjY4NCwxMyAwLDkuNzUgMCw1LjczOTU1MDc4IEwwLDAuNDA2MjUgQzAsMC4xODE1NDI5NjkgMC4xODg3MDcyNzIsMCAwLjQyMjc1MzMwNCwwIFogTTguNTQyNzc4ODMsMy4xMTc4MjY2NyBMNC43OTEyOTYxLDYuODkwODczNTMgTDMuMDM5ODEzMzgsNS4xMjkzMjQ0IEMyLjg4MzYwOSw0Ljk3MjIwNjgzIDIuNjMwMzI4MTIsNC45NzIyMDY4MyAyLjQ3NDEyMzc1LDUuMTI5MzI0NCBMMS45MDg0NDkzOCw1LjY5ODI2NTU2IEMxLjc1MjI0NTAxLDUuODU1MzgzMTIgMS43NTIyNDUwMSw2LjExMDEwNDQ5IDEuOTA4NDQ5MzgsNi4yNjcyMDY3MSBMNC41MDg0NTc5Nyw4Ljg4MjE1OTkxIEM0LjY2NDY0NzA4LDkuMDM5Mjc3NDcgNC45MTc5MTI3LDkuMDM5Mjc3NDcgNS4wNzQxMzIzMyw4Ljg4MjE3NTI1IEw5LjY3NDE0MjgyLDQuMjU1NzA4OTggQzkuODMwMzQ3Miw0LjA5ODU5MTQxIDkuODMwMzQ3MiwzLjg0Mzg3MDA0IDkuNjc0MTQyODIsMy42ODY3Njc4MiBMOS4xMDg0Njg0NiwzLjExNzgyNjY3IEM4Ljk1MjI2NDA4LDIuOTYwNzI0NDQgOC42OTg5ODMyLDIuOTYwNzI0NDQgOC41NDI3Nzg4MywzLjExNzgyNjY3IFoiIGlkPSJDb21iaW5lZC1TaGFwZSI+PC9wYXRoPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgICAgICAgICA8L2c+CiAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICA8L2c+CiAgICAgICAgPC9nPgogICAgPC9nPgo8L3N2Zz4=",F=r(296),L=r(3029),B=r(2901),R="maven",z="https://central.sonatype.com/artifact/",U="https://pkg.go.dev/",W="https://www.npmjs.com/package/",Z="https://pypi.org/project/",V="pkg:",K=/%[0-9A-Fa-f]{2}/,G=function(e){var n="";return e.namespace&&(n=e.type===R?"".concat(e.namespace,":"):"".concat(e.namespace,"/")),n+="".concat(e.name)},Y=function(e,n){var r=re.fromString(e),i=G(r),t=r.version?decodeURIComponent(r.version):"";return n?i+"@".concat(t):i},H=function(e){var n=re.fromString(e);if(n.qualifiers&&n.qualifiers.has("repository_url")){var r=decodeURIComponent(n.qualifiers.get("repository_url")||"");r.endsWith("/")&&(r=r.substring(0,r.length-1));var i=n.namespace;return i&&(i=i.replace(/\./g,"/")),"".concat(r,"/").concat(i,"/").concat(n.name,"/").concat(n.version)}var t=z;return n.namespace?"".concat(z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):t},Q=function(e){var n=re.fromString(e);switch(n.type){case R:return"".concat(z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version);case"golang":var r=n.version;return null!==r&&void 0!==r&&r.match(/v\d\.\d.\d-\d{14}-\w{12}/)?"".concat(U).concat(n.namespace,"/").concat(n.name):"".concat(U).concat(n.namespace,"/").concat(n.name,"@").concat(n.version);case"npm":return n.namespace?"".concat(W).concat(n.namespace,"/").concat(n.name,"/v/").concat(n.version):"".concat(W).concat(n.name,"/v/").concat(n.version);case"pypi":return n.namespace?"".concat(Z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):"".concat(Z).concat(n.name,"/").concat(n.version);case"deb":return"".concat("https://sources.debian.org/patches/").concat(n.name,"/").concat(n.version);case"cargo":return"".concat("https://crates.io/crates/").concat(n.name,"/").concat(n.version);default:return n.toString()}},X=function(e){var n=re.fromString(e).version;return n?decodeURIComponent(n):""},q=function(e,n){var r=re.fromString(e),i=encodeURIComponent(G(r));return n.remediationTemplate.replace("__PACKAGE_TYPE__",r.type).replace("__PACKAGE_NAME__",i).replace("__PACKAGE_VERSION__",r.version||"")},J=function(e){return e.toLowerCase().replace(/./,function(e){return e.toUpperCase()})},_=function(e){var n=$(e),r="";if(n.repository_url){var i=n.repository_url.indexOf("/");r+=-1!==i?n.repository_url.substring(i+1):""}else r+="".concat(n.short_name);return n.tag&&(r+=":".concat(n.tag)),r},$=function(e){var n=e.split("?"),r=n[0],i=n[1],t=new URLSearchParams(i),a=t.get("repository_url")||"",o=t.get("tag")||"",l=t.get("arch")||"",c=r.split("@");return{repository_url:a,tag:o,short_name:c[0].substring(c[0].indexOf("/")+1),version:r.substring(r.lastIndexOf("@")).replace("%3A",":"),arch:l}},ee=function(e,n,r,i){var t=c(n),a=i||"";for(var o in t){var l=t[o].report.dependencies;if(l){var s=Object.values(l).find(function(n){var r,i=n.ref,t=decodeURIComponent(i),a=(r=e,K.test(r)?decodeURIComponent(e):e);return re.fromString(t).toString()===re.fromString(a).toString()});if(s&&s.recommendation&&a){var d=decodeURIComponent(s.recommendation);if(void 0!==ne(d,r))return a+_(d)}}}return a},ne=function(e,n){var r=JSON.parse(n).find(function(n){return re.fromString(n.purl).toString()===re.fromString(e).toString()});return null===r||void 0===r?void 0:r.catalogUrl},re=function(){function e(n,r,i,t,a){(0,L.A)(this,e),this.type=void 0,this.namespace=void 0,this.name=void 0,this.version=void 0,this.qualifiers=void 0,this.type=n,this.namespace=r,this.name=i,this.version=t,this.qualifiers=a}return(0,B.A)(e,[{key:"toString",value:function(){var e=this.name;return this.version&&(e+="@".concat(this.version)),this.namespace?"".concat(V).concat(this.type,"/").concat(this.namespace,"/").concat(e):this.qualifiers?"".concat(V).concat(this.type,"/").concat(e,"?").concat(Array.from(this.qualifiers.entries()).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return"".concat(r,"=").concat(i)}).join("&")):"".concat(V).concat(this.type,"/").concat(e)}}],[{key:"fromString",value:function(n){var r,i,t=n.replace(V,""),a=t.indexOf("?");-1!==a&&(i=t.substring(a+1),t=t.substring(0,a));var o,l,c=t.substring(0,t.indexOf("/")),s=t.split("/");s.length>2&&(o=s.slice(1,s.length-1).join("/")),-1!==t.indexOf("@")&&(l=t.substring(t.indexOf("@")+1));var d=s[s.length-1];return l&&(d=d.substring(0,d.indexOf("@"))),new e(c,o,d,l,new Map((null===(r=i)||void 0===r?void 0:r.split("&").map(function(e){return e.split("=")}))||[]))}}])}(),ie={PERMISSIVE:"#0066CC",WEAK_COPYLEFT:"#3E8635",STRONG_COPYLEFT:"#F0AB00",UNKNOWN:"#C46100"},te={PERMISSIVE:"Permissive",WEAK_COPYLEFT:"Weak copyleft",STRONG_COPYLEFT:"Strong copyleft",UNKNOWN:"Unknown"};function ae(e){if(!e)return 1;switch(e.toUpperCase().replace(/-/g,"_")){case"PERMISSIVE":return 4;case"WEAK_COPYLEFT":return 3;case"STRONG_COPYLEFT":return 2;default:return 1}}var oe="#F0AB00";function le(e){var n;if(!e)return te.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=te[r])&&void 0!==n?n:e}function ce(e){var n;if(!e)return ie.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=ie[r])&&void 0!==n?n:ie.UNKNOWN}function se(e){var n;if(e){var r=e.toUpperCase().replace(/-/g,"_");n="PERMISSIVE"===r?"blue":"WEAK_COPYLEFT"===r?"green":"STRONG_COPYLEFT"===r?"yellow":"gray"}else n="gray";return n}var de=["PERMISSIVE","WEAK_COPYLEFT","STRONG_COPYLEFT","UNKNOWN"];function ue(e){if(!e)return de.length;var n=e.toUpperCase().replace(/-/g,"_"),r=de.indexOf(n);return r>=0?r:de.length}var he=function(e){var n,r,i,t,a,o=e.summary,l=null!==(n=o.permissive)&&void 0!==n?n:0,c=null!==(r=o.strongCopyleft)&&void 0!==r?r:0,s=null!==(i=o.unknown)&&void 0!==i?i:0,d=null!==(t=o.weakCopyleft)&&void 0!==t?t:0,u=null!==(a=o.total)&&void 0!==a?a:0,h=l+c+s+d>0,v=[{name:"Permissive: ".concat(l),symbol:{type:"square",fill:ie.PERMISSIVE}},{name:"Weak Copyleft: ".concat(d),symbol:{type:"square",fill:ie.WEAK_COPYLEFT}},{name:"Strong Copyleft: ".concat(c),symbol:{type:"square",fill:ie.STRONG_COPYLEFT}},{name:"Unknown: ".concat(s),symbol:{type:"square",fill:ie.UNKNOWN}}];return(0,O.jsx)("div",{children:(0,O.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,O.jsx)(M.a,{children:(0,O.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,O.jsx)(E.H,{constrainToVisibleArea:!0,data:h?[{x:"Permissive",y:l},{x:"Weak Copyleft",y:d},{x:"Strong Copyleft",y:c},{x:"Unknown",y:s}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return h?"".concat(n.x,": ").concat(n.y):"No licenses"},legendData:v,legendOrientation:"vertical",legendPosition:"right",padding:{left:0,right:160},subTitle:"Total licenses",title:"".concat(u),width:350,colorScale:Object.values(ie)})})})})})},ve=r(4102),ge={width:"16px",height:"16px",verticalAlign:"middle"},pe="330px";var xe=function(e){var n,r,i=e.report,t=e.isReportMap,a=e.purl,d=Kn(),u=d.brandingConfig||{displayName:"Trustify",exploreUrl:"https://guac.sh/trustify/",exploreTitle:"Learn more about Trustify",exploreDescription:"The Trustify project is a collection of software components that enables you to store and retrieve Software Bill of Materials (SBOMs), and advisory documents.",imageRecommendation:"",imageRecommendationLink:""},M=Boolean(u.exploreTitle.trim().length>0)&&Boolean(u.exploreUrl.trim().length>0)&&Boolean(u.exploreDescription.trim().length>0),E=Boolean(t)&&u.imageRecommendation.trim().length>0&&u.imageRecommendationLink.trim().length>0,P=i.licenses||[],F=(null!==(n=i.licenses)&&void 0!==n?n:[]).filter(function(e){return e.summary.total>0}),L=null===(r=i.licenses)||void 0===r?void 0:r.find(function(e){return"SBOM"===e.status.name}),B=null===L||void 0===L?void 0:L.projectLicense,R=Boolean(B),z=function(){return(0,O.jsx)("img",{src:"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAON0lEQVR4nOxad1xTV/s/mYwQRkBWGCJDFERZgqCvoDhQKuKroghVpK2COIqK9VVrXWhx4oIiIKKoIAilIlgHqFAKssIeIeywQhIIWTfr97nxTX9IwVaI/et9Pp/7ObnPedb33vPc85xzghYIBAg0Gi0BExCPy1UsKytd3EahWAqFIqy2jnaHo5NznpaWVv9EOslJSbsvn4+8mnAv2d5m7txymLdlw/piFoulnpX7bOZEejCxWCyVQRqNiMFg+Dq6up1oNFoE82urq+119fQ6Ncf4RXh7etaJxWKss4tLrrmFRZW2jna3UCjC9PZQp1dVVjoVFxWtHBkZUR+thEKhoKXLlqfuDgs7pKenRx0bRFdn5/QN3mvqdXT1Ojds8r3aUF8/L+fJkyC/gIALYeGHDo6VF4lEyMz09O1pqSk7yU1N8yQSCQrmKysrM//l7p7lv3XbxcePHn1FNCC2bd0edOkDAD/duHE0NvrmqfGeBgqFEtg5OLxauWr1Q2ubOcUCAVBraCAvfPU8x/u3t69cNQiEvpj4hKWmZmZ1Y3WfPX3qe/qH47e4XC4evl+0eHH6mcjz/srKyrzRcgw6XWv/3j1pVZWViwkEAtVtydJMoqFhAwTxVSvLK1xKfi9aiUAgRBgsFtLV1aWk//LEhsvlKvZQu41nmJo1IiQSCYj7Kea7mOvXz862si78JiTkHCQQq6mrq/dPNzFtgYRIQ9ogx7WLyvJhDPEdZI7byCTwJPUSwOOVu5LT0m01NTVpY0H0UqkGXiuWd3qvW3fp2ImT+8f2QxCEDQoIeN1QXzc/aMeOH4K+2XFOQm6x4WZm7RI0NDpJOBxcG5+PutzZatAkFEh19PSJlP6+XuKla9e9XRcteoaGmV/t2Hmuoa7eNv/Vy43KOBwT4miFNLZzPBvbu6RKbBYDNNQUAojPAybmtkCXaAqmm80FK31Cwc8PIw1uRkWdPnby5M6xASoqKXGlraIib7w3nHAr9kB9Xa3zvgMHv/XfuvUKKz7xB1byg2NtAgipikSCaSg0MAIAnFPXAmGMAdAmEoIeaveMsPDwUDh42AZSZuzQkSN7sFjsSOzNG987zNPdAwAQwvyermaQcG0fyM+9A37LSwHJsd+BtoYXeWp4bJXZLEegZ2AOcp9m+3M4HOXxgpyIID4fk3r//rcWlpZlfgEBUZzcX/2Kbt8+HjjYg9zDHADb6H0gYpguEhkZViogkOAbFbU/dGk0mq7s9x8Apmlr96364ou7pSUly+g0qsRAXyUd5r/MjgcYNIJ5ISrKKzH5vuNsK+vff34U72JjqbRWTRVbaWHlAvh8Pq6upsb+UwDUVFc7Dg8Pa32xxvsOUixGdMbFR5wcogOhqmp/cOjuI55eXomFfC7qjqnRG9xX2w/YYBSADlKa2yApIeFoVkaG3wcAYPJYviINbgvevPEyNlBLgfOjj9oClnt6JrstWZptbWNT+nXwzuNCoVChhdxgbWmmeVmdoCPVHejvN/gUANTubhO4NbOwIEENTY4l3d3GPCAB3x09Fhy0Y0fEqbPnAh2dnJ7nZGd/qeLnexEz0+KdKRoDcCoqg3cePHTAYDAiAQShPgAwx8amGM746iqSk/Y05dcIBAIoKuPhp+XM5/MVYJmyd6XucNtKoZgpKaFbDYxnAfsFXgCvqjb0KQAAABIzC4uK6SYmzaKeHgMIvJ+KxGIxQiYgFArhHJV2oC1nFktbNFpkZW1d5unllYLBYkXo0RZxKirs6SYmteWlpW5oFGAqKaEpDgu8ZhS8fGDvs3pVkwoez6SQyTaw7PUrVy49y83rdvUIBG4rt4ocnS0KPiX6xUuWZHl6eT0QCgSYxHfFi++ODEv5P54+Fd1KabFqb2szrygrc1+/0feaFNgATZ8sFAAi0ZQy2g5yrOEVq1bfZ9DpetlZWQFGRPzj+Yt8wJLVQQCjoKohEYtRG3w3RT1+km26Zp1vKqW5lph0cz8ofHGbyhqiK3wKABwON5L38sW6DWvX1t56cH+3ERoNglXUgNIIe1pcTMyJF8+e+XksX5G878CBcKihcd67woLV/WIRcHZxzRltRzoPjCYOm41b772mhsNmq12PTVjb1I5O5UMieKALjQzwqRpqiiTWCGTa1jnsT+vvVs7PuS1uJVcicTgc85uQkO83bvaLxmAw0i8Yk8HQ9PjXIpqvn1/EwcP/OSLz0dzUZBV55sy1ivIydw0CoTd0777Dbh3dtrysJ3vgeGgmxuXTAracJBgbt0ClZR79iUnHw6gd6gMYNOvxk2xzbR2dvgkBwESqrHQMDtr+CoVCibcEhmaoaduvAwgUXtbf2VYH2luqgNMib67bQjP/lsZ3vMvnI6Oo3d1mZhYWlfsPHdpla2df8vDevZ1XLl64Nmfu3LwTZyK2q6urM25eu3rq8aNHwfDY9vn3+piQPXuOq6mrM0hFRe66sbcvgvZ229GxdAkFIHKYAVpEAnD42PdB/964MeGjb0BG1SSS4/Ej/0nqaG+3xCooAW3d6QCJQgPGIBWwhgbhOoUVfuRosNeaNcmwPI/HU3yYfG9XYlzckZGREQ1dPb3W3p4eEwVFRTafx1OG5TFYLHeIydSZ7+z8dN+BA4csZlrWwLo/3bxx+FZ0dMQ0VTWaIyTU0kehAF8iAQ1CCJRBfIBEo6G9+/eHbfYPuPGnQGEAE10Qn4/KyszYsm9XSMbqZR7kFe5undv9t+THxcQcptFomuPpDAwMaO8NCc60t7aSnDt96rJAIEBVkUjzXOzt2IudnegFb94sG6sjEokQGWlp2zas9a6A9WTXAjvbkSPh4XcpLWTLiWL8KIDJXonx8QfhAFrIZBMZL/iroJyVS9wpf6VLHxwk1NfVzm0hky34fD7mr+T/9BWSBxkaGTbB7dNfsgLFYjFoa221qCaRXAwNDVv/SleDQKBbzppNmmFq2oTFYgV/JT9hDkyF4Po+cMuW3+pqa5xUVVV72Wy2JsyPuhm9wtnFJU+uzj7HEIKv4aEh/OXz58/AQ2nTOp+SyooKp8/h57MBgC8Gna4JA4iMOHPmc/n4LDnwT9L/APxNQnwuw58FwOO0R4GV5eUuo1jSlcilyMgfmQwGQZ6+5A4gMS7uYMSJEwlsNltVxhOJeVhIOKT29nW+z9fbtr4ZYjLV5eVPrgCam5pmRV+/dtraxqZwnp1dwQi/Tbrq6man7Pul2o5p7UE2b6VQrM6fPRslL59yBfDw3r3dEokEeTLirD9A0zUKyIHPR/fPcxOBGTZC8Gtujt9Af7+OPHzKFUB1FcnFzNycZGRs3NbUf+uAQMz601CZNV8ELxvRDXV1tvLwKVcAPVTqdD19/Q749yC7YsF4Mqqa70uXnp4eI3n4lBuArs5OIy6Xq2ZoZNwI33MFvcTx5KYZvAdAaWmxlodfuQEoKixcCbe2dnZvOVCvDiSk648nh1MDQFNfDIoKC5bDlepUSW4AMh+nf43H4wcXuLq+6B3OX/UxWWtXIeju6pr5W0HBsqn6lQuArIyMLY319Q6b/P0vYxUUoFZaytcfk7ddIgIKyhJw9dLFCxAEYabie8oA2lpbzS/8eO6mPpHYvHV70MXeofzlTG7VuAksIyUcAAvXCuA8sLl59eq4W/t/l6YEgMvlKoXtDs2A+HyFExERW9EYMbKy6+SVv6PrsFwEZswRgeSkOwffvs73nGwMUwLw4O7dkI72dquQPXsP2drZF5V1fBfLhtpnwX1CAQCtNe/ND3QhwNCY0wMkEgDvXRBQVhUhI06ejIEgCDuZGCa9pBSLxQiv5ctasVgsPy3rl9k9rNy1JW17pZvD1BYEyLyBBUO0/38+CIQEuH6hNLhiM57OEXSYy/ilz1Hg+V0sOPNjpO+KVatSPzWOSb+BstJS1/6+PuP1vpuuo9FIUV1P1HHw36d9/5wCAEJCX1h4+J7b95KdL1+/sdphvvOvBVk8zaost1wTzc3XZXbmLBQBNEYCfn2Wu2EycaAnC4BUUb4IvD/7yqGza+xG+JQ58P3rdDQQCVCCG0mxyyxnz66WybsuWpSzd1dIVtrDtF0bfDNma+JarAbZJe4KSgAQzcWgmkT6aOJPRJN+A50dHTMQCITQwNCwZWCkeDGQbhAA0FqFgkH9PDp4qSMkUvLltsDzcLH39vXr1Rba2y/K+rSIYkAfHCTyuNxP2iCeEgD2CFtJUUmJhUKhJByIKj3cEEJw8iIA0cCgfTydadra0iPZISZTi4Cb907GR/93JuDxeCr/GAANgsYwl8PR4PP5WCB5fyiBUQBAWVUMSBXjF3KN9fXSCtTA0KhZdnAhDZwNJzlCpILH0/8xAKZmZrVwW19bO08Jq9ct41stEIHamhqXlPvJH5xa9lCp+jeuRp3G4XCMJR4emQxOzR/ldG8bEhgYGTV97B8DE9Gkk3i+8wLpYiXv5YsNAcEef3z+FvoIAaUaBc6fPRud9/KVj72jw9uB/gG93KfZfjwuVyUi8vx6dQ0NRlXz7W9heWY/AH3tSOCz3nFSO3ZT2loM9N9SQG5unp2ZnW1Z2r85f4TfKp3E4CGR/wgDagpRQMBHwMNDbDVnTvHOXaFH5rvMf0PqPB1Bod0Nh2Wf3UGD8pcYEHs70cXOwaHoHwXwNj9/xbe7Q3MXuy9J333c/VFZx4GHHxpXZqiIlv1squ+ZQtDQ7WVyau3IA4l7h3nN0nM2eMJLOqUAHBydc6Pj4idVTkx5c/fooUOJuU+ztwYEboucv7bdkDr0dPPf0RvoRoAHZxUACqE+cDcl1Z5IJHZOxv+UAfB4PExYaGh2SfHvy9yWuqUv/ZJG4CDeuX9Mp+EdEuTEY4FEpMi5Gh3jae/o+Gay/v8vAAD//4wb/4wEdbX7AAAAAElFTkSuQmCC",alt:"Trustify Icon",style:ge})},U=1+(F.length>0?1:0),W=Math.min(12,Math.max(1,Math.floor(12/U))),Z=1+Number(R)+Number(E)+Number(M);4===Z&&(Z=2);var V=Math.min(12,Math.max(1,Math.floor(12/Z)));return(0,O.jsxs)(o.x,{hasGutter:!0,children:[(0,O.jsxs)(h.h,{headingLevel:"h3",size:h.J["2xl"],style:{paddingLeft:"15px"},children:[(0,O.jsx)(v.I,{isInline:!0,status:"info",children:(0,O.jsx)(S.Ay,{style:{fill:"#f0ab00"}})}),"\xa0",u.displayName," overview of security issues"]}),(0,O.jsx)(g.c,{}),(0,O.jsx)(l.E,{md:12,lg:W,children:(0,O.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,O.jsx)(x.a,{children:(0,O.jsx)(f.Z,{children:(0,O.jsx)(m.X,{style:{fontSize:"large"},children:t?(0,O.jsxs)(O.Fragment,{children:[a?_(a):"No Image name"," - Vendor Issues"]}):(0,O.jsx)(O.Fragment,{children:"Vendor Issues"})})})}),(0,O.jsxs)(j.b,{children:[(0,O.jsx)(y.W,{children:(0,O.jsx)(I.d,{children:(0,O.jsx)(m.X,{children:"Below is a list of dependencies affected with CVE."})})}),(0,O.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"10px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:c(i).map(function(e,n){return(0,O.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,O.jsx)(m.X,{style:{fontSize:"large"},children:s(e)}),(0,O.jsx)(I.d,{children:(0,O.jsx)(D,{summary:e.report.summary})})]},n)})})]}),(0,O.jsx)(g.c,{})]})}),F.length>0&&(0,O.jsx)(l.E,{md:12,lg:W,children:(0,O.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,O.jsx)(x.a,{children:(0,O.jsx)(f.Z,{children:(0,O.jsx)(m.X,{style:{fontSize:"large"},children:"License Summary"})})}),(0,O.jsx)(j.b,{children:(0,O.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"30px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:F.map(function(e,n){return(0,O.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,O.jsx)(m.X,{style:{fontSize:"large"},children:e.status.name||"Unknown"}),(0,O.jsx)(I.d,{children:(0,O.jsx)(he,{summary:e.summary})})]},n)})})})]})}),(0,O.jsxs)(l.E,{md:V,children:[(0,O.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,O.jsxs)(y.W,{children:[(0,O.jsx)(f.Z,{component:"h4",children:(0,O.jsxs)(m.X,{style:{fontSize:"large"},children:[z(),"\xa0",u.displayName," Dependency Remediations"]})}),(0,O.jsx)(j.b,{children:(0,O.jsx)(I.d,{children:(0,O.jsx)(C.B8,{isPlain:!0,children:c(i).map(function(e,n){var r=e&&e.source&&e.provider?e.source===e.provider?e.provider:"".concat(e.provider,"/").concat(e.source):"default_value";return Object.keys(e.report).length>0?(0,O.jsxs)(b.c,{children:[(0,O.jsx)(v.I,{isInline:!0,status:"success",children:(0,O.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",e.report.summary.remediations," remediations are available for ",r]}):(0,O.jsxs)(b.c,{children:[(0,O.jsx)(v.I,{isInline:!0,status:"success",children:(0,O.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0 There are no available remediations for your SBOM at this time for ",e.provider]})})})})})]})}),"\xa0"]}),R&&B&&(0,O.jsxs)(l.E,{md:V,children:[(0,O.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,O.jsxs)(y.W,{children:[(0,O.jsx)(f.Z,{component:"h4",children:(0,O.jsxs)(m.X,{style:{fontSize:"large"},children:["Project License ",(0,O.jsx)(w.o,{children:(0,O.jsx)(N.J,{color:se(B.category),children:B.expression||B.name||"\u2014"})})]})}),(0,O.jsx)(j.b,{children:(0,O.jsxs)(I.d,{children:[(0,O.jsx)(y.W,{children:(0,O.jsx)(m.X,{children:"License incompatibilities"})}),(0,O.jsx)(C.B8,{isPlain:!0,children:P.map(function(e,n){var r=function(e,n){for(var r=0,i=ae(n),t=0,a=Object.values(e);t=400||Object.keys(e.warnings).length>0},i=Object.keys(n.providers).map(function(e){return n.providers[e].status}).filter(function(e){return!e.ok||r(e)}),t=function(e){return e.ok&&!r(e)?fe.w.info:e.code>=500?fe.w.danger:fe.w.warning},a=function(e){var n=e.message;return e.ok&&r(e)?"".concat(J(e.name),": ").concat(Object.keys(e.warnings).length," package(s) could not be analyzed"):"".concat(J(e.name),": ").concat(n)};return(0,O.jsx)(O.Fragment,{children:i.map(function(e,n){return(0,O.jsx)(fe.F,{variant:t(e),title:a(e)},n)})})},je=r(6919),ye=r(5501),Ie=r(1792),Ae=r(3093),Ce=r(297),be=r(4072),we=r(6464),Ne=function(e){function n(e){var r;return(0,L.A)(this,n),(r=(0,je.A)(this,n,[e])).state={hasError:!1,error:null},r}return(0,ye.A)(n,e),(0,B.A)(n,[{key:"componentDidCatch",value:function(e,n){console.error("Report rendering error:",e,n)}},{key:"render",value:function(){var e;return this.state.hasError?(0,O.jsx)(M.a,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--200)",minHeight:"100vh"},children:(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ae.o,{icon:(0,O.jsx)(Ce.q,{icon:we.Ay,color:"var(--pf-v5-global--danger-color--100)"}),titleText:"Something went wrong",headingLevel:"h2"}),(0,O.jsx)(be.h,{children:(null===(e=this.state.error)||void 0===e?void 0:e.message)||"An unexpected error occurred while rendering the report."})]})}):this.props.children}}],[{key:"getDerivedStateFromError",value:function(e){return{hasError:!0,error:e}}}])}(i.Component),Te=r(6334),Se=r(4248),Me=r(4471),Ee=r(9379),Oe=r(8380),Pe=r(1417),De=r(7066),ke=r(2227),Fe=r(99),Le=r(7172),Be=r(8516),Re=r(8579),ze=r(9205),Ue=r(8099),We=r(4785),Ze=r(4224),Ve=r(5772),Ke=r(4593),Ge=r(8480),Ye=r(5458),He=r(4546),Qe=function(e){return e[e.SET_PAGE=0]="SET_PAGE",e[e.SET_SORT_BY=1]="SET_SORT_BY",e}(Qe||{}),Xe={changed:!1,currentPage:{page:1,perPage:10},sortBy:void 0},qe=function(e,n){switch(n.type){case Qe.SET_PAGE:var r=n.payload;return(0,Ee.A)((0,Ee.A)({},e),{},{changed:!0,currentPage:{page:r.page,perPage:r.perPage}});case Qe.SET_SORT_BY:var i=n.payload;return(0,Ee.A)((0,Ee.A)({},e),{},{changed:!0,sortBy:{index:i.index,direction:i.direction}});default:return e}},Je=r(2514),_e=r(3842),$e=function(e){var n,r=e.count,i=e.params,t=e.isTop,a=e.perPageOptions,o=e.onChange,l=function(){return i.perPage||10};return(0,O.jsx)(Je.d,{itemCount:r,page:i.page||1,perPage:l(),onPageInput:function(e,n){o({page:n,perPage:l()})},onSetPage:function(e,n){o({page:n,perPage:l()})},onPerPageSelect:function(e,n){o({page:1,perPage:n})},widgetId:"pagination-options-menu",variant:t?Je.A.top:Je.A.bottom,perPageOptions:(n=a||[10,20,50,100],n.map(function(e){return{title:String(e),value:e}})),toggleTemplate:function(e){return(0,O.jsx)(_e.D,(0,Ee.A)({},e))}})},en=r(9694),nn=r(6911),rn=r(1413),tn=function(e){var n=e.numRenderedColumns,r=e.isLoading,i=void 0!==r&&r,t=e.isError,a=void 0!==t&&t,o=e.isNoData,l=void 0!==o&&o,c=e.errorEmptyState,s=void 0===c?null:c,d=e.noDataEmptyState,u=void 0===d?null:d,v=e.children,g=(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ce.q,{icon:we.Ay,color:rn.D.value}),(0,O.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"Unable to connect"}),(0,O.jsx)(be.h,{children:"There was an error retrieving data. Check your connection and try again."})]}),p=(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ce.q,{icon:nn.Ay}),(0,O.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"No data available"}),(0,O.jsx)(be.h,{children:"No data available to be shown here."})]});return(0,O.jsx)(O.Fragment,{children:i?(0,O.jsx)(We.N,{children:(0,O.jsx)(ze.Tr,{children:(0,O.jsx)(Ze.Td,{colSpan:n,children:(0,O.jsx)(M.a,{children:(0,O.jsx)(en.y,{size:"xl"})})})})}):a?(0,O.jsx)(We.N,{"aria-label":"Table error",children:(0,O.jsx)(ze.Tr,{children:(0,O.jsx)(Ze.Td,{colSpan:n,children:(0,O.jsx)(M.a,{children:s||g})})})}):l?(0,O.jsx)(We.N,{"aria-label":"Table no data",children:(0,O.jsx)(ze.Tr,{children:(0,O.jsx)(Ze.Td,{colSpan:n,children:(0,O.jsx)(M.a,{children:u||p})})})}):v})};function an(e){var n=e.name,r=e.items,t=e.getRowKey,a=e.columns,o=e.filterConfig,l=e.compareToByColumn,c=e.filterItem,s=e.renderExpandContent,d=e.ariaLabelPrefix,u=void 0===d?"Table":d,h=e.expandId,v=void 0===h?"compound-expand-table":h,g=e.defaultExpanded,x=void 0===g?{}:g,f=e.initialSortBy,m=(0,i.useState)(""),y=(0,F.A)(m,2),I=y[0],A=y[1],C=function(e){var n=(0,i.useReducer)(qe,(0,Ee.A)((0,Ee.A)({},Xe),{},{currentPage:e&&e.page?(0,Ee.A)({},e.page):(0,Ee.A)({},Xe.currentPage),sortBy:e&&e.sortBy?(0,Ee.A)({},e.sortBy):Xe.sortBy})),r=(0,F.A)(n,2),t=r[0],a=r[1],o=(0,i.useCallback)(function(e){var n;a({type:Qe.SET_PAGE,payload:{page:e.page>=1?e.page:1,perPage:null!==(n=e.perPage)&&void 0!==n?n:Xe.currentPage.perPage}})},[]),l=(0,i.useCallback)(function(e,n,r,i){a({type:Qe.SET_SORT_BY,payload:{index:n,direction:r}})},[]);return{page:t.currentPage,sortBy:t.sortBy,changePage:o,changeSortBy:l}}(f?{sortBy:f}:void 0),b=C.page,w=C.sortBy,N=C.changePage,T=C.changeSortBy,S=function(e){var n=e.items,r=e.currentSortBy,t=e.currentPage,a=e.filterItem,o=e.compareToByColumn;return(0,i.useMemo)(function(){var e,i=(0,Ye.A)(n||[]).filter(a),l=!1;return e=(0,Ye.A)(i).sort(function(e,n){var i=o(e,n,null===r||void 0===r?void 0:r.index);return 0!==i&&(l=!0),i}),l&&(null===r||void 0===r?void 0:r.direction)===He.l.desc&&(e=e.reverse()),{pageItems:e.slice((t.page-1)*t.perPage,t.page*t.perPage),filteredItems:i}},[n,t,r,o,a])}({items:r,currentPage:b,currentSortBy:w,compareToByColumn:l,filterItem:function(e){return c(e,I)}}),M=S.pageItems,E=S.filteredItems,P=(0,i.useState)(x),D=(0,F.A)(P,2),k=D[0],L=D[1],B=function(e,n,r,i){return{isExpanded:k[t(e)]===n,onToggle:function(){return function(e,n){var r=!(arguments.length>2&&void 0!==arguments[2])||arguments[2],i=t(e),a=(0,Ee.A)({},k);r?a[i]=n:delete a[i],L(a)}(e,n,k[t(e)]!==n)},expandId:v,rowIndex:r,columnIndex:i}},R=a.length;return(0,O.jsx)(p.Z,{children:(0,O.jsx)(j.b,{children:(0,O.jsxs)("div",{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:[(0,O.jsx)(Oe.M,{children:(0,O.jsxs)(Pe.P,{children:[(0,O.jsx)(De.h,{toggleIcon:(0,O.jsx)(Ke.Ay,{}),breakpoint:"xl",children:(0,O.jsx)(ke.T,{variant:"search-filter",children:(0,O.jsx)(Fe.D,{id:n+o.idSuffix,style:{width:"250px"},placeholder:o.placeholder,value:I,onChange:function(e,n){return A(n)},onClear:function(){return A("")}})})}),(0,O.jsx)(ke.T,{variant:ke.U.pagination,align:{default:"alignRight"},children:(0,O.jsx)($e,{isTop:!0,count:E.length,params:b,onChange:N})})]})}),(0,O.jsxs)(Le.X,{"aria-label":(null!==n&&void 0!==n?n:u)+" table",variant:Be.a.compact,children:[(0,O.jsx)(Re.d,{children:(0,O.jsx)(ze.Tr,{children:a.map(function(e,n){return(0,O.jsx)(Ue.Th,{width:e.width,sort:null!=e.sortIndex?{columnIndex:e.sortIndex,sortBy:(0,Ee.A)({},w),onSort:T}:void 0,children:e.header},e.key)})})}),(0,O.jsx)(tn,{isNoData:0===E.length,numRenderedColumns:R,noDataEmptyState:(0,O.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,O.jsx)(Ae.o,{icon:(0,O.jsx)(Ce.q,{icon:Ge.Ay}),titleText:"No results found",headingLevel:"h2"}),(0,O.jsx)(be.h,{children:"Clear all filters and try again."})]}),children:null===M||void 0===M?void 0:M.map(function(e,n){var r,i=t(e),o=k[i],l=!!o;return(0,O.jsxs)(We.N,{isExpanded:l,children:[(0,O.jsx)(ze.Tr,{children:a.map(function(r,i){return(0,O.jsx)(Ze.Td,{width:r.width,dataLabel:r.header,component:0===i?"th":void 0,compoundExpand:r.compoundExpand?B(e,r.key,n,i):void 0,children:r.render(e)},r.key)})}),l&&o?(0,O.jsx)(ze.Tr,{isExpanded:!0,children:(0,O.jsx)(Ze.Td,{dataLabel:null===(r=a.find(function(e){return e.key===o}))||void 0===r?void 0:r.header,noPadding:!0,colSpan:R,children:(0,O.jsx)(Ve.g,{children:(0,O.jsx)("div",{className:"pf-v5-u-m-md",children:s(e,o)})})})}):null]},i)})})]}),(0,O.jsx)($e,{isTop:!1,count:E.length,params:b,onChange:N})]})})})}var on=function(e){var n=e.name,r=e.showVersion,i=void 0!==r&&r;return(0,O.jsx)(O.Fragment,{children:(0,O.jsx)("a",{href:Q(n),target:"_blank",rel:"noreferrer",children:Y(n,i)})})},ln=function(e){var n=e.packageName;e.cves;return(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,status:"success",children:(0,O.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",(0,O.jsx)("a",{href:H(n),target:"_blank",rel:"noreferrer",children:X(n)})]})},cn=function(e){var n,r,i,t=e.packageRef,a=e.vulnerability,o=Kn();return(0,O.jsx)(O.Fragment,{children:null===(null===(n=a.remediation)||void 0===n?void 0:n.fixedIn)||0===(null===(r=a.remediation)||void 0===r||null===(i=r.fixedIn)||void 0===i?void 0:i.length)?(0,O.jsx)("p",{}):(0,O.jsx)("a",{href:q(t,o),target:"_blank",rel:"noreferrer",children:a.id})})},sn=r(8559),dn=r(7540),un=r(8762),hn=r(974),vn=function(e){var n,r=e.vulnerability;switch(r.severity){case"CRITICAL":n="bar-critical";break;case"HIGH":n="bar-high";break;case"MEDIUM":n="bar-medium";break;case"LOW":n="bar-low";break;default:n="bar-default"}return(0,O.jsx)(O.Fragment,{children:(0,O.jsx)(sn.B,{hasGutter:!0,children:(0,O.jsx)(dn.o,{isFilled:!0,children:(0,O.jsx)(un.k,{title:"".concat(r.cvssScore,"/10"),"aria-label":"cvss-score",value:r.cvssScore,min:0,max:10,size:un.j.sm,measureLocation:hn.Ri.none,className:"".concat(n)})})})})},gn=function(e){var n,r,i=e.vulnerability;switch(i.severity){case"CRITICAL":r="#800000";break;case"HIGH":r="#FF0000";break;case"MEDIUM":r="#FFA500";break;case"LOW":r="#5BA352";break;default:r="grey"}return(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:r,height:"13px"}})}),"\xa0",J(null!==(n=i.severity)&&void 0!==n?n:"UNKNOWN")]})},pn=function(e){var n,r,i=e.id,t=Kn();return(0,O.jsx)("a",{href:(n=i,r=t,r.cveIssueTemplate.replace("__ISSUE_ID__",n)),target:"_blank",rel:"noreferrer",children:i})},xn=r(4486),fn=function(e){var n=e.title,r=i.useState(!1),t=(0,F.A)(r,2),a=t[0],o=t[1];return(0,O.jsx)(xn.Q,{variant:xn.J.truncate,toggleText:a?"Show less":"Show more",onToggle:function(e,n){o(n)},isExpanded:a,children:n||"-"})},mn=function(e){var n,r,i,t,a,o=e.item,l=(e.providerName,e.rowIndex);return a=o.vulnerability.cves&&o.vulnerability.cves.length>0?o.vulnerability.cves:[o.vulnerability.id],(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ze.Td,{children:a.map(function(e,n){return(0,O.jsx)("p",{children:(0,O.jsx)(pn,{id:e})},n)})}),(0,O.jsx)(Ze.Td,{children:(0,O.jsx)(fn,{title:o.vulnerability.title})}),(0,O.jsx)(Ze.Td,{noPadding:!0,children:(0,O.jsx)(gn,{vulnerability:o.vulnerability})}),(0,O.jsx)(Ze.Td,{children:(0,O.jsx)(vn,{vulnerability:o.vulnerability})}),(0,O.jsx)(Ze.Td,{children:(0,O.jsx)(on,{name:o.dependencyRef,showVersion:!0})}),(0,O.jsx)(Ze.Td,{children:null!==(n=o.vulnerability.remediation)&&void 0!==n&&n.trustedContent?(0,O.jsx)(ln,{cves:o.vulnerability.cves||[],packageName:null===(r=o.vulnerability.remediation)||void 0===r||null===(i=r.trustedContent)||void 0===i?void 0:i.ref},l):null!==(t=o.vulnerability.remediation)&&void 0!==t&&t.fixedIn?(0,O.jsx)(cn,{packageRef:o.dependencyRef,vulnerability:o.vulnerability}):d(o.vulnerability)?null:(0,O.jsx)("span",{})})]},l)},jn=function(e){var n=e.providerName,r=e.transitiveDependencies;return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" transitive vulnerabilities",children:[(0,O.jsx)(Re.d,{children:(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ue.Th,{width:15,children:"Vulnerability ID"}),(0,O.jsx)(Ue.Th,{width:20,children:"Description"}),(0,O.jsx)(Ue.Th,{width:10,children:"Severity"}),(0,O.jsx)(Ue.Th,{width:15,children:"CVSS Score"}),(0,O.jsx)(Ue.Th,{width:20,children:"Transitive Dependency"}),(0,O.jsx)(Ue.Th,{width:20,children:"Remediation"})]})}),(0,O.jsx)(tn,{isNoData:0===r.length,numRenderedColumns:7,children:u(r).map(function(e,r){return(0,O.jsx)(We.N,{children:(0,O.jsx)(mn,{item:e,providerName:n,rowIndex:r})},r)})})]})})},yn=function(e){var n=e.providerName,r=e.dependency,i=e.vulnerabilities;return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" direct vulnerabilities",children:[(0,O.jsx)(Re.d,{children:(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ue.Th,{width:15,children:"Vulnerability ID"}),(0,O.jsx)(Ue.Th,{width:20,children:"Description"}),(0,O.jsx)(Ue.Th,{width:10,children:"Severity"}),(0,O.jsx)(Ue.Th,{width:15,children:"CVSS Score"}),(0,O.jsx)(Ue.Th,{width:20,children:"Direct Dependency"}),(0,O.jsx)(Ue.Th,{width:20,children:"Remediation"})]})}),(0,O.jsx)(tn,{isNoData:0===i.length,numRenderedColumns:6,children:null===i||void 0===i?void 0:i.map(function(e,i){var t=[];return e.cves&&e.cves.length>0?e.cves.forEach(function(e){return t.push(e)}):e.unique&&t.push(e.id),(0,O.jsx)(We.N,{children:t.map(function(t,a){return(0,O.jsx)(mn,{item:{id:e.id,dependencyRef:r.ref,vulnerability:e},providerName:n,rowIndex:i},"".concat(i,"-").concat(a))})},i)})})]})})},In=r(1640),An=function(e){var n=e.vulnerabilities,r=void 0===n?[]:n,i=e.transitiveDependencies,t=void 0===i?[]:i,a={CRITICAL:0,HIGH:0,MEDIUM:0,LOW:0,UNKNOWN:0};return r.length>0?r.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++}):null===t||void 0===t||t.forEach(function(e){var n;null===(n=e.issues)||void 0===n||n.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++})}),(0,O.jsxs)(In.Z,{children:[a.CRITICAL>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#800000",height:"13px"}})}),"\xa0",a.CRITICAL,"\xa0"]}),a.HIGH>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#FF0000",height:"13px"}})}),"\xa0",a.HIGH,"\xa0"]}),a.MEDIUM>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#FFA500",height:"13px"}})}),"\xa0",a.MEDIUM,"\xa0"]}),a.LOW>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#5BA352",height:"13px"}})}),"\xa0",a.LOW,"\xa0"]}),a.UNKNOWN>0&&(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:"#808080",height:"13px"}})}),"\xa0",a.UNKNOWN]})]})},Cn=function(e){var n,r,i=e.dependency,t=null===(n=i.issues)||void 0===n?void 0:n.some(function(e){return d(e)}),a=(null===(r=i.transitive)||void 0===r?void 0:r.some(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.some(function(e){return d(e)})}))||!1;return(0,O.jsx)(O.Fragment,{children:t||a?"Yes":"No"})},bn=function(e){var n=e.name,r=e.dependencies,i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,O.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"direct",header:"Direct Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n,r;return null!==(n=e.issues)&&void 0!==n&&n.length?(0,O.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,O.jsx)("div",{style:{width:"25px"},children:null===(r=e.issues)||void 0===r?void 0:r.length}),(0,O.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,O.jsx)(An,{vulnerabilities:e.issues})]}):0}},{key:"transitive",header:"Transitive Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n;return null!==(n=e.transitive)&&void 0!==n&&n.length?(0,O.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,O.jsx)("div",{style:{width:"25px"},children:e.transitive.map(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.length}).reduce(function(){return(arguments.length>0&&void 0!==arguments[0]?arguments[0]:0)+(arguments.length>1&&void 0!==arguments[1]?arguments[1]:0)})}),(0,O.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,O.jsx)(An,{transitiveDependencies:e.transitive})]}):0}},{key:"rhRemediation",header:"Remediation available",width:15,render:function(e){return(0,O.jsx)(Cn,{dependency:e})}}];return(0,O.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-dependency-filter"},compareToByColumn:function(e,n,r){return 1===r?e.ref.localeCompare(n.ref):0},filterItem:function(e,n){var r,i;return!!(null!==(r=e.issues)&&void 0!==r&&r.length||null!==(i=e.transitive)&&void 0!==i&&i.length)&&(!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase()))},renderExpandContent:function(e,r){var i,t;return"direct"===r&&null!==(i=e.issues)&&void 0!==i&&i.length?(0,O.jsx)(yn,{providerName:n,dependency:e,vulnerabilities:e.issues}):"transitive"===r&&null!==(t=e.transitive)&&void 0!==t&&t.length?(0,O.jsx)(jn,{providerName:n,transitiveDependencies:e.transitive}):null},ariaLabelPrefix:"Dependencies",expandId:"compound-expandable-example",defaultExpanded:{"siemur/test-space":"name"}})},wn=de;var Nn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=e.countBy,a="identifiers"===(void 0===t?"evidence":t)?function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){(e.identifiers||[]).forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++})}),n}(r):function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++}),n}(r);return(0,O.jsx)(In.Z,{children:wn.map(function(e){return a[e]>0&&(0,O.jsxs)(i.Fragment,{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:ie[e],height:"13px"}})}),"\xa0",a[e],"\xa0"]},e)})})},Tn=function(e){var n=e.concluded;return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(A.B,{children:[(0,O.jsxs)(y.W,{children:[(0,O.jsx)(m.X,{children:"License name"}),(0,O.jsx)(I.d,{children:n.name||"\u2014"})]}),(0,O.jsxs)(y.W,{children:[(0,O.jsx)(m.X,{children:"Expression"}),(0,O.jsx)(I.d,{children:n.expression||"\u2014"})]}),(0,O.jsxs)(y.W,{children:[(0,O.jsx)(m.X,{children:"Category"}),(0,O.jsx)(I.d,{children:n.category?le(n.category):"\u2014"})]})]})})},Sn=r(5435),Mn="Evidence",En="Expression",On="Identifiers",Pn="Category",Dn="Status";function kn(e){var n,r=e.info,i=null!==(n=null===r||void 0===r?void 0:r.identifiers)&&void 0!==n?n:[],t=i.some(function(e){return!0===e.isDeprecated}),a=i.some(function(e){return!0===e.isOsiApproved}),o=i.some(function(e){return!0===e.isFsfLibre});return t||a||o?(0,O.jsxs)(Sn.s,{gap:{default:"gapSm"},alignItems:{default:"alignItemsCenter"},children:[t&&(0,O.jsx)(In.Z,{children:(0,O.jsx)("span",{title:"Deprecated identifier",children:(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:oe,height:"13px"}})})})}),a&&(0,O.jsx)(In.Z,{children:(0,O.jsx)("img",{src:"https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/open-source-initiative.svg",alt:"OSI Approved",title:"OSI Approved",style:{height:"1.1em",verticalAlign:"middle"}})}),o&&(0,O.jsx)(In.Z,{children:(0,O.jsx)("img",{src:"https://www.gnu.org/graphics/fsf-logo-notext-small.png",alt:"FSF Libre",title:"FSF Free/Libre",style:{height:"1.1em",verticalAlign:"middle"}})})]}):(0,O.jsx)(O.Fragment,{children:"\u2014"})}var Fn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=(0,i.useMemo)(function(){return(0,Ye.A)(r).sort(function(e,n){return ue(e.category)-ue(n.category)})},[r]);return(0,O.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,O.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":"Evidence licenses",children:[(0,O.jsx)(Re.d,{children:(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ue.Th,{width:30,children:Mn}),(0,O.jsx)(Ue.Th,{width:20,children:En}),(0,O.jsx)(Ue.Th,{width:25,children:On}),(0,O.jsx)(Ue.Th,{width:15,children:Pn}),(0,O.jsx)(Ue.Th,{width:10,children:Dn})]})}),(0,O.jsx)(tn,{isNoData:0===t.length,numRenderedColumns:5,children:(0,O.jsx)(We.N,{children:t.map(function(e,n){var r,i,t,a=e.name||(null===(r=e.identifiers)||void 0===r?void 0:r.map(function(e){return e.name||e.id}).join(", "))||e.expression||"\u2014",o=e.expression||"\u2014",l=null!==(i=null===(t=e.identifiers)||void 0===t?void 0:t.map(function(e){return e.id}))&&void 0!==i?i:[],c=e.category||"\u2014",s=ce(e.category);return(0,O.jsxs)(ze.Tr,{children:[(0,O.jsx)(Ze.Td,{dataLabel:Mn,children:a}),(0,O.jsx)(Ze.Td,{dataLabel:En,children:o}),(0,O.jsx)(Ze.Td,{dataLabel:On,style:{whiteSpace:"pre-line"},children:l.length?l.join("\n"):"\u2014"}),(0,O.jsx)(Ze.Td,{dataLabel:Pn,children:"\u2014"!==c?(0,O.jsxs)("span",{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:s,height:"13px"}})}),"\xa0",le(e.category)]}):"\u2014"}),(0,O.jsx)(Ze.Td,{dataLabel:Dn,children:(0,O.jsx)(kn,{info:e})})]},n)})})})]})})};var Ln=function(e){var n=e.name,r=function(e){return Object.entries(e||{}).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return{ref:r,concluded:i.concluded,evidence:i.evidence||[]}})}(e.dependencies),i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,O.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"concluded",header:"Concluded",width:20,sortIndex:2,compoundExpand:!0,render:function(e){var n;if(!e.concluded)return"\u2014";var r=e.concluded.expression||e.concluded.name||"\u2014",i=null===(n=e.concluded.identifiers)||void 0===n?void 0:n.some(function(e){return!0===e.isDeprecated});return(0,O.jsxs)("span",{style:{display:"inline-flex",alignItems:"center",gap:6},children:[i&&(0,O.jsx)(v.I,{isInline:!0,title:"Concluded license is deprecated",children:(0,O.jsx)(ve.Ay,{style:{fill:"#F0AB00",height:"13px"}})}),r]})}},{key:"category",header:"Category",width:15,sortIndex:3,render:function(e){var n;return null!==(n=e.concluded)&&void 0!==n&&n.category?(0,O.jsxs)("span",{children:[(0,O.jsx)(v.I,{isInline:!0,children:(0,O.jsx)(ve.Ay,{style:{fill:ce(e.concluded.category),height:"13px"}})}),"\xa0",le(e.concluded.category)]}):"\u2014"}},{key:"evidences",header:"Evidences",width:25,compoundExpand:!0,render:function(e){var n;return null!==(n=e.evidence)&&void 0!==n&&n.length?(0,O.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,O.jsx)("div",{style:{width:"25px"},children:e.evidence.length}),(0,O.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,O.jsx)(Nn,{evidence:e.evidence,countBy:"identifiers"})]}):0}}];return(0,O.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-license-filter"},compareToByColumn:function(e,n,r){switch(r){case 1:return e.ref.localeCompare(n.ref);case 2:var i,t,a,o,l=(null===(i=e.concluded)||void 0===i?void 0:i.expression)||(null===(t=e.concluded)||void 0===t?void 0:t.name)||"",c=(null===(a=n.concluded)||void 0===a?void 0:a.expression)||(null===(o=n.concluded)||void 0===o?void 0:o.name)||"";return l.localeCompare(c);case 3:var s,d,u=(null===(s=e.concluded)||void 0===s?void 0:s.category)||"",h=(null===(d=n.concluded)||void 0===d?void 0:d.category)||"";return u.localeCompare(h);default:return 0}},filterItem:function(e,n){return!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase())},renderExpandContent:function(e,n){var r;return"concluded"===n&&e.concluded?(0,O.jsx)(Tn,{concluded:e.concluded}):"evidences"===n&&null!==(r=e.evidence)&&void 0!==r&&r.length?(0,O.jsx)(Fn,{evidence:e.evidence}):null},ariaLabelPrefix:"Licenses",expandId:"evidences-compound-expand",initialSortBy:{index:3,direction:"desc"}})},Bn=r(1157),Rn="vulnerabilities",zn="licenses",Un=function(e){var n=e.report,r=Kn(),t=c(n),o=t.length>0,l=(0,i.useMemo)(function(){var e;return(null!==(e=n.licenses)&&void 0!==e?e:[]).filter(function(e){return e.summary.total>0})},[n.licenses]),d=l.length>0,u=o?s(t[0]):null,h=d?l[0].status.name:null,v=i.useState(o?Rn:zn),g=(0,F.A)(v,2),p=g[0],x=g[1],f=i.useState(null!==u&&void 0!==u?u:0),m=(0,F.A)(f,2),j=m[0],y=m[1],I=i.useState(null!==h&&void 0!==h?h:0),A=(0,F.A)(I,2),C=A[0],b=A[1],w=r.writeKey&&""!==r.writeKey.trim()?Bn.N.load({writeKey:r.writeKey}):null,N=(0,i.useRef)("");(0,i.useEffect)(function(){w&&null!=r.anonymousId&&w.setAnonymousId(r.anonymousId)},[w,r.anonymousId]),(0,i.useEffect)(function(){d&&null!=h&&(new Set(l.map(function(e){return e.status.name})).has(String(C))||b(h))},[d,h,l,C]);var T=p===Rn?j:C;(0,i.useEffect)(function(){w&&T!==N.current&&(w.track("rhda.exhort.tab",{tabName:T}),N.current=T)},[w,T]);var S=[];return o&&S.push((0,O.jsx)(Te.o,{eventKey:Rn,title:(0,O.jsx)(Se.V,{children:"Vulnerabilities"}),"aria-label":"Vulnerabilities",children:(0,O.jsx)(Me.t,{activeKey:j,onSelect:function(e,n){y(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"Vulnerability providers",role:"region",children:t.map(function(e){var n,r=s(e),i=null===(n=e.report.dependencies)||void 0===n?void 0:n.filter(function(e){return e.highestVulnerability});return(0,O.jsx)(Te.o,{eventKey:r,title:(0,O.jsx)(Se.V,{children:r}),"aria-label":"".concat(r," source"),children:(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(bn,{name:r,dependencies:i})})},r)})})},Rn)),d&&S.push((0,O.jsx)(Te.o,{eventKey:zn,title:(0,O.jsx)(Se.V,{children:"Licenses"}),"aria-label":"Licenses",children:(0,O.jsx)(Me.t,{activeKey:C,onSelect:function(e,n){b(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"License providers",role:"region",children:l.map(function(e){return(0,O.jsx)(Te.o,{eventKey:e.status.name,title:(0,O.jsx)(Se.V,{children:e.status.name}),"aria-label":"".concat(e.status.name," source"),children:(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Ln,{name:e.status.name,dependencies:e.packages})})},e.status.name)})})},zn)),0===S.length?null:(0,O.jsx)("div",{children:(0,O.jsx)(Me.t,{activeKey:p,onSelect:function(e,n){x(n)},"aria-label":"Providers",role:"region",variant:"light300",isBox:!0,children:S})})},Wn=function(e){var n,r=e.report,t=(0,i.useMemo)(function(){return Object.entries(r).sort(function(e,n){var r=(0,F.A)(e,1)[0],i=(0,F.A)(n,1)[0];return r.localeCompare(i)})},[r]),c=i.useState((null===(n=t[0])||void 0===n?void 0:n[0])||""),s=(0,F.A)(c,2),d=s[0],u=s[1],h=i.useState(!0),v=(0,F.A)(h,1)[0];(0,i.useEffect)(function(){var e,n=(null===(e=t[0])||void 0===e?void 0:e[0])||"";u(function(e){return new Set(t.map(function(e){return(0,F.A)(e,1)[0]})).has(String(e))?e:n})},[t]);var g=t.map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return(0,O.jsxs)(Te.o,{eventKey:r,title:(0,O.jsx)(Se.V,{children:_(r)}),"aria-label":"".concat(r," source"),children:[(0,O.jsx)(me,{report:i}),(0,O.jsx)(a.d8,{variant:a.zC.light,children:(0,O.jsx)(o.x,{hasGutter:!0,children:(0,O.jsx)(l.E,{children:(0,O.jsx)(xe,{report:i,isReportMap:!0,purl:r})})})}),(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Un,{report:i})})]})});return(0,O.jsx)("div",{children:(0,O.jsx)(Me.t,{activeKey:d,onSelect:function(e,n){u(n)},"aria-label":"Providers",role:"region",variant:v?"light300":"default",isBox:!0,children:g})})},Zn=window.appData,Vn=(0,i.createContext)(Zn),Kn=function(){return(0,i.useContext)(Vn)};var Gn=function(){return(0,O.jsx)(Vn.Provider,{value:Zn,children:(0,O.jsx)(Ne,{children:(e=Zn.report,"object"===typeof e&&null!==e&&Object.keys(e).every(function(n){return"scanned"in e[n]&&"providers"in e[n]&&"object"===typeof e[n].scanned&&"object"===typeof e[n].providers})?(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Wn,{report:Zn.report})}):(0,O.jsxs)(O.Fragment,{children:[(0,O.jsx)(me,{report:Zn.report}),(0,O.jsx)(a.d8,{variant:a.zC.light,children:(0,O.jsx)(o.x,{hasGutter:!0,children:(0,O.jsx)(l.E,{children:(0,O.jsx)(xe,{report:Zn.report})})})}),(0,O.jsx)(a.d8,{variant:a.zC.default,children:(0,O.jsx)(Un,{report:Zn.report})})]}))})});var e},Yn=function(e){e&&e instanceof Function&&r.e(121).then(r.bind(r,6895)).then(function(n){var r=n.getCLS,i=n.getFID,t=n.getFCP,a=n.getLCP,o=n.getTTFB;r(e),i(e),t(e),a(e),o(e)})};t.createRoot(document.getElementById("root")).render((0,O.jsx)(i.StrictMode,{children:(0,O.jsx)(Gn,{})})),Yn()}},n={};function r(i){var t=n[i];if(void 0!==t)return t.exports;var a=n[i]={id:i,loaded:!1,exports:{}};return e[i].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=e,function(){var e=[];r.O=function(n,i,t,a){if(!i){var o=1/0;for(d=0;d=a)&&Object.keys(r.O).every(function(e){return r.O[e](i[c])})?i.splice(c--,1):(l=!1,a0&&e[d-1][2]>a;d--)e[d]=e[d-1];e[d]=[i,t,a]}}(),r.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(n,{a:n}),n},function(){var e,n=Object.getPrototypeOf?function(e){return Object.getPrototypeOf(e)}:function(e){return e.__proto__};r.t=function(i,t){if(1&t&&(i=this(i)),8&t)return i;if("object"===typeof i&&i){if(4&t&&i.__esModule)return i;if(16&t&&"function"===typeof i.then)return i}var a=Object.create(null);r.r(a);var o={};e=e||[null,n({}),n([]),n(n)];for(var l=2&t&&i;("object"==typeof l||"function"==typeof l)&&!~e.indexOf(l);l=n(l))Object.getOwnPropertyNames(l).forEach(function(e){o[e]=function(){return i[e]}});return o.default=function(){return i},r.d(a,o),a}}(),r.d=function(e,n){for(var i in n)r.o(n,i)&&!r.o(e,i)&&Object.defineProperty(e,i,{enumerable:!0,get:n[i]})},r.e=function(){return Promise.resolve()},r.g=function(){if("object"===typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"===typeof window)return window}}(),r.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},r.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.nmd=function(e){return e.paths=[],e.children||(e.children=[]),e},function(){var e={792:0};r.O.j=function(n){return 0===e[n]};var n=function(n,i){var t,a,o=i[0],l=i[1],c=i[2],s=0;if(o.some(function(n){return 0!==e[n]})){for(t in l)r.o(l,t)&&(r.m[t]=l[t]);if(c)var d=c(r)}for(n&&n(i);s0?Object.keys(i).forEach(function(e){n.push({provider:r,source:e,report:i[e]})}):"trusted-content"!==r&&n.push({provider:r,source:r,report:{}})}),n.sort(function(e,n){return 0===Object.keys(e.report).length&&0===Object.keys(n.report).length?1:Object.keys(n.report).length-Object.keys(e.report).length})}function s(e){var n,r;if(!e||!e.provider)return"unknown";var i=null!==(n=e.provider)&&void 0!==n?n:"unknown";return i===(null!==(r=e.source)&&void 0!==r?r:"unknown")?i:"".concat(e.provider,"/").concat(e.source)}function d(e){var n;return!(!e.remediation||!(e.remediation.fixedIn||null!==(n=e.remediation)&&void 0!==n&&n.trustedContent))}function u(e){var n=[];return e.map(function(e){return{dependencyRef:e.ref,vulnerabilities:e.issues||[]}}).forEach(function(e){var r;null===(r=e.vulnerabilities)||void 0===r||r.forEach(function(r){r.cves&&r.cves.length>0?r.cves.forEach(function(i){n.push({id:i,dependencyRef:e.dependencyRef,vulnerability:r})}):n.push({id:r.id,dependencyRef:e.dependencyRef,vulnerability:r})})}),n.sort(function(e,n){return n.vulnerability.cvssScore-e.vulnerability.cvssScore})}var h=r(9292),v=r(6180),g=r(9341),p=r(3844),x=r(2881),f=r(4900),m=r(3144),j=r(2092),y=r(5767),I=r(4646),A=r(260),C=r(1352),b=r(3571),w=r(2995),N=r(9133),T=r(628),S=r(2972),M=r(8056),O=r(2008),E=r(481),P=["#800000","#FF0000","#FFA500","#5BA352","#808080"],D=function(e){var n,r,i,t,a,o,l=e.summary,c=null!==(n=null===l||void 0===l?void 0:l.critical)&&void 0!==n?n:0,s=null!==(r=null===l||void 0===l?void 0:l.high)&&void 0!==r?r:0,d=null!==(i=null===l||void 0===l?void 0:l.medium)&&void 0!==i?i:0,u=null!==(t=null===l||void 0===l?void 0:l.low)&&void 0!==t?t:0,h=null!==(a=null===l||void 0===l?void 0:l.unknown)&&void 0!==a?a:0,v=null!==(o=null===l||void 0===l?void 0:l.total)&&void 0!==o?o:0,g=c+s+d+u+h>0,p=g?P:["#D5F5E3"],x=[{name:"Critical: ".concat(c),symbol:{type:"square",fill:P[0]}},{name:"High: ".concat(s),symbol:{type:"square",fill:P[1]}},{name:"Medium: ".concat(d),symbol:{type:"square",fill:P[2]}},{name:"Low: ".concat(u),symbol:{type:"square",fill:P[3]}},{name:"Unknown: ".concat(h),symbol:{type:"square",fill:P[4]}}];return(0,E.jsx)("div",{children:(0,E.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,E.jsx)(M.a,{children:(0,E.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,E.jsx)(O.H,{constrainToVisibleArea:!0,data:g?[{x:"Critical",y:c},{x:"High",y:s},{x:"Medium",y:d},{x:"Low",y:u},{x:"Unknown",y:h}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return g?"".concat(n.x,": ").concat(n.y):"No vulnerabilities"},legendData:x,legendOrientation:"vertical",legendPosition:"right",padding:{left:20,right:140},subTitle:"Unique vulnerabilities",title:"".concat(v),width:350,colorScale:p})})})})})},k="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMTJweCIgaGVpZ2h0PSIxM3B4IiB2aWV3Qm94PSIwIDAgMTIgMTMiIGlkPSJTZWN1cml0eUNoZWNrSWNvbiIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDx0aXRsZT5Db21iaW5lZCBTaGFwZTwvdGl0bGU+CiAgICA8ZyBpZD0iTXVsdGktdmVuZG9yIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyBpZD0iT3ZlcnZpZXctQ29weSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTEyMDcsIC05OTMpIiBmaWxsPSIjM0U4NjM1Ij4KICAgICAgICAgICAgPGcgaWQ9IkRldGFpbHMtb2YtZGVwZW5kZW5jeS1jb20uZ2l0aHViIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjcsIDgxOSkiPgogICAgICAgICAgICAgICAgPGcgaWQ9IkRlcGVuZGVuY3ktMSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMTQ0KSI+CiAgICAgICAgICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTkiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDc4MC4xNzI4LCAyNCkiPgogICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iR3JvdXAtNCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCwgMy4yKSI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZyBpZD0iSWNvbnMvMi4tU2l6ZS1zbS9BY3Rpb25zL2NoZWNrIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLCAyLjgpIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTAuNTU2NTc4OSwwIEMxMC43OTA2MjQ5LDAgMTAuOTc5MzMyMiwwLjE4MTU0Mjk2OSAxMC45NzkzMzIyLDAuNDA2MjUgTDEwLjk3OTMzMjIsNS43NDA4MjAzMSBDMTAuOTc5MzMyMiw5Ljc1IDYuMjQwODE5MDcsMTMgNS40OTU3OTI5NiwxMyBDNC43NTA3NjY4NCwxMyAwLDkuNzUgMCw1LjczOTU1MDc4IEwwLDAuNDA2MjUgQzAsMC4xODE1NDI5NjkgMC4xODg3MDcyNzIsMCAwLjQyMjc1MzMwNCwwIFogTTguNTQyNzc4ODMsMy4xMTc4MjY2NyBMNC43OTEyOTYxLDYuODkwODczNTMgTDMuMDM5ODEzMzgsNS4xMjkzMjQ0IEMyLjg4MzYwOSw0Ljk3MjIwNjgzIDIuNjMwMzI4MTIsNC45NzIyMDY4MyAyLjQ3NDEyMzc1LDUuMTI5MzI0NCBMMS45MDg0NDkzOCw1LjY5ODI2NTU2IEMxLjc1MjI0NTAxLDUuODU1MzgzMTIgMS43NTIyNDUwMSw2LjExMDEwNDQ5IDEuOTA4NDQ5MzgsNi4yNjcyMDY3MSBMNC41MDg0NTc5Nyw4Ljg4MjE1OTkxIEM0LjY2NDY0NzA4LDkuMDM5Mjc3NDcgNC45MTc5MTI3LDkuMDM5Mjc3NDcgNS4wNzQxMzIzMyw4Ljg4MjE3NTI1IEw5LjY3NDE0MjgyLDQuMjU1NzA4OTggQzkuODMwMzQ3Miw0LjA5ODU5MTQxIDkuODMwMzQ3MiwzLjg0Mzg3MDA0IDkuNjc0MTQyODIsMy42ODY3Njc4MiBMOS4xMDg0Njg0NiwzLjExNzgyNjY3IEM4Ljk1MjI2NDA4LDIuOTYwNzI0NDQgOC42OTg5ODMyLDIuOTYwNzI0NDQgOC41NDI3Nzg4MywzLjExNzgyNjY3IFoiIGlkPSJDb21iaW5lZC1TaGFwZSI+PC9wYXRoPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgICAgICAgICA8L2c+CiAgICAgICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICAgICAgPC9nPgogICAgICAgICAgICA8L2c+CiAgICAgICAgPC9nPgogICAgPC9nPgo8L3N2Zz4=",F=r(296),L=r(3029),B=r(2901),R="maven",U="https://central.sonatype.com/artifact/",W="https://pkg.go.dev/",z="https://www.npmjs.com/package/",Z="https://pypi.org/project/",V="pkg:",K=/%[0-9A-Fa-f]{2}/,G=function(e){var n="";return e.namespace&&(n=e.type===R?"".concat(e.namespace,":"):"".concat(e.namespace,"/")),n+="".concat(e.name)},Y=function(e,n){var r=re.fromString(e),i=G(r),t=r.version?decodeURIComponent(r.version):"";return n?i+"@".concat(t):i},H=function(e){var n=re.fromString(e);if(n.qualifiers&&n.qualifiers.has("repository_url")){var r=decodeURIComponent(n.qualifiers.get("repository_url")||"");r.endsWith("/")&&(r=r.substring(0,r.length-1));var i=n.namespace;return i&&(i=i.replace(/\./g,"/")),"".concat(r,"/").concat(i,"/").concat(n.name,"/").concat(n.version)}var t=U;return n.namespace?"".concat(U).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):t},Q=function(e){var n=re.fromString(e);switch(n.type){case R:return"".concat(U).concat(n.namespace,"/").concat(n.name,"/").concat(n.version);case"golang":var r=n.version;return null!==r&&void 0!==r&&r.match(/v\d\.\d.\d-\d{14}-\w{12}/)?"".concat(W).concat(n.namespace,"/").concat(n.name):"".concat(W).concat(n.namespace,"/").concat(n.name,"@").concat(n.version);case"npm":return n.namespace?"".concat(z).concat(n.namespace,"/").concat(n.name,"/v/").concat(n.version):"".concat(z).concat(n.name,"/v/").concat(n.version);case"pypi":return n.namespace?"".concat(Z).concat(n.namespace,"/").concat(n.name,"/").concat(n.version):"".concat(Z).concat(n.name,"/").concat(n.version);case"deb":return"".concat("https://sources.debian.org/patches/").concat(n.name,"/").concat(n.version);case"cargo":return"".concat("https://crates.io/crates/").concat(n.name,"/").concat(n.version);default:return n.toString()}},X=function(e){var n=re.fromString(e).version;return n?decodeURIComponent(n):""},q=function(e,n){var r=re.fromString(e),i=encodeURIComponent(G(r));return n.remediationTemplate.replace("__PACKAGE_TYPE__",r.type).replace("__PACKAGE_NAME__",i).replace("__PACKAGE_VERSION__",r.version||"")},J=function(e){return e.toLowerCase().replace(/./,function(e){return e.toUpperCase()})},_=function(e){var n=$(e),r="";if(n.repository_url){var i=n.repository_url.indexOf("/");r+=-1!==i?n.repository_url.substring(i+1):""}else r+="".concat(n.short_name);return n.tag&&(r+=":".concat(n.tag)),r},$=function(e){var n=e.split("?"),r=n[0],i=n[1],t=new URLSearchParams(i),a=t.get("repository_url")||"",o=t.get("tag")||"",l=t.get("arch")||"",c=r.split("@");return{repository_url:a,tag:o,short_name:c[0].substring(c[0].indexOf("/")+1),version:r.substring(r.lastIndexOf("@")).replace("%3A",":"),arch:l}},ee=function(e,n,r,i){var t=c(n),a=i||"";for(var o in t){var l=t[o].report.dependencies;if(l){var s=Object.values(l).find(function(n){var r,i=n.ref,t=decodeURIComponent(i),a=(r=e,K.test(r)?decodeURIComponent(e):e);return re.fromString(t).toString()===re.fromString(a).toString()});if(s&&s.recommendation&&a){var d=decodeURIComponent(s.recommendation);if(void 0!==ne(d,r))return a+_(d)}}}return a},ne=function(e,n){var r=JSON.parse(n).find(function(n){return re.fromString(n.purl).toString()===re.fromString(e).toString()});return null===r||void 0===r?void 0:r.catalogUrl},re=function(){function e(n,r,i,t,a){(0,L.A)(this,e),this.type=void 0,this.namespace=void 0,this.name=void 0,this.version=void 0,this.qualifiers=void 0,this.type=n,this.namespace=r,this.name=i,this.version=t,this.qualifiers=a}return(0,B.A)(e,[{key:"toString",value:function(){var e=this.name;return this.version&&(e+="@".concat(this.version)),this.namespace?"".concat(V).concat(this.type,"/").concat(this.namespace,"/").concat(e):this.qualifiers?"".concat(V).concat(this.type,"/").concat(e,"?").concat(Array.from(this.qualifiers.entries()).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return"".concat(r,"=").concat(i)}).join("&")):"".concat(V).concat(this.type,"/").concat(e)}}],[{key:"fromString",value:function(n){var r,i,t=n.replace(V,""),a=t.indexOf("?");-1!==a&&(i=t.substring(a+1),t=t.substring(0,a));var o,l,c=t.substring(0,t.indexOf("/")),s=t.split("/");s.length>2&&(o=s.slice(1,s.length-1).join("/")),-1!==t.indexOf("@")&&(l=t.substring(t.indexOf("@")+1));var d=s[s.length-1];return l&&(d=d.substring(0,d.indexOf("@"))),new e(c,o,d,l,new Map((null===(r=i)||void 0===r?void 0:r.split("&").map(function(e){return e.split("=")}))||[]))}}])}(),ie={PERMISSIVE:"#0066CC",WEAK_COPYLEFT:"#3E8635",STRONG_COPYLEFT:"#F0AB00",UNKNOWN:"#C46100"},te={PERMISSIVE:"Permissive",WEAK_COPYLEFT:"Weak copyleft",STRONG_COPYLEFT:"Strong copyleft",UNKNOWN:"Unknown"};function ae(e){if(!e)return 1;switch(e.toUpperCase().replace(/-/g,"_")){case"PERMISSIVE":return 4;case"WEAK_COPYLEFT":return 3;case"STRONG_COPYLEFT":return 2;default:return 1}}var oe="#F0AB00";function le(e){var n;if(!e)return te.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=te[r])&&void 0!==n?n:e}function ce(e){var n;if(!e)return ie.UNKNOWN;var r=e.toUpperCase().replace(/-/g,"_");return null!==(n=ie[r])&&void 0!==n?n:ie.UNKNOWN}function se(e){var n;if(e){var r=e.toUpperCase().replace(/-/g,"_");n="PERMISSIVE"===r?"blue":"WEAK_COPYLEFT"===r?"green":"STRONG_COPYLEFT"===r?"yellow":"gray"}else n="gray";return n}var de=["PERMISSIVE","WEAK_COPYLEFT","STRONG_COPYLEFT","UNKNOWN"];function ue(e){if(!e)return de.length;var n=e.toUpperCase().replace(/-/g,"_"),r=de.indexOf(n);return r>=0?r:de.length}var he=function(e){var n,r,i,t,a,o=e.summary,l=null!==(n=o.permissive)&&void 0!==n?n:0,c=null!==(r=o.strongCopyleft)&&void 0!==r?r:0,s=null!==(i=o.unknown)&&void 0!==i?i:0,d=null!==(t=o.weakCopyleft)&&void 0!==t?t:0,u=null!==(a=o.total)&&void 0!==a?a:0,h=l+c+s+d>0,v=[{name:"Permissive: ".concat(l),symbol:{type:"square",fill:ie.PERMISSIVE}},{name:"Weak Copyleft: ".concat(d),symbol:{type:"square",fill:ie.WEAK_COPYLEFT}},{name:"Strong Copyleft: ".concat(c),symbol:{type:"square",fill:ie.STRONG_COPYLEFT}},{name:"Unknown: ".concat(s),symbol:{type:"square",fill:ie.UNKNOWN}}];return(0,E.jsx)("div",{children:(0,E.jsx)(j.b,{style:{paddingBottom:"inherit",padding:"0"},children:(0,E.jsx)(M.a,{children:(0,E.jsx)("div",{style:{height:"230px",width:"350px"},children:(0,E.jsx)(O.H,{constrainToVisibleArea:!0,data:h?[{x:"Permissive",y:l},{x:"Weak Copyleft",y:d},{x:"Strong Copyleft",y:c},{x:"Unknown",y:s}]:[{x:"Empty",y:1e-10}],labels:function(e){var n=e.datum;return h?"".concat(n.x,": ").concat(n.y):"No licenses"},legendData:v,legendOrientation:"vertical",legendPosition:"right",padding:{left:0,right:160},subTitle:"Total licenses",title:"".concat(u),width:350,colorScale:Object.values(ie)})})})})})},ve=r(4102),ge={width:"16px",height:"16px",verticalAlign:"middle"},pe="330px";var xe=function(e){var n,r,i=e.report,t=e.isReportMap,a=e.purl,d=Kn(),u=d.brandingConfig||{displayName:"Trustify",exploreUrl:"https://guac.sh/trustify/",exploreTitle:"Learn more about Trustify",exploreDescription:"The Trustify project is a collection of software components that enables you to store and retrieve Software Bill of Materials (SBOMs), and advisory documents.",imageRecommendation:"",imageRecommendationLink:""},M=Boolean(u.exploreTitle.trim().length>0)&&Boolean(u.exploreUrl.trim().length>0)&&Boolean(u.exploreDescription.trim().length>0),O=Boolean(t)&&u.imageRecommendation.trim().length>0&&u.imageRecommendationLink.trim().length>0,P=i.licenses||[],F=(null!==(n=i.licenses)&&void 0!==n?n:[]).filter(function(e){return e.summary.total>0}),L=null===(r=i.licenses)||void 0===r?void 0:r.find(function(e){return"SBOM"===e.status.name}),B=null===L||void 0===L?void 0:L.projectLicense,R=Boolean(B),U=function(){return(0,E.jsx)("img",{src:"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAON0lEQVR4nOxad1xTV/s/mYwQRkBWGCJDFERZgqCvoDhQKuKroghVpK2COIqK9VVrXWhx4oIiIKKoIAilIlgHqFAKssIeIeywQhIIWTfr97nxTX9IwVaI/et9Pp/7ObnPedb33vPc85xzghYIBAg0Gi0BExCPy1UsKytd3EahWAqFIqy2jnaHo5NznpaWVv9EOslJSbsvn4+8mnAv2d5m7txymLdlw/piFoulnpX7bOZEejCxWCyVQRqNiMFg+Dq6up1oNFoE82urq+119fQ6Ncf4RXh7etaJxWKss4tLrrmFRZW2jna3UCjC9PZQp1dVVjoVFxWtHBkZUR+thEKhoKXLlqfuDgs7pKenRx0bRFdn5/QN3mvqdXT1Ojds8r3aUF8/L+fJkyC/gIALYeGHDo6VF4lEyMz09O1pqSk7yU1N8yQSCQrmKysrM//l7p7lv3XbxcePHn1FNCC2bd0edOkDAD/duHE0NvrmqfGeBgqFEtg5OLxauWr1Q2ubOcUCAVBraCAvfPU8x/u3t69cNQiEvpj4hKWmZmZ1Y3WfPX3qe/qH47e4XC4evl+0eHH6mcjz/srKyrzRcgw6XWv/3j1pVZWViwkEAtVtydJMoqFhAwTxVSvLK1xKfi9aiUAgRBgsFtLV1aWk//LEhsvlKvZQu41nmJo1IiQSCYj7Kea7mOvXz862si78JiTkHCQQq6mrq/dPNzFtgYRIQ9ogx7WLyvJhDPEdZI7byCTwJPUSwOOVu5LT0m01NTVpY0H0UqkGXiuWd3qvW3fp2ImT+8f2QxCEDQoIeN1QXzc/aMeOH4K+2XFOQm6x4WZm7RI0NDpJOBxcG5+PutzZatAkFEh19PSJlP6+XuKla9e9XRcteoaGmV/t2Hmuoa7eNv/Vy43KOBwT4miFNLZzPBvbu6RKbBYDNNQUAojPAybmtkCXaAqmm80FK31Cwc8PIw1uRkWdPnby5M6xASoqKXGlraIib7w3nHAr9kB9Xa3zvgMHv/XfuvUKKz7xB1byg2NtAgipikSCaSg0MAIAnFPXAmGMAdAmEoIeaveMsPDwUDh42AZSZuzQkSN7sFjsSOzNG987zNPdAwAQwvyermaQcG0fyM+9A37LSwHJsd+BtoYXeWp4bJXZLEegZ2AOcp9m+3M4HOXxgpyIID4fk3r//rcWlpZlfgEBUZzcX/2Kbt8+HjjYg9zDHADb6H0gYpguEhkZViogkOAbFbU/dGk0mq7s9x8Apmlr96364ou7pSUly+g0qsRAXyUd5r/MjgcYNIJ5ISrKKzH5vuNsK+vff34U72JjqbRWTRVbaWHlAvh8Pq6upsb+UwDUVFc7Dg8Pa32xxvsOUixGdMbFR5wcogOhqmp/cOjuI55eXomFfC7qjqnRG9xX2w/YYBSADlKa2yApIeFoVkaG3wcAYPJYviINbgvevPEyNlBLgfOjj9oClnt6JrstWZptbWNT+nXwzuNCoVChhdxgbWmmeVmdoCPVHejvN/gUANTubhO4NbOwIEENTY4l3d3GPCAB3x09Fhy0Y0fEqbPnAh2dnJ7nZGd/qeLnexEz0+KdKRoDcCoqg3cePHTAYDAiAQShPgAwx8amGM746iqSk/Y05dcIBAIoKuPhp+XM5/MVYJmyd6XucNtKoZgpKaFbDYxnAfsFXgCvqjb0KQAAABIzC4uK6SYmzaKeHgMIvJ+KxGIxQiYgFArhHJV2oC1nFktbNFpkZW1d5unllYLBYkXo0RZxKirs6SYmteWlpW5oFGAqKaEpDgu8ZhS8fGDvs3pVkwoez6SQyTaw7PUrVy49y83rdvUIBG4rt4ocnS0KPiX6xUuWZHl6eT0QCgSYxHfFi++ODEv5P54+Fd1KabFqb2szrygrc1+/0feaFNgATZ8sFAAi0ZQy2g5yrOEVq1bfZ9DpetlZWQFGRPzj+Yt8wJLVQQCjoKohEYtRG3w3RT1+km26Zp1vKqW5lph0cz8ofHGbyhqiK3wKABwON5L38sW6DWvX1t56cH+3ERoNglXUgNIIe1pcTMyJF8+e+XksX5G878CBcKihcd67woLV/WIRcHZxzRltRzoPjCYOm41b772mhsNmq12PTVjb1I5O5UMieKALjQzwqRpqiiTWCGTa1jnsT+vvVs7PuS1uJVcicTgc85uQkO83bvaLxmAw0i8Yk8HQ9PjXIpqvn1/EwcP/OSLz0dzUZBV55sy1ivIydw0CoTd0777Dbh3dtrysJ3vgeGgmxuXTAracJBgbt0ClZR79iUnHw6gd6gMYNOvxk2xzbR2dvgkBwESqrHQMDtr+CoVCibcEhmaoaduvAwgUXtbf2VYH2luqgNMib67bQjP/lsZ3vMvnI6Oo3d1mZhYWlfsPHdpla2df8vDevZ1XLl64Nmfu3LwTZyK2q6urM25eu3rq8aNHwfDY9vn3+piQPXuOq6mrM0hFRe66sbcvgvZ229GxdAkFIHKYAVpEAnD42PdB/964MeGjb0BG1SSS4/Ej/0nqaG+3xCooAW3d6QCJQgPGIBWwhgbhOoUVfuRosNeaNcmwPI/HU3yYfG9XYlzckZGREQ1dPb3W3p4eEwVFRTafx1OG5TFYLHeIydSZ7+z8dN+BA4csZlrWwLo/3bxx+FZ0dMQ0VTWaIyTU0kehAF8iAQ1CCJRBfIBEo6G9+/eHbfYPuPGnQGEAE10Qn4/KyszYsm9XSMbqZR7kFe5undv9t+THxcQcptFomuPpDAwMaO8NCc60t7aSnDt96rJAIEBVkUjzXOzt2IudnegFb94sG6sjEokQGWlp2zas9a6A9WTXAjvbkSPh4XcpLWTLiWL8KIDJXonx8QfhAFrIZBMZL/iroJyVS9wpf6VLHxwk1NfVzm0hky34fD7mr+T/9BWSBxkaGTbB7dNfsgLFYjFoa221qCaRXAwNDVv/SleDQKBbzppNmmFq2oTFYgV/JT9hDkyF4Po+cMuW3+pqa5xUVVV72Wy2JsyPuhm9wtnFJU+uzj7HEIKv4aEh/OXz58/AQ2nTOp+SyooKp8/h57MBgC8Gna4JA4iMOHPmc/n4LDnwT9L/APxNQnwuw58FwOO0R4GV5eUuo1jSlcilyMgfmQwGQZ6+5A4gMS7uYMSJEwlsNltVxhOJeVhIOKT29nW+z9fbtr4ZYjLV5eVPrgCam5pmRV+/dtraxqZwnp1dwQi/Tbrq6man7Pul2o5p7UE2b6VQrM6fPRslL59yBfDw3r3dEokEeTLirD9A0zUKyIHPR/fPcxOBGTZC8Gtujt9Af7+OPHzKFUB1FcnFzNycZGRs3NbUf+uAQMz601CZNV8ELxvRDXV1tvLwKVcAPVTqdD19/Q749yC7YsF4Mqqa70uXnp4eI3n4lBuArs5OIy6Xq2ZoZNwI33MFvcTx5KYZvAdAaWmxlodfuQEoKixcCbe2dnZvOVCvDiSk648nh1MDQFNfDIoKC5bDlepUSW4AMh+nf43H4wcXuLq+6B3OX/UxWWtXIeju6pr5W0HBsqn6lQuArIyMLY319Q6b/P0vYxUUoFZaytcfk7ddIgIKyhJw9dLFCxAEYabie8oA2lpbzS/8eO6mPpHYvHV70MXeofzlTG7VuAksIyUcAAvXCuA8sLl59eq4W/t/l6YEgMvlKoXtDs2A+HyFExERW9EYMbKy6+SVv6PrsFwEZswRgeSkOwffvs73nGwMUwLw4O7dkI72dquQPXsP2drZF5V1fBfLhtpnwX1CAQCtNe/ND3QhwNCY0wMkEgDvXRBQVhUhI06ejIEgCDuZGCa9pBSLxQiv5ctasVgsPy3rl9k9rNy1JW17pZvD1BYEyLyBBUO0/38+CIQEuH6hNLhiM57OEXSYy/ilz1Hg+V0sOPNjpO+KVatSPzWOSb+BstJS1/6+PuP1vpuuo9FIUV1P1HHw36d9/5wCAEJCX1h4+J7b95KdL1+/sdphvvOvBVk8zaost1wTzc3XZXbmLBQBNEYCfn2Wu2EycaAnC4BUUb4IvD/7yqGza+xG+JQ58P3rdDQQCVCCG0mxyyxnz66WybsuWpSzd1dIVtrDtF0bfDNma+JarAbZJe4KSgAQzcWgmkT6aOJPRJN+A50dHTMQCITQwNCwZWCkeDGQbhAA0FqFgkH9PDp4qSMkUvLltsDzcLH39vXr1Rba2y/K+rSIYkAfHCTyuNxP2iCeEgD2CFtJUUmJhUKhJByIKj3cEEJw8iIA0cCgfTydadra0iPZISZTi4Cb907GR/93JuDxeCr/GAANgsYwl8PR4PP5WCB5fyiBUQBAWVUMSBXjF3KN9fXSCtTA0KhZdnAhDZwNJzlCpILH0/8xAKZmZrVwW19bO08Jq9ct41stEIHamhqXlPvJH5xa9lCp+jeuRp3G4XCMJR4emQxOzR/ldG8bEhgYGTV97B8DE9Gkk3i+8wLpYiXv5YsNAcEef3z+FvoIAaUaBc6fPRud9/KVj72jw9uB/gG93KfZfjwuVyUi8vx6dQ0NRlXz7W9heWY/AH3tSOCz3nFSO3ZT2loM9N9SQG5unp2ZnW1Z2r85f4TfKp3E4CGR/wgDagpRQMBHwMNDbDVnTvHOXaFH5rvMf0PqPB1Bod0Nh2Wf3UGD8pcYEHs70cXOwaHoHwXwNj9/xbe7Q3MXuy9J333c/VFZx4GHHxpXZqiIlv1squ+ZQtDQ7WVyau3IA4l7h3nN0nM2eMJLOqUAHBydc6Pj4idVTkx5c/fooUOJuU+ztwYEboucv7bdkDr0dPPf0RvoRoAHZxUACqE+cDcl1Z5IJHZOxv+UAfB4PExYaGh2SfHvy9yWuqUv/ZJG4CDeuX9Mp+EdEuTEY4FEpMi5Gh3jae/o+Gay/v8vAAD//4wb/4wEdbX7AAAAAElFTkSuQmCC",alt:"Trustify Icon",style:ge})},W=1+(F.length>0?1:0),z=Math.min(12,Math.max(1,Math.floor(12/W))),Z=1+Number(R)+Number(O)+Number(M);4===Z&&(Z=2);var V=Math.min(12,Math.max(1,Math.floor(12/Z)));return(0,E.jsxs)(o.x,{hasGutter:!0,children:[(0,E.jsxs)(h.h,{headingLevel:"h3",size:h.J["2xl"],style:{paddingLeft:"15px"},children:[(0,E.jsx)(v.I,{isInline:!0,status:"info",children:(0,E.jsx)(S.Ay,{style:{fill:"#f0ab00"}})}),"\xa0",u.displayName," overview of security issues"]}),(0,E.jsx)(g.c,{}),(0,E.jsx)(l.E,{md:12,lg:z,children:(0,E.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,E.jsx)(x.a,{children:(0,E.jsx)(f.Z,{children:(0,E.jsx)(m.X,{style:{fontSize:"large"},children:t?(0,E.jsxs)(E.Fragment,{children:[a?_(a):"No Image name"," - Vendor Issues"]}):(0,E.jsx)(E.Fragment,{children:"Vendor Issues"})})})}),(0,E.jsxs)(j.b,{children:[(0,E.jsx)(y.W,{children:(0,E.jsx)(I.d,{children:(0,E.jsx)(m.X,{children:"Below is a list of dependencies affected with CVE."})})}),(0,E.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"10px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:c(i).map(function(e,n){return(0,E.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,E.jsx)(m.X,{style:{fontSize:"large"},children:s(e)}),(0,E.jsx)(I.d,{children:(0,E.jsx)(D,{summary:e.report.summary})})]},n)})})]}),(0,E.jsx)(g.c,{})]})}),F.length>0&&(0,E.jsx)(l.E,{md:12,lg:z,children:(0,E.jsxs)(p.Z,{isFlat:!0,isFullHeight:!0,children:[(0,E.jsx)(x.a,{children:(0,E.jsx)(f.Z,{children:(0,E.jsx)(m.X,{style:{fontSize:"large"},children:"License Summary"})})}),(0,E.jsx)(j.b,{children:(0,E.jsx)(A.B,{isAutoFit:!0,style:{paddingTop:"30px",gridTemplateColumns:"repeat(auto-fit, minmax(min(100%, ".concat(pe,"), 1fr))")},children:F.map(function(e,n){return(0,E.jsxs)(y.W,{style:{display:"flex",flexDirection:"column",alignItems:"center",minWidth:0},children:[(0,E.jsx)(m.X,{style:{fontSize:"large"},children:e.status.name||"Unknown"}),(0,E.jsx)(I.d,{children:(0,E.jsx)(he,{summary:e.summary})})]},n)})})})]})}),(0,E.jsxs)(l.E,{md:V,children:[(0,E.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,E.jsxs)(y.W,{children:[(0,E.jsx)(f.Z,{component:"h4",children:(0,E.jsxs)(m.X,{style:{fontSize:"large"},children:[U(),"\xa0",u.displayName," Dependency Remediations"]})}),(0,E.jsx)(j.b,{children:(0,E.jsx)(I.d,{children:(0,E.jsx)(C.B8,{isPlain:!0,children:c(i).map(function(e,n){var r=e&&e.source&&e.provider?e.source===e.provider?e.provider:"".concat(e.provider,"/").concat(e.source):"default_value";return Object.keys(e.report).length>0?(0,E.jsxs)(b.c,{children:[(0,E.jsx)(v.I,{isInline:!0,status:"success",children:(0,E.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",e.report.summary.remediations," remediations are available for ",r]}):(0,E.jsxs)(b.c,{children:[(0,E.jsx)(v.I,{isInline:!0,status:"success",children:(0,E.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0 There are no available remediations for your SBOM at this time for ",e.provider]})})})})})]})}),"\xa0"]}),R&&B&&(0,E.jsxs)(l.E,{md:V,children:[(0,E.jsx)(p.Z,{isFlat:!0,isFullHeight:!0,children:(0,E.jsxs)(y.W,{children:[(0,E.jsx)(f.Z,{component:"h4",children:(0,E.jsxs)(m.X,{style:{fontSize:"large"},children:["Project License ",(0,E.jsx)(w.o,{children:(0,E.jsx)(N.J,{color:se(B.category),children:B.expression||B.name||"\u2014"})})]})}),(0,E.jsx)(j.b,{children:(0,E.jsxs)(I.d,{children:[(0,E.jsx)(y.W,{children:(0,E.jsx)(m.X,{children:"License incompatibilities"})}),(0,E.jsx)(C.B8,{isPlain:!0,children:P.map(function(e,n){var r=function(e,n){for(var r=0,i=ae(n),t=0,a=Object.values(e);t=400||Object.keys(e.warnings).length>0},i=Object.keys(n.providers).map(function(e){return n.providers[e].status}).filter(function(e){return!e.ok||r(e)}),t=function(e){return e.ok&&!r(e)?fe.w.info:e.code>=500?fe.w.danger:fe.w.warning},a=function(e){var n=e.message;return e.ok&&r(e)?"".concat(J(e.name),": ").concat(Object.keys(e.warnings).length," package(s) could not be analyzed"):"".concat(J(e.name),": ").concat(n)};return(0,E.jsx)(E.Fragment,{children:i.map(function(e,n){return(0,E.jsx)(fe.F,{variant:t(e),title:a(e)},n)})})},je=r(6919),ye=r(5501),Ie=r(1792),Ae=r(3093),Ce=r(297),be=r(4072),we=r(6464),Ne=function(e){function n(e){var r;return(0,L.A)(this,n),(r=(0,je.A)(this,n,[e])).state={hasError:!1,error:null},r}return(0,ye.A)(n,e),(0,B.A)(n,[{key:"componentDidCatch",value:function(e,n){console.error("Report rendering error:",e,n)}},{key:"render",value:function(){var e;return this.state.hasError?(0,E.jsx)(M.a,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--200)",minHeight:"100vh"},children:(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ae.o,{icon:(0,E.jsx)(Ce.q,{icon:we.Ay,color:"var(--pf-v5-global--danger-color--100)"}),titleText:"Something went wrong",headingLevel:"h2"}),(0,E.jsx)(be.h,{children:(null===(e=this.state.error)||void 0===e?void 0:e.message)||"An unexpected error occurred while rendering the report."})]})}):this.props.children}}],[{key:"getDerivedStateFromError",value:function(e){return{hasError:!0,error:e}}}])}(i.Component),Te=r(6334),Se=r(4248),Me=r(4471),Oe=r(9379),Ee=r(8380),Pe=r(1417),De=r(7066),ke=r(2227),Fe=r(99),Le=r(7172),Be=r(8516),Re=r(8579),Ue=r(9205),We=r(8099),ze=r(4785),Ze=r(4224),Ve=r(5772),Ke=r(4593),Ge=r(8480),Ye=r(5458),He=r(4546),Qe=function(e){return e[e.SET_PAGE=0]="SET_PAGE",e[e.SET_SORT_BY=1]="SET_SORT_BY",e}(Qe||{}),Xe={changed:!1,currentPage:{page:1,perPage:10},sortBy:void 0},qe=function(e,n){switch(n.type){case Qe.SET_PAGE:var r=n.payload;return(0,Oe.A)((0,Oe.A)({},e),{},{changed:!0,currentPage:{page:r.page,perPage:r.perPage}});case Qe.SET_SORT_BY:var i=n.payload;return(0,Oe.A)((0,Oe.A)({},e),{},{changed:!0,sortBy:{index:i.index,direction:i.direction}});default:return e}},Je=r(2514),_e=r(3842),$e=function(e){var n,r=e.count,i=e.params,t=e.isTop,a=e.perPageOptions,o=e.onChange,l=function(){return i.perPage||10};return(0,E.jsx)(Je.d,{itemCount:r,page:i.page||1,perPage:l(),onPageInput:function(e,n){o({page:n,perPage:l()})},onSetPage:function(e,n){o({page:n,perPage:l()})},onPerPageSelect:function(e,n){o({page:1,perPage:n})},widgetId:"pagination-options-menu",variant:t?Je.A.top:Je.A.bottom,perPageOptions:(n=a||[10,20,50,100],n.map(function(e){return{title:String(e),value:e}})),toggleTemplate:function(e){return(0,E.jsx)(_e.D,(0,Oe.A)({},e))}})},en=r(9694),nn=r(6911),rn=r(1413),tn=function(e){var n=e.numRenderedColumns,r=e.isLoading,i=void 0!==r&&r,t=e.isError,a=void 0!==t&&t,o=e.isNoData,l=void 0!==o&&o,c=e.errorEmptyState,s=void 0===c?null:c,d=e.noDataEmptyState,u=void 0===d?null:d,v=e.children,g=(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ce.q,{icon:we.Ay,color:rn.D.value}),(0,E.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"Unable to connect"}),(0,E.jsx)(be.h,{children:"There was an error retrieving data. Check your connection and try again."})]}),p=(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ce.q,{icon:nn.Ay}),(0,E.jsx)(h.h,{headingLevel:"h2",size:"lg",children:"No data available"}),(0,E.jsx)(be.h,{children:"No data available to be shown here."})]});return(0,E.jsx)(E.Fragment,{children:i?(0,E.jsx)(ze.N,{children:(0,E.jsx)(Ue.Tr,{children:(0,E.jsx)(Ze.Td,{colSpan:n,children:(0,E.jsx)(M.a,{children:(0,E.jsx)(en.y,{size:"xl"})})})})}):a?(0,E.jsx)(ze.N,{"aria-label":"Table error",children:(0,E.jsx)(Ue.Tr,{children:(0,E.jsx)(Ze.Td,{colSpan:n,children:(0,E.jsx)(M.a,{children:s||g})})})}):l?(0,E.jsx)(ze.N,{"aria-label":"Table no data",children:(0,E.jsx)(Ue.Tr,{children:(0,E.jsx)(Ze.Td,{colSpan:n,children:(0,E.jsx)(M.a,{children:u||p})})})}):v})};function an(e){var n=e.name,r=e.items,t=e.getRowKey,a=e.columns,o=e.filterConfig,l=e.compareToByColumn,c=e.filterItem,s=e.renderExpandContent,d=e.ariaLabelPrefix,u=void 0===d?"Table":d,h=e.expandId,v=void 0===h?"compound-expand-table":h,g=e.defaultExpanded,x=void 0===g?{}:g,f=e.initialSortBy,m=(0,i.useState)(""),y=(0,F.A)(m,2),I=y[0],A=y[1],C=function(e){var n=(0,i.useReducer)(qe,(0,Oe.A)((0,Oe.A)({},Xe),{},{currentPage:e&&e.page?(0,Oe.A)({},e.page):(0,Oe.A)({},Xe.currentPage),sortBy:e&&e.sortBy?(0,Oe.A)({},e.sortBy):Xe.sortBy})),r=(0,F.A)(n,2),t=r[0],a=r[1],o=(0,i.useCallback)(function(e){var n;a({type:Qe.SET_PAGE,payload:{page:e.page>=1?e.page:1,perPage:null!==(n=e.perPage)&&void 0!==n?n:Xe.currentPage.perPage}})},[]),l=(0,i.useCallback)(function(e,n,r,i){a({type:Qe.SET_SORT_BY,payload:{index:n,direction:r}})},[]);return{page:t.currentPage,sortBy:t.sortBy,changePage:o,changeSortBy:l}}(f?{sortBy:f}:void 0),b=C.page,w=C.sortBy,N=C.changePage,T=C.changeSortBy,S=function(e){var n=e.items,r=e.currentSortBy,t=e.currentPage,a=e.filterItem,o=e.compareToByColumn;return(0,i.useMemo)(function(){var e,i=(0,Ye.A)(n||[]).filter(a),l=!1;return e=(0,Ye.A)(i).sort(function(e,n){var i=o(e,n,null===r||void 0===r?void 0:r.index);return 0!==i&&(l=!0),i}),l&&(null===r||void 0===r?void 0:r.direction)===He.l.desc&&(e=e.reverse()),{pageItems:e.slice((t.page-1)*t.perPage,t.page*t.perPage),filteredItems:i}},[n,t,r,o,a])}({items:r,currentPage:b,currentSortBy:w,compareToByColumn:l,filterItem:function(e){return c(e,I)}}),M=S.pageItems,O=S.filteredItems,P=(0,i.useState)(x),D=(0,F.A)(P,2),k=D[0],L=D[1],B=function(e,n,r,i){return{isExpanded:k[t(e)]===n,onToggle:function(){return function(e,n){var r=!(arguments.length>2&&void 0!==arguments[2])||arguments[2],i=t(e),a=(0,Oe.A)({},k);r?a[i]=n:delete a[i],L(a)}(e,n,k[t(e)]!==n)},expandId:v,rowIndex:r,columnIndex:i}},R=a.length;return(0,E.jsx)(p.Z,{children:(0,E.jsx)(j.b,{children:(0,E.jsxs)("div",{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:[(0,E.jsx)(Ee.M,{children:(0,E.jsxs)(Pe.P,{children:[(0,E.jsx)(De.h,{toggleIcon:(0,E.jsx)(Ke.Ay,{}),breakpoint:"xl",children:(0,E.jsx)(ke.T,{variant:"search-filter",children:(0,E.jsx)(Fe.D,{id:n+o.idSuffix,style:{width:"250px"},placeholder:o.placeholder,value:I,onChange:function(e,n){return A(n)},onClear:function(){return A("")}})})}),(0,E.jsx)(ke.T,{variant:ke.U.pagination,align:{default:"alignRight"},children:(0,E.jsx)($e,{isTop:!0,count:O.length,params:b,onChange:N})})]})}),(0,E.jsxs)(Le.X,{"aria-label":(null!==n&&void 0!==n?n:u)+" table",variant:Be.a.compact,children:[(0,E.jsx)(Re.d,{children:(0,E.jsx)(Ue.Tr,{children:a.map(function(e,n){return(0,E.jsx)(We.Th,{width:e.width,sort:null!=e.sortIndex?{columnIndex:e.sortIndex,sortBy:(0,Oe.A)({},w),onSort:T}:void 0,children:e.header},e.key)})})}),(0,E.jsx)(tn,{isNoData:0===O.length,numRenderedColumns:R,noDataEmptyState:(0,E.jsxs)(Ie.p,{variant:Ie.s.sm,children:[(0,E.jsx)(Ae.o,{icon:(0,E.jsx)(Ce.q,{icon:Ge.Ay}),titleText:"No results found",headingLevel:"h2"}),(0,E.jsx)(be.h,{children:"Clear all filters and try again."})]}),children:null===M||void 0===M?void 0:M.map(function(e,n){var r,i=t(e),o=k[i],l=!!o;return(0,E.jsxs)(ze.N,{isExpanded:l,children:[(0,E.jsx)(Ue.Tr,{children:a.map(function(r,i){return(0,E.jsx)(Ze.Td,{width:r.width,dataLabel:r.header,component:0===i?"th":void 0,compoundExpand:r.compoundExpand?B(e,r.key,n,i):void 0,children:r.render(e)},r.key)})}),l&&o?(0,E.jsx)(Ue.Tr,{isExpanded:!0,children:(0,E.jsx)(Ze.Td,{dataLabel:null===(r=a.find(function(e){return e.key===o}))||void 0===r?void 0:r.header,noPadding:!0,colSpan:R,children:(0,E.jsx)(Ve.g,{children:(0,E.jsx)("div",{className:"pf-v5-u-m-md",children:s(e,o)})})})}):null]},i)})})]}),(0,E.jsx)($e,{isTop:!1,count:O.length,params:b,onChange:N})]})})})}var on=function(e){var n=e.name,r=e.showVersion,i=void 0!==r&&r;return(0,E.jsx)(E.Fragment,{children:(0,E.jsx)("a",{href:Q(n),target:"_blank",rel:"noreferrer",children:Y(n,i)})})},ln=function(e){var n=e.packageName;e.cves;return(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,status:"success",children:(0,E.jsx)("img",{src:k,alt:"Security Check Icon"})}),"\xa0",(0,E.jsx)("a",{href:H(n),target:"_blank",rel:"noreferrer",children:X(n)})]})},cn=function(e){var n,r,i,t=e.packageRef,a=e.vulnerability,o=Kn();return(0,E.jsx)(E.Fragment,{children:null===(null===(n=a.remediation)||void 0===n?void 0:n.fixedIn)||0===(null===(r=a.remediation)||void 0===r||null===(i=r.fixedIn)||void 0===i?void 0:i.length)?(0,E.jsx)("p",{}):(0,E.jsx)("a",{href:q(t,o),target:"_blank",rel:"noreferrer",children:a.id})})},sn=r(8559),dn=r(7540),un=r(8762),hn=r(974),vn=function(e){var n,r=e.vulnerability;if("UNKNOWN"===r.severity)return(0,E.jsx)(E.Fragment,{children:"N/A"});switch(r.severity){case"CRITICAL":n="bar-critical";break;case"HIGH":n="bar-high";break;case"MEDIUM":n="bar-medium";break;case"LOW":n="bar-low";break;default:n="bar-default"}return(0,E.jsx)(E.Fragment,{children:(0,E.jsx)(sn.B,{hasGutter:!0,children:(0,E.jsx)(dn.o,{isFilled:!0,children:(0,E.jsx)(un.k,{title:"".concat(r.cvssScore,"/10"),"aria-label":"cvss-score",value:r.cvssScore,min:0,max:10,size:un.j.sm,measureLocation:hn.Ri.none,className:"".concat(n)})})})})},gn=function(e){var n,r,i=e.vulnerability;switch(i.severity){case"CRITICAL":r="#800000";break;case"HIGH":r="#FF0000";break;case"MEDIUM":r="#FFA500";break;case"LOW":r="#5BA352";break;default:r="#808080"}return(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:r,height:"13px"}})}),"\xa0",J(null!==(n=i.severity)&&void 0!==n?n:"UNKNOWN")]})},pn=function(e){var n,r,i=e.id,t=Kn();return(0,E.jsx)("a",{href:(n=i,r=t,r.cveIssueTemplate.replace("__ISSUE_ID__",n)),target:"_blank",rel:"noreferrer",children:i})},xn=r(4486),fn=function(e){var n=e.title,r=i.useState(!1),t=(0,F.A)(r,2),a=t[0],o=t[1];return(0,E.jsx)(xn.Q,{variant:xn.J.truncate,toggleText:a?"Show less":"Show more",onToggle:function(e,n){o(n)},isExpanded:a,children:n||"-"})},mn=function(e){var n,r,i,t,a,o=e.item,l=(e.providerName,e.rowIndex);return a=o.vulnerability.cves&&o.vulnerability.cves.length>0?o.vulnerability.cves:[o.vulnerability.id],(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(Ze.Td,{children:a.map(function(e,n){return(0,E.jsx)("p",{children:(0,E.jsx)(pn,{id:e})},n)})}),(0,E.jsx)(Ze.Td,{children:(0,E.jsx)(fn,{title:o.vulnerability.title})}),(0,E.jsx)(Ze.Td,{noPadding:!0,children:(0,E.jsx)(gn,{vulnerability:o.vulnerability})}),(0,E.jsx)(Ze.Td,{children:(0,E.jsx)(vn,{vulnerability:o.vulnerability})}),(0,E.jsx)(Ze.Td,{children:(0,E.jsx)(on,{name:o.dependencyRef,showVersion:!0})}),(0,E.jsx)(Ze.Td,{children:null!==(n=o.vulnerability.remediation)&&void 0!==n&&n.trustedContent?(0,E.jsx)(ln,{cves:o.vulnerability.cves||[],packageName:null===(r=o.vulnerability.remediation)||void 0===r||null===(i=r.trustedContent)||void 0===i?void 0:i.ref},l):null!==(t=o.vulnerability.remediation)&&void 0!==t&&t.fixedIn?(0,E.jsx)(cn,{packageRef:o.dependencyRef,vulnerability:o.vulnerability}):d(o.vulnerability)?null:(0,E.jsx)("span",{})})]},l)},jn=function(e){var n=e.providerName,r=e.transitiveDependencies;return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" transitive vulnerabilities",children:[(0,E.jsx)(Re.d,{children:(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(We.Th,{width:15,children:"Vulnerability ID"}),(0,E.jsx)(We.Th,{width:20,children:"Description"}),(0,E.jsx)(We.Th,{width:10,children:"Severity"}),(0,E.jsx)(We.Th,{width:15,children:"CVSS Score"}),(0,E.jsx)(We.Th,{width:20,children:"Transitive Dependency"}),(0,E.jsx)(We.Th,{width:20,children:"Remediation"})]})}),(0,E.jsx)(tn,{isNoData:0===r.length,numRenderedColumns:7,children:u(r).map(function(e,r){return(0,E.jsx)(ze.N,{children:(0,E.jsx)(mn,{item:e,providerName:n,rowIndex:r})},r)})})]})})},yn=function(e){var n=e.providerName,r=e.dependency,i=e.vulnerabilities;return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":(null!==n&&void 0!==n?n:"Default")+" direct vulnerabilities",children:[(0,E.jsx)(Re.d,{children:(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(We.Th,{width:15,children:"Vulnerability ID"}),(0,E.jsx)(We.Th,{width:20,children:"Description"}),(0,E.jsx)(We.Th,{width:10,children:"Severity"}),(0,E.jsx)(We.Th,{width:15,children:"CVSS Score"}),(0,E.jsx)(We.Th,{width:20,children:"Direct Dependency"}),(0,E.jsx)(We.Th,{width:20,children:"Remediation"})]})}),(0,E.jsx)(tn,{isNoData:0===i.length,numRenderedColumns:6,children:null===i||void 0===i?void 0:i.map(function(e,i){var t=[];return e.cves&&e.cves.length>0?e.cves.forEach(function(e){return t.push(e)}):e.unique&&t.push(e.id),(0,E.jsx)(ze.N,{children:t.map(function(t,a){return(0,E.jsx)(mn,{item:{id:e.id,dependencyRef:r.ref,vulnerability:e},providerName:n,rowIndex:i},"".concat(i,"-").concat(a))})},i)})})]})})},In=r(1640),An=function(e){var n=e.vulnerabilities,r=void 0===n?[]:n,i=e.transitiveDependencies,t=void 0===i?[]:i,a={CRITICAL:0,HIGH:0,MEDIUM:0,LOW:0,UNKNOWN:0};return r.length>0?r.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++}):null===t||void 0===t||t.forEach(function(e){var n;null===(n=e.issues)||void 0===n||n.forEach(function(e){var n=e.severity;n&&a.hasOwnProperty(n)&&a[n]++})}),(0,E.jsxs)(In.Z,{children:[a.CRITICAL>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#800000",height:"13px"}})}),"\xa0",a.CRITICAL,"\xa0"]}),a.HIGH>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#FF0000",height:"13px"}})}),"\xa0",a.HIGH,"\xa0"]}),a.MEDIUM>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#FFA500",height:"13px"}})}),"\xa0",a.MEDIUM,"\xa0"]}),a.LOW>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#5BA352",height:"13px"}})}),"\xa0",a.LOW,"\xa0"]}),a.UNKNOWN>0&&(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:"#808080",height:"13px"}})}),"\xa0",a.UNKNOWN]})]})},Cn=function(e){var n,r,i=e.dependency,t=null===(n=i.issues)||void 0===n?void 0:n.some(function(e){return d(e)}),a=(null===(r=i.transitive)||void 0===r?void 0:r.some(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.some(function(e){return d(e)})}))||!1;return(0,E.jsx)(E.Fragment,{children:t||a?"Yes":"No"})},bn=function(e){var n=e.name,r=e.dependencies,i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,E.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"direct",header:"Direct Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n,r;return null!==(n=e.issues)&&void 0!==n&&n.length?(0,E.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,E.jsx)("div",{style:{width:"25px"},children:null===(r=e.issues)||void 0===r?void 0:r.length}),(0,E.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,E.jsx)(An,{vulnerabilities:e.issues})]}):0}},{key:"transitive",header:"Transitive Vulnerabilities",width:15,compoundExpand:!0,render:function(e){var n;return null!==(n=e.transitive)&&void 0!==n&&n.length?(0,E.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,E.jsx)("div",{style:{width:"25px"},children:e.transitive.map(function(e){var n;return null===(n=e.issues)||void 0===n?void 0:n.length}).reduce(function(){return(arguments.length>0&&void 0!==arguments[0]?arguments[0]:0)+(arguments.length>1&&void 0!==arguments[1]?arguments[1]:0)})}),(0,E.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,E.jsx)(An,{transitiveDependencies:e.transitive})]}):0}},{key:"rhRemediation",header:"Remediation available",width:15,render:function(e){return(0,E.jsx)(Cn,{dependency:e})}}];return(0,E.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-dependency-filter"},compareToByColumn:function(e,n,r){return 1===r?e.ref.localeCompare(n.ref):0},filterItem:function(e,n){var r,i;return!!(null!==(r=e.issues)&&void 0!==r&&r.length||null!==(i=e.transitive)&&void 0!==i&&i.length)&&(!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase()))},renderExpandContent:function(e,r){var i,t;return"direct"===r&&null!==(i=e.issues)&&void 0!==i&&i.length?(0,E.jsx)(yn,{providerName:n,dependency:e,vulnerabilities:e.issues}):"transitive"===r&&null!==(t=e.transitive)&&void 0!==t&&t.length?(0,E.jsx)(jn,{providerName:n,transitiveDependencies:e.transitive}):null},ariaLabelPrefix:"Dependencies",expandId:"compound-expandable-example",defaultExpanded:{"siemur/test-space":"name"}})},wn=de;var Nn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=e.countBy,a="identifiers"===(void 0===t?"evidence":t)?function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){(e.identifiers||[]).forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++})}),n}(r):function(e){var n={PERMISSIVE:0,WEAK_COPYLEFT:0,STRONG_COPYLEFT:0,UNKNOWN:0};return null===e||void 0===e||e.forEach(function(e){var r=(e.category||"UNKNOWN").toUpperCase().replace(/-/g,"_");n.hasOwnProperty(r)?n[r]++:n.UNKNOWN++}),n}(r);return(0,E.jsx)(In.Z,{children:wn.map(function(e){return a[e]>0&&(0,E.jsxs)(i.Fragment,{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:ie[e],height:"13px"}})}),"\xa0",a[e],"\xa0"]},e)})})},Tn=function(e){var n=e.concluded;return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(A.B,{children:[(0,E.jsxs)(y.W,{children:[(0,E.jsx)(m.X,{children:"License name"}),(0,E.jsx)(I.d,{children:n.name||"\u2014"})]}),(0,E.jsxs)(y.W,{children:[(0,E.jsx)(m.X,{children:"Expression"}),(0,E.jsx)(I.d,{children:n.expression||"\u2014"})]}),(0,E.jsxs)(y.W,{children:[(0,E.jsx)(m.X,{children:"Category"}),(0,E.jsx)(I.d,{children:n.category?le(n.category):"\u2014"})]})]})})},Sn=r(5435),Mn="Evidence",On="Expression",En="Identifiers",Pn="Category",Dn="Status";function kn(e){var n,r=e.info,i=null!==(n=null===r||void 0===r?void 0:r.identifiers)&&void 0!==n?n:[],t=i.some(function(e){return!0===e.isDeprecated}),a=i.some(function(e){return!0===e.isOsiApproved}),o=i.some(function(e){return!0===e.isFsfLibre});return t||a||o?(0,E.jsxs)(Sn.s,{gap:{default:"gapSm"},alignItems:{default:"alignItemsCenter"},children:[t&&(0,E.jsx)(In.Z,{children:(0,E.jsx)("span",{title:"Deprecated identifier",children:(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:oe,height:"13px"}})})})}),a&&(0,E.jsx)(In.Z,{children:(0,E.jsx)("img",{src:"https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/open-source-initiative.svg",alt:"OSI Approved",title:"OSI Approved",style:{height:"1.1em",verticalAlign:"middle"}})}),o&&(0,E.jsx)(In.Z,{children:(0,E.jsx)("img",{src:"https://www.gnu.org/graphics/fsf-logo-notext-small.png",alt:"FSF Libre",title:"FSF Free/Libre",style:{height:"1.1em",verticalAlign:"middle"}})})]}):(0,E.jsx)(E.Fragment,{children:"\u2014"})}var Fn=function(e){var n=e.evidence,r=void 0===n?[]:n,t=(0,i.useMemo)(function(){return(0,Ye.A)(r).sort(function(e,n){return ue(e.category)-ue(n.category)})},[r]);return(0,E.jsx)(p.Z,{style:{backgroundColor:"var(--pf-v5-global--BackgroundColor--100)"},children:(0,E.jsxs)(Le.X,{variant:Be.a.compact,"aria-label":"Evidence licenses",children:[(0,E.jsx)(Re.d,{children:(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(We.Th,{width:30,children:Mn}),(0,E.jsx)(We.Th,{width:20,children:On}),(0,E.jsx)(We.Th,{width:25,children:En}),(0,E.jsx)(We.Th,{width:15,children:Pn}),(0,E.jsx)(We.Th,{width:10,children:Dn})]})}),(0,E.jsx)(tn,{isNoData:0===t.length,numRenderedColumns:5,children:(0,E.jsx)(ze.N,{children:t.map(function(e,n){var r,i,t,a=e.name||(null===(r=e.identifiers)||void 0===r?void 0:r.map(function(e){return e.name||e.id}).join(", "))||e.expression||"\u2014",o=e.expression||"\u2014",l=null!==(i=null===(t=e.identifiers)||void 0===t?void 0:t.map(function(e){return e.id}))&&void 0!==i?i:[],c=e.category||"\u2014",s=ce(e.category);return(0,E.jsxs)(Ue.Tr,{children:[(0,E.jsx)(Ze.Td,{dataLabel:Mn,children:a}),(0,E.jsx)(Ze.Td,{dataLabel:On,children:o}),(0,E.jsx)(Ze.Td,{dataLabel:En,style:{whiteSpace:"pre-line"},children:l.length?l.join("\n"):"\u2014"}),(0,E.jsx)(Ze.Td,{dataLabel:Pn,children:"\u2014"!==c?(0,E.jsxs)("span",{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:s,height:"13px"}})}),"\xa0",le(e.category)]}):"\u2014"}),(0,E.jsx)(Ze.Td,{dataLabel:Dn,children:(0,E.jsx)(kn,{info:e})})]},n)})})})]})})};var Ln=function(e){var n=e.name,r=function(e){return Object.entries(e||{}).map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return{ref:r,concluded:i.concluded,evidence:i.evidence||[]}})}(e.dependencies),i=[{key:"name",header:"Dependency Name",width:30,sortIndex:1,render:function(e){return(0,E.jsx)(on,{name:e.ref})}},{key:"version",header:"Current Version",width:15,render:function(e){return X(e.ref)}},{key:"concluded",header:"Concluded",width:20,sortIndex:2,compoundExpand:!0,render:function(e){var n;if(!e.concluded)return"\u2014";var r=e.concluded.expression||e.concluded.name||"\u2014",i=null===(n=e.concluded.identifiers)||void 0===n?void 0:n.some(function(e){return!0===e.isDeprecated});return(0,E.jsxs)("span",{style:{display:"inline-flex",alignItems:"center",gap:6},children:[i&&(0,E.jsx)(v.I,{isInline:!0,title:"Concluded license is deprecated",children:(0,E.jsx)(ve.Ay,{style:{fill:"#F0AB00",height:"13px"}})}),r]})}},{key:"category",header:"Category",width:15,sortIndex:3,render:function(e){var n;return null!==(n=e.concluded)&&void 0!==n&&n.category?(0,E.jsxs)("span",{children:[(0,E.jsx)(v.I,{isInline:!0,children:(0,E.jsx)(ve.Ay,{style:{fill:ce(e.concluded.category),height:"13px"}})}),"\xa0",le(e.concluded.category)]}):"\u2014"}},{key:"evidences",header:"Evidences",width:25,compoundExpand:!0,render:function(e){var n;return null!==(n=e.evidence)&&void 0!==n&&n.length?(0,E.jsxs)("div",{style:{display:"flex",alignItems:"center"},children:[(0,E.jsx)("div",{style:{width:"25px"},children:e.evidence.length}),(0,E.jsx)(g.c,{orientation:{default:"vertical"},style:{paddingRight:"10px"}}),(0,E.jsx)(Nn,{evidence:e.evidence,countBy:"identifiers"})]}):0}}];return(0,E.jsx)(an,{name:n,items:r,getRowKey:function(e){return e.ref},columns:i,filterConfig:{placeholder:"Filter by Dependency name",idSuffix:"-license-filter"},compareToByColumn:function(e,n,r){switch(r){case 1:return e.ref.localeCompare(n.ref);case 2:var i,t,a,o,l=(null===(i=e.concluded)||void 0===i?void 0:i.expression)||(null===(t=e.concluded)||void 0===t?void 0:t.name)||"",c=(null===(a=n.concluded)||void 0===a?void 0:a.expression)||(null===(o=n.concluded)||void 0===o?void 0:o.name)||"";return l.localeCompare(c);case 3:var s,d,u=(null===(s=e.concluded)||void 0===s?void 0:s.category)||"",h=(null===(d=n.concluded)||void 0===d?void 0:d.category)||"";return u.localeCompare(h);default:return 0}},filterItem:function(e,n){return!n||0===n.trim().length||-1!==e.ref.toLowerCase().indexOf(n.toLowerCase())},renderExpandContent:function(e,n){var r;return"concluded"===n&&e.concluded?(0,E.jsx)(Tn,{concluded:e.concluded}):"evidences"===n&&null!==(r=e.evidence)&&void 0!==r&&r.length?(0,E.jsx)(Fn,{evidence:e.evidence}):null},ariaLabelPrefix:"Licenses",expandId:"evidences-compound-expand",initialSortBy:{index:3,direction:"desc"}})},Bn=r(1157),Rn="vulnerabilities",Un="licenses",Wn=function(e){var n=e.report,r=Kn(),t=c(n),o=t.length>0,l=(0,i.useMemo)(function(){var e;return(null!==(e=n.licenses)&&void 0!==e?e:[]).filter(function(e){return e.summary.total>0})},[n.licenses]),d=l.length>0,u=o?s(t[0]):null,h=d?l[0].status.name:null,v=i.useState(o?Rn:Un),g=(0,F.A)(v,2),p=g[0],x=g[1],f=i.useState(null!==u&&void 0!==u?u:0),m=(0,F.A)(f,2),j=m[0],y=m[1],I=i.useState(null!==h&&void 0!==h?h:0),A=(0,F.A)(I,2),C=A[0],b=A[1],w=r.writeKey&&""!==r.writeKey.trim()?Bn.N.load({writeKey:r.writeKey}):null,N=(0,i.useRef)("");(0,i.useEffect)(function(){w&&null!=r.anonymousId&&w.setAnonymousId(r.anonymousId)},[w,r.anonymousId]),(0,i.useEffect)(function(){d&&null!=h&&(new Set(l.map(function(e){return e.status.name})).has(String(C))||b(h))},[d,h,l,C]);var T=p===Rn?j:C;(0,i.useEffect)(function(){w&&T!==N.current&&(w.track("rhda.exhort.tab",{tabName:T}),N.current=T)},[w,T]);var S=[];return o&&S.push((0,E.jsx)(Te.o,{eventKey:Rn,title:(0,E.jsx)(Se.V,{children:"Vulnerabilities"}),"aria-label":"Vulnerabilities",children:(0,E.jsx)(Me.t,{activeKey:j,onSelect:function(e,n){y(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"Vulnerability providers",role:"region",children:t.map(function(e){var n,r=s(e),i=null===(n=e.report.dependencies)||void 0===n?void 0:n.filter(function(e){return e.highestVulnerability});return(0,E.jsx)(Te.o,{eventKey:r,title:(0,E.jsx)(Se.V,{children:r}),"aria-label":"".concat(r," source"),children:(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(bn,{name:r,dependencies:i})})},r)})})},Rn)),d&&S.push((0,E.jsx)(Te.o,{eventKey:Un,title:(0,E.jsx)(Se.V,{children:"Licenses"}),"aria-label":"Licenses",children:(0,E.jsx)(Me.t,{activeKey:C,onSelect:function(e,n){b(n)},isSecondary:!0,isBox:!0,variant:"light300","aria-label":"License providers",role:"region",children:l.map(function(e){return(0,E.jsx)(Te.o,{eventKey:e.status.name,title:(0,E.jsx)(Se.V,{children:e.status.name}),"aria-label":"".concat(e.status.name," source"),children:(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(Ln,{name:e.status.name,dependencies:e.packages})})},e.status.name)})})},Un)),0===S.length?null:(0,E.jsx)("div",{children:(0,E.jsx)(Me.t,{activeKey:p,onSelect:function(e,n){x(n)},"aria-label":"Providers",role:"region",variant:"light300",isBox:!0,children:S})})},zn=function(e){var n,r=e.report,t=(0,i.useMemo)(function(){return Object.entries(r).sort(function(e,n){var r=(0,F.A)(e,1)[0],i=(0,F.A)(n,1)[0];return r.localeCompare(i)})},[r]),c=i.useState((null===(n=t[0])||void 0===n?void 0:n[0])||""),s=(0,F.A)(c,2),d=s[0],u=s[1],h=i.useState(!0),v=(0,F.A)(h,1)[0];(0,i.useEffect)(function(){var e,n=(null===(e=t[0])||void 0===e?void 0:e[0])||"";u(function(e){return new Set(t.map(function(e){return(0,F.A)(e,1)[0]})).has(String(e))?e:n})},[t]);var g=t.map(function(e){var n=(0,F.A)(e,2),r=n[0],i=n[1];return(0,E.jsxs)(Te.o,{eventKey:r,title:(0,E.jsx)(Se.V,{children:_(r)}),"aria-label":"".concat(r," source"),children:[(0,E.jsx)(me,{report:i}),(0,E.jsx)(a.d8,{variant:a.zC.light,children:(0,E.jsx)(o.x,{hasGutter:!0,children:(0,E.jsx)(l.E,{children:(0,E.jsx)(xe,{report:i,isReportMap:!0,purl:r})})})}),(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(Wn,{report:i})})]})});return(0,E.jsx)("div",{children:(0,E.jsx)(Me.t,{activeKey:d,onSelect:function(e,n){u(n)},"aria-label":"Providers",role:"region",variant:v?"light300":"default",isBox:!0,children:g})})},Zn=window.appData,Vn=(0,i.createContext)(Zn),Kn=function(){return(0,i.useContext)(Vn)};var Gn=function(){return(0,E.jsx)(Vn.Provider,{value:Zn,children:(0,E.jsx)(Ne,{children:(e=Zn.report,"object"===typeof e&&null!==e&&Object.keys(e).every(function(n){return"scanned"in e[n]&&"providers"in e[n]&&"object"===typeof e[n].scanned&&"object"===typeof e[n].providers})?(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(zn,{report:Zn.report})}):(0,E.jsxs)(E.Fragment,{children:[(0,E.jsx)(me,{report:Zn.report}),(0,E.jsx)(a.d8,{variant:a.zC.light,children:(0,E.jsx)(o.x,{hasGutter:!0,children:(0,E.jsx)(l.E,{children:(0,E.jsx)(xe,{report:Zn.report})})})}),(0,E.jsx)(a.d8,{variant:a.zC.default,children:(0,E.jsx)(Wn,{report:Zn.report})})]}))})});var e},Yn=function(e){e&&e instanceof Function&&r.e(121).then(r.bind(r,6895)).then(function(n){var r=n.getCLS,i=n.getFID,t=n.getFCP,a=n.getLCP,o=n.getTTFB;r(e),i(e),t(e),a(e),o(e)})};t.createRoot(document.getElementById("root")).render((0,E.jsx)(i.StrictMode,{children:(0,E.jsx)(Gn,{})})),Yn()}},n={};function r(i){var t=n[i];if(void 0!==t)return t.exports;var a=n[i]={id:i,loaded:!1,exports:{}};return e[i].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=e,function(){var e=[];r.O=function(n,i,t,a){if(!i){var o=1/0;for(d=0;d=a)&&Object.keys(r.O).every(function(e){return r.O[e](i[c])})?i.splice(c--,1):(l=!1,a0&&e[d-1][2]>a;d--)e[d]=e[d-1];e[d]=[i,t,a]}}(),r.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(n,{a:n}),n},function(){var e,n=Object.getPrototypeOf?function(e){return Object.getPrototypeOf(e)}:function(e){return e.__proto__};r.t=function(i,t){if(1&t&&(i=this(i)),8&t)return i;if("object"===typeof i&&i){if(4&t&&i.__esModule)return i;if(16&t&&"function"===typeof i.then)return i}var a=Object.create(null);r.r(a);var o={};e=e||[null,n({}),n([]),n(n)];for(var l=2&t&&i;("object"==typeof l||"function"==typeof l)&&!~e.indexOf(l);l=n(l))Object.getOwnPropertyNames(l).forEach(function(e){o[e]=function(){return i[e]}});return o.default=function(){return i},r.d(a,o),a}}(),r.d=function(e,n){for(var i in n)r.o(n,i)&&!r.o(e,i)&&Object.defineProperty(e,i,{enumerable:!0,get:n[i]})},r.e=function(){return Promise.resolve()},r.g=function(){if("object"===typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"===typeof window)return window}}(),r.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},r.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.nmd=function(e){return e.paths=[],e.children||(e.children=[]),e},function(){var e={792:0};r.O.j=function(n){return 0===e[n]};var n=function(n,i){var t,a,o=i[0],l=i[1],c=i[2],s=0;if(o.some(function(n){return 0!==e[n]})){for(t in l)r.o(l,t)&&(r.m[t]=l[t]);if(c)var d=c(r)}for(n&&n(i);s getSummaryValues() {
tree().direct("aa").withTransitive("aaa").direct("ab").withTransitive("aab").build(),
new SourceSummary().direct(0).transitive(2).total(2).high(1).medium(1).dependencies(2),
TEST_SOURCE),
- // Case 6: issues with null CVSS score produce UNKNOWN severity
+ // Case 6: issue with upstream-only remediation (fixedIn, no trustedContent)
+ Arguments.of(
+ Map.of(
+ "pkg:npm/aa@1",
+ new PackageItem(
+ "pkg:npm/aa@1",
+ null,
+ List.of(buildIssueWithUpstreamRemediation(1, 7f, "2.0.0")),
+ Collections.emptyList())),
+ tree().direct("aa").build(),
+ new SourceSummary().direct(1).total(1).high(1).dependencies(1).remediations(1),
+ TEST_SOURCE),
+ // Case 7: issues with null CVSS score produce UNKNOWN severity
Arguments.of(
Map.of(
"pkg:npm/aa@1",
@@ -670,6 +682,19 @@ private static Issue buildIssue(int id, Float score) {
.cvssScore(score);
}
+ private static Issue buildIssueWithUpstreamRemediation(int id, Float score, String fixedVersion) {
+ var r = new Remediation();
+ r.addFixedInItem(fixedVersion);
+ return new Issue()
+ .id(String.format("ISSUE-00%d", id))
+ .title(String.format("ISSUE Example 00%d", id))
+ .source(TEST_SOURCE)
+ .severity(SeverityUtils.fromScore(score))
+ .cves(List.of(String.format("CVE-00%d", id)))
+ .cvssScore(score)
+ .remediation(r);
+ }
+
private static Issue buildIssueWithTcRemediation(int id, Float score, String remediation) {
var r = new Remediation();
r.trustedContent(new RemediationTrustedContent().ref(new PackageRef(remediation)));
diff --git a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java
index a74bf220..77880ee9 100644
--- a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java
+++ b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/RecommendationAggregationTest.java
@@ -46,8 +46,10 @@
import io.github.guacsec.trustifyda.api.PackageRef;
import io.github.guacsec.trustifyda.api.v5.Issue;
import io.github.guacsec.trustifyda.api.v5.ProviderStatus;
+import io.github.guacsec.trustifyda.api.v5.Remediation;
import io.github.guacsec.trustifyda.api.v5.RemediationTrustedContent;
import io.github.guacsec.trustifyda.api.v5.SeverityUtils;
+import io.github.guacsec.trustifyda.api.v5.VersionRange;
import io.github.guacsec.trustifyda.model.PackageItem;
import io.github.guacsec.trustifyda.model.ProviderResponse;
import io.github.guacsec.trustifyda.model.trustify.IndexedRecommendation;
@@ -557,6 +559,54 @@ void testSourceNamePreservedWhenMergingWithIssues() {
assertEquals(1, item.issues().size());
}
+ @Test
+ void testUpstreamRemediationPreservedWhenTrustedContentMerged() {
+ Exchange oldExchange = mock(Exchange.class);
+ Exchange newExchange = mock(Exchange.class);
+ Message oldMessage = createMessageWithBodyStorage();
+ Message newMessage = mock(Message.class);
+
+ var existingRemediation = new Remediation();
+ existingRemediation.addFixedInItem("2.0.0");
+ existingRemediation.addVersionRangesItem(
+ new VersionRange().lowVersion("1.0.0").highVersion("2.0.0"));
+
+ var issue = createIssue("CVE-001", "Issue 1", 7.0f);
+ issue.remediation(existingRemediation);
+
+ oldMessage.setBody(createProviderResponseWithIssues(List.of(issue)));
+ when(oldExchange.getIn()).thenReturn(oldMessage);
+ when(newExchange.getIn()).thenReturn(newMessage);
+ when(newMessage.getBody())
+ .thenReturn(
+ createRecommendations(
+ "pkg:npm/package1@1.0.0",
+ "pkg:npm/package1@2.0.0",
+ Map.of("CVE-001", new Vulnerability("CVE-001", Fixed, NotProvided))));
+
+ Exchange result = aggregation.aggregate(oldExchange, newExchange);
+ ProviderResponse response = result.getIn().getBody(ProviderResponse.class);
+
+ PackageItem resultItem = response.pkgItems().get("pkg:npm/package1@1.0.0");
+ assertNotNull(resultItem);
+ assertEquals(1, resultItem.issues().size());
+
+ var remediation = resultItem.issues().get(0).getRemediation();
+ assertNotNull(remediation);
+
+ assertNotNull(remediation.getFixedIn());
+ assertEquals(1, remediation.getFixedIn().size());
+ assertEquals("2.0.0", remediation.getFixedIn().get(0));
+
+ assertNotNull(remediation.getVersionRanges());
+ assertEquals(1, remediation.getVersionRanges().size());
+ assertEquals("1.0.0", remediation.getVersionRanges().get(0).getLowVersion());
+ assertEquals("2.0.0", remediation.getVersionRanges().get(0).getHighVersion());
+
+ assertNotNull(remediation.getTrustedContent());
+ assertEquals("pkg:npm/package1@2.0.0", remediation.getTrustedContent().getRef().ref());
+ }
+
/** Creates a mock Message that actually stores and retrieves the body. */
@SuppressWarnings("unchecked")
private Message createMessageWithBodyStorage() {
diff --git a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java
index 3f8c2641..161adb2f 100644
--- a/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java
+++ b/src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java
@@ -48,6 +48,7 @@
import io.github.guacsec.trustifyda.api.PackageRef;
import io.github.guacsec.trustifyda.api.v5.Issue;
+import io.github.guacsec.trustifyda.api.v5.RemediationCategory;
import io.github.guacsec.trustifyda.api.v5.Severity;
import io.github.guacsec.trustifyda.integration.Constants;
import io.github.guacsec.trustifyda.integration.providers.trustify.ubi.UBIRecommendation;
@@ -99,7 +100,7 @@ void setUp() {
private static Stream testResponseToIssuesWithValidData() {
return Stream.of(
- // old response without details field
+ // v3 response without details field (fallback path)
"""
{
"pkg:maven/org.postgresql/postgresql@42.5.0": [
@@ -112,29 +113,25 @@ private static Stream testResponseToIssuesWithValidData() {
"CWE-200",
"CWE-377"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "score": 5.8,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed",
"identifier": "GHSA-562r-vg33-8x8h",
"document_id": "GHSA-562r-vg33-8x8h",
"title": "TemporaryFolder on unix-like systems does not limit access to created files",
- "labels": {
- "type": "osv",
- "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json",
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.8,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -144,61 +141,48 @@ private static Stream testResponseToIssuesWithValidData() {
"cwes": [
"CWE-89"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277",
"identifier": "https://www.redhat.com/#RHSA-2024_1797",
"document_id": "RHSA-2024:1797",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
"name": "Red Hat Product Security"
- },
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
- "labels": {
- "importer": "redhat-csaf",
- "file": "2024/rhsa-2024_1797.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e",
"identifier": "https://www.redhat.com/#RHSA-2024_1662",
"document_id": "RHSA-2024:1662",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
"name": "Red Hat Product Security"
- },
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
- }
- ]
- }
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]
}
""",
- // new response with details field
+ // v3 response with details field
"""
{
"pkg:maven/org.postgresql/postgresql@42.5.0": {
@@ -212,29 +196,25 @@ private static Stream testResponseToIssuesWithValidData() {
"CWE-200",
"CWE-377"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "score": 5.8,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed",
"identifier": "GHSA-562r-vg33-8x8h",
"document_id": "GHSA-562r-vg33-8x8h",
"title": "TemporaryFolder on unix-like systems does not limit access to created files",
- "labels": {
- "type": "osv",
- "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json",
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.8,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -244,63 +224,50 @@ private static Stream testResponseToIssuesWithValidData() {
"cwes": [
"CWE-89"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277",
"identifier": "https://www.redhat.com/#RHSA-2024_1797",
"document_id": "RHSA-2024:1797",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
"name": "Red Hat Product Security"
- },
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
- "labels": {
- "importer": "redhat-csaf",
- "file": "2024/rhsa-2024_1797.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e",
"identifier": "https://www.redhat.com/#RHSA-2024_1662",
"document_id": "RHSA-2024:1662",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
"name": "Red Hat Product Security"
- },
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
- }
- ]
- }
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]
},
"warnings": []
},
""",
- // new response with withdrawn field
+ // v3 response with withdrawn field
"""
{
"pkg:maven/org.postgresql/postgresql@42.5.0": {
@@ -311,30 +278,20 @@ private static Stream testResponseToIssuesWithValidData() {
"title": "This CVE is a placeholder for a vulnerability that has been withdrawn",
"description": "This CVE is a placeholder for a vulnerability that has been withdrawn",
"withdrawn": "2024-01-01T00:00:00Z",
- "status": {
- "affected": [
- {
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d9900",
"identifier": "CVE-2022-41948",
"document_id": "CVE-2022-41948",
"title": "This CVE is a placeholder for a vulnerability that has been withdrawn",
- "withdrawn": "2024-01-01T00:00:00Z",
- "labels": {
- "type": "osv",
- "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json",
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.8,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -345,49 +302,38 @@ private static Stream testResponseToIssuesWithValidData() {
"CWE-200",
"CWE-377"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "score": 5.8,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed",
"identifier": "GHSA-562r-vg33-8x8h",
"document_id": "GHSA-562r-vg33-8x8h",
"title": "TemporaryFolder on unix-like systems does not limit access to created files",
- "labels": {
- "type": "osv",
- "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json",
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.8,
- "severity": "medium"
- }
- ]
+ "issuer": null
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d9908",
"identifier": "CVE-2022-41946",
"document_id": "CVE-2022-41946",
"title": "This CVE is a placeholder for a vulnerability that has been withdrawn",
- "withdrawn": "2024-01-01T00:00:00Z",
- "labels": {
- "type": "osv",
- "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json",
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.8,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": null,
+ "withdrawn": "2024-01-01T00:00:00Z"
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -397,56 +343,43 @@ private static Stream testResponseToIssuesWithValidData() {
"cwes": [
"CWE-89"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277",
"identifier": "https://www.redhat.com/#RHSA-2024_1797",
"document_id": "RHSA-2024:1797",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
"name": "Red Hat Product Security"
- },
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
- "labels": {
- "importer": "redhat-csaf",
- "file": "2024/rhsa-2024_1797.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e",
"identifier": "https://www.redhat.com/#RHSA-2024_1662",
"document_id": "RHSA-2024:1662",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
"name": "Red Hat Product Security"
- },
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
- }
- ]
- }
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]
},
@@ -478,8 +411,6 @@ void testResponseToIssuesWithValidData(String jsonResponse) throws IOException {
assertEquals("pgjdbc SQL Injection via line comment generation", issue.getTitle());
assertEquals(9.8f, issue.getCvssScore());
assertEquals(Severity.CRITICAL, issue.getSeverity());
- // assertNotNull(issue.getRemediation());
- // assertEquals(List.of("42.5.5"), issue.getRemediation().getFixedIn());
issue =
issues.stream().filter(i -> i.getId().equals("CVE-2022-41946")).findFirst().orElseThrow();
@@ -501,46 +432,30 @@ void testResponseToIssuesWithMultipleScoreTypes() throws IOException {
{
"identifier": "CVE-2024-1597",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "4",
- "value": 7.2,
- "severity": "high"
- },
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- },
- {
- "type": "2",
- "value": 8.5,
- "severity": "high"
- }
- ],
- "ranges": [
- {
- "events": [
- {
- "fixed": "42.5.5"
- }
- ]
- }
- ]
- }
- ]
+ "base_score": {
+ "type": "4.0",
+ "score": 7.2,
+ "severity": "high"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:1662",
+ "document_id": "RHSA-2024:1662",
+ "title": "Advisory",
+ "issuer": {
+ "id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
}
- }
- ]},
+ ]
+ }
+ ]},
"warnings": []
}
""";
@@ -554,7 +469,7 @@ void testResponseToIssuesWithMultipleScoreTypes() throws IOException {
List issues = packageItem.issues();
Issue issue = issues.get(0);
- // Should prioritize V4 based on SCORE_TYPE_ORDER
+ // v3 provides pre-computed base_score
assertEquals(7.2f, issue.getCvssScore());
assertEquals(Severity.HIGH, issue.getSeverity());
}
@@ -630,7 +545,7 @@ void testResponseToIssuesWithMissingAffectedField() throws IOException {
{
"identifier": "CVE-2024-1597",
"title": "Test CVE",
- "status": {}
+ "purl_statuses": []
}
]},
"warnings": []
@@ -658,25 +573,20 @@ void testResponseToIssuesWithNoScores() throws IOException {
{
"identifier": "CVE-2024-1597",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "id": "advisory-1",
- "labels": {
- "importer": "redhat-csaf"
- },
- "ranges": [
- {
- "events": [
- {
- "fixed": "42.5.5"
- }
- ]
- }
- ]
- }
- ]
- }
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:advisory-1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory 1",
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]},
"warnings": []
@@ -706,33 +616,25 @@ void testResponseToIssuesWithFallbackToDescription() throws IOException {
{
"identifier": "CVE-2024-1597",
"description": "This is a description used as title",
- "status": {
- "affected": [
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
{
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:1662",
+ "document_id": "RHSA-2024:1662",
+ "title": "Advisory",
+ "issuer": null
},
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ],
- "ranges": [
- {
- "events": [
- {
- "fixed": "42.5.5"
- }
- ]
- }
- ]
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
}
- ]}
+ ]
}
]
}
@@ -760,32 +662,25 @@ void testResponseToIssuesWithDefaultSource() throws IOException {
{
"identifier": "CVE-2024-1597",
"description": "This is a description used as title",
- "status": {
- "affected": [
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
{
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:1662",
+ "document_id": "RHSA-2024:1662",
+ "title": "Advisory",
+ "issuer": null
},
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ],
- "ranges": [
- {
- "events": [
- {
- "fixed": "42.5.5"
- }
- ]
- }
- ]
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
}
- ]}
+ ]
}
]
}
@@ -801,7 +696,7 @@ void testResponseToIssuesWithDefaultSource() throws IOException {
assertEquals(1, issues.size());
Issue issue = issues.get(0);
- assertEquals("manual", issue.getSource());
+ assertEquals("unknown", issue.getSource());
}
@Test
@@ -814,43 +709,36 @@ void testResponseToIssuesWithMultipleFixedVersions() throws IOException {
{
"identifier": "CVE-2024-1597",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ],
- "ranges": [
- {
- "events": [
- {
- "fixed": "42.5.5"
- },
- {
- "fixed": "42.6.0"
- }
- ]
- },
- {
- "events": [
- {
- "fixed": "43.0.0"
- }
- ]
- }
- ]
- }
- ]}
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:1662",
+ "document_id": "RHSA-2024:1662",
+ "title": "Advisory",
+ "issuer": {
+ "id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": {
+ "high_version": "42.5.5",
+ "high_inclusive": false
+ },
+ "remediations": [
+ {
+ "category": "vendor_fix",
+ "details": "Update to version 42.5.5"
+ }
+ ]
+ }
+ ]
}
]
},
@@ -870,50 +758,110 @@ void testResponseToIssuesWithMultipleFixedVersions() throws IOException {
Issue issue = issues.get(0);
assertNotNull(issue.getRemediation());
List fixedVersions = issue.getRemediation().getFixedIn();
- assertEquals(3, fixedVersions.size());
- assertTrue(fixedVersions.contains("42.5.5"));
- assertTrue(fixedVersions.contains("42.6.0"));
- assertTrue(fixedVersions.contains("43.0.0"));
+ assertEquals(1, fixedVersions.size());
+ assertEquals("42.5.5", fixedVersions.get(0));
+ assertNotNull(issue.getRemediation().getVersionRanges());
+ assertEquals(1, issue.getRemediation().getVersionRanges().size());
+ assertEquals("42.5.5", issue.getRemediation().getVersionRanges().get(0).getHighVersion());
+ assertEquals(false, issue.getRemediation().getVersionRanges().get(0).getHighInclusive());
+ assertNotNull(issue.getRemediation().getRemediations());
+ assertEquals(1, issue.getRemediation().getRemediations().size());
+ assertEquals(
+ RemediationCategory.VENDOR_FIX,
+ issue.getRemediation().getRemediations().get(0).getCategory());
+ assertEquals(
+ "Update to version 42.5.5", issue.getRemediation().getRemediations().get(0).getDetails());
}
@Test
- void testResponseToIssuesWithDependencyNotInTree() throws IOException {
+ void testResponseToIssuesWithHighInclusiveVersionRange() throws IOException {
String jsonResponse =
"""
{
- "pkg:maven/some.other/package@1.0.0": {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
"details": [
- {
- "identifier": "CVE-2024-1597",
- "title": "Test CVE",
- "status": {
- "affected": [
+ {
+ "identifier": "CVE-2024-1597",
+ "title": "Test CVE",
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
{
- "labels": {
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ],
- "ranges": [
- {
- "events": [
- {
- "fixed": "1.0.1"
- }
- ]
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:1662",
+ "document_id": "RHSA-2024:1662",
+ "title": "Advisory",
+ "issuer": {
+ "id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
+ "name": "Red Hat Product Security"
}
- ]
+ },
+ "status": "affected",
+ "version_range": {
+ "high_version": "42.5.5",
+ "high_inclusive": true
+ },
+ "remediations": []
}
]
}
+ ]
+ },
+ "warnings": []
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ List issues = packageItem.issues();
+ assertEquals(1, issues.size());
+
+ Issue issue = issues.get(0);
+ assertNotNull(issue.getRemediation());
+ assertNull(issue.getRemediation().getFixedIn());
+ assertNotNull(issue.getRemediation().getVersionRanges());
+ assertEquals(1, issue.getRemediation().getVersionRanges().size());
+ assertEquals("42.5.5", issue.getRemediation().getVersionRanges().get(0).getHighVersion());
+ assertEquals(true, issue.getRemediation().getVersionRanges().get(0).getHighInclusive());
+ }
+
+ @Test
+ void testResponseToIssuesWithDependencyNotInTree() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/some.other/package@1.0.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-1597",
+ "title": "Test CVE",
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:1662",
+ "document_id": "RHSA-2024:1662",
+ "title": "Advisory",
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]},
"warnings": []
@@ -1087,22 +1035,25 @@ void testResponseToIssuesWithUnscannedRefs() throws IOException {
{
"identifier": "CVE-2024-1597",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "labels": {
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
- }
- ]
- }
+ "base_score": {
+ "type": "3.1",
+ "score": 9.8,
+ "severity": "critical"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
],
"warnings": []
@@ -1116,22 +1067,25 @@ void testResponseToIssuesWithUnscannedRefs() throws IOException {
{
"identifier": "CVE-2024-1234",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "labels": {
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7.5,
- "severity": "high"
- }
- ]
- }
- ]
- }
+ "base_score": {
+ "type": "3.1",
+ "score": 7.5,
+ "severity": "high"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a2",
+ "identifier": "advisory-2",
+ "document_id": "advisory-2",
+ "title": "Advisory",
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]
}
@@ -1203,23 +1157,28 @@ void testResponseToIssuesWithInvalidSeverity() throws IOException {
{
"identifier": "CVE-2024-1597",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "labels": {
- "type": "csaf",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 0.0,
- "severity": "none"
- }
- ]
- }
- ]
- }
+ "base_score": {
+ "type": "3.1",
+ "score": 0.0,
+ "severity": "none"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
],
"warnings": []
@@ -1229,28 +1188,28 @@ void testResponseToIssuesWithInvalidSeverity() throws IOException {
{
"identifier": "CVE-2024-1234",
"title": "Test CVE",
- "status": {
- "affected": [
- {
- "labels": {
- "type": "csaf",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7.5,
- "severity": "high"
- },
- {
- "type": "3.1",
- "value": 0.0,
- "severity": "none"
- }
- ]
- }
- ]
- }
+ "base_score": {
+ "type": "3.1",
+ "score": 7.5,
+ "severity": "high"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a2",
+ "identifier": "advisory-2",
+ "document_id": "advisory-2",
+ "title": "Advisory",
+ "issuer": {
+ "id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]
}
@@ -1283,7 +1242,14 @@ void testResponseToIssuesWithInvalidSeverity() throws IOException {
List issues = packageItem1.issues();
assertFalse(issues.isEmpty(), "CVE with invalid scores should still produce an issue");
assertEquals(1, issues.size());
- assertNull(issues.get(0).getSeverity(), "Issue with no valid scores should have null severity");
+ assertEquals(
+ 0.0f,
+ issues.get(0).getCvssScore(),
+ "Issue with 'none' severity should still have the score");
+ assertEquals(
+ Severity.LOW,
+ issues.get(0).getSeverity(),
+ "Issue with 'none' severity should fall back to score-based severity");
// Package with mixed valid/invalid scores should use the valid score
PackageItem packageItem2 = result.pkgItems().get("pkg:maven/com.other/package@2.0.0");
@@ -1306,25 +1272,20 @@ void testResponseToIssuesWithEmptyScoresArray() throws IOException {
{
"identifier": "CVE-2025-24898",
"title": "Test CVE with empty scores",
- "status": {
- "affected": [
- {
- "labels": {
- "importer": "osv-rustsec"
- },
- "scores": [],
- "ranges": [
- {
- "events": [
- {
- "fixed": "0.10.70"
- }
- ]
- }
- ]
- }
- ]
- }
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": null
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
],
"warnings": []
@@ -1345,4 +1306,505 @@ void testResponseToIssuesWithEmptyScoresArray() throws IOException {
assertEquals("CVE-2025-24898", issues.get(0).getId());
assertNull(issues.get(0).getSeverity(), "Issue with empty scores should have null severity");
}
+
+ @Test
+ void testResponseToIssuesWithFallbackToPurlStatusScores() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-9999",
+ "title": "CVE with scores only in purlStatus",
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "id-1",
+ "name": "Test Issuer"
+ }
+ },
+ "status": "affected",
+ "scores": [
+ { "value": 6.5, "severity": "medium" },
+ { "value": 8.1, "severity": "high" }
+ ],
+ "version_range": null,
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ List issues = packageItem.issues();
+ assertEquals(1, issues.size());
+ assertEquals(8.1f, issues.get(0).getCvssScore(), "Should pick highest score from purlStatus");
+ assertEquals(Severity.HIGH, issues.get(0).getSeverity());
+ }
+
+ @Test
+ void testResponseToIssuesWithVersionRangeAllFields() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-8888",
+ "title": "CVE with full version range",
+ "base_score": {
+ "type": "3.1",
+ "score": 7.0,
+ "severity": "high"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "id-1",
+ "name": "Test Issuer"
+ }
+ },
+ "status": "affected",
+ "version_range": {
+ "version_scheme_id": "semver",
+ "low_version": "42.0.0",
+ "low_inclusive": true,
+ "high_version": "42.5.5",
+ "high_inclusive": false
+ },
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ Issue issue = packageItem.issues().get(0);
+ assertNotNull(issue.getRemediation());
+ var vr = issue.getRemediation().getVersionRanges().get(0);
+ assertEquals("semver", vr.getVersionSchemeId());
+ assertEquals("42.0.0", vr.getLowVersion());
+ assertEquals(true, vr.getLowInclusive());
+ assertEquals("42.5.5", vr.getHighVersion());
+ assertEquals(false, vr.getHighInclusive());
+ assertEquals(List.of("42.5.5"), issue.getRemediation().getFixedIn());
+ }
+
+ @Test
+ void testResponseToIssuesWithRemediationUrl() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-7777",
+ "title": "CVE with remediation URL",
+ "base_score": {
+ "type": "3.1",
+ "score": 5.0,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "id-1",
+ "name": "Test Issuer"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": [
+ {
+ "category": "vendor_fix",
+ "details": "Update to latest version",
+ "url": "https://example.com/fix"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ Issue issue = packageItem.issues().get(0);
+ assertNotNull(issue.getRemediation());
+ var rem = issue.getRemediation().getRemediations().get(0);
+ assertEquals(RemediationCategory.VENDOR_FIX, rem.getCategory());
+ assertEquals("Update to latest version", rem.getDetails());
+ assertEquals("https://example.com/fix", rem.getUrl());
+ }
+
+ @Test
+ void testResponseToIssuesWithUnknownRemediationCategory() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-6666",
+ "title": "CVE with unknown remediation category",
+ "base_score": {
+ "type": "3.1",
+ "score": 5.0,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "id-1",
+ "name": "Test Issuer"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": [
+ {
+ "category": "unknown_category",
+ "details": "Some details"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ Issue issue = packageItem.issues().get(0);
+ assertNotNull(issue.getRemediation());
+ var rem = issue.getRemediation().getRemediations().get(0);
+ assertNull(rem.getCategory(), "Unknown category should result in null");
+ assertEquals("Some details", rem.getDetails());
+ }
+
+ @Test
+ void testResponseToIssuesWithNoAdvisory() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-5555",
+ "title": "CVE with no advisory in purlStatus",
+ "base_score": {
+ "type": "3.1",
+ "score": 4.0,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ List issues = packageItem.issues();
+ assertEquals(1, issues.size());
+ assertEquals("unknown", issues.get(0).getSource());
+ }
+
+ @Test
+ void testResponseToIssuesWithBlankIssuerName() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-4444",
+ "title": "CVE with blank issuer name",
+ "base_score": {
+ "type": "3.1",
+ "score": 6.0,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "id-1",
+ "name": " "
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ List issues = packageItem.issues();
+ assertEquals(1, issues.size());
+ assertEquals(
+ "unknown", issues.get(0).getSource(), "Blank issuer name should fall back to 'unknown'");
+ }
+
+ @Test
+ void testResponseToIssuesWithNoSeverityButScorePresent() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-3333",
+ "title": "CVE with score but no severity",
+ "base_score": {
+ "type": "3.1",
+ "score": 9.1
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "advisory-1",
+ "document_id": "advisory-1",
+ "title": "Advisory",
+ "issuer": {
+ "id": "id-1",
+ "name": "Test Issuer"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ Issue issue = packageItem.issues().get(0);
+ assertEquals(9.1f, issue.getCvssScore());
+ assertEquals(
+ Severity.CRITICAL, issue.getSeverity(), "Score-based severity should be CRITICAL for 9.1");
+ }
+
+ @Test
+ void testResponseToIssuesCveDeduplicationBySameSource() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-2222",
+ "title": "CVE appearing in multiple advisories from same source",
+ "base_score": {
+ "type": "3.1",
+ "score": 7.5,
+ "severity": "high"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:001",
+ "document_id": "RHSA-2024:001",
+ "title": "Advisory 1",
+ "issuer": {
+ "id": "id-1",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a2",
+ "identifier": "RHSA-2024:002",
+ "document_id": "RHSA-2024:002",
+ "title": "Advisory 2",
+ "issuer": {
+ "id": "id-1",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ List issues = packageItem.issues();
+ assertEquals(1, issues.size(), "Same CVE from same source should be deduplicated to one issue");
+ assertEquals("CVE-2024-2222", issues.get(0).getId());
+ assertEquals("Red Hat Product Security", issues.get(0).getSource());
+ }
+
+ @Test
+ void testResponseToIssuesSameCveDifferentSources() throws IOException {
+ String jsonResponse =
+ """
+ {
+ "pkg:maven/org.postgresql/postgresql@42.5.0": {
+ "details": [
+ {
+ "identifier": "CVE-2024-1111",
+ "title": "CVE from different sources",
+ "base_score": {
+ "type": "3.1",
+ "score": 6.0,
+ "severity": "medium"
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a1",
+ "identifier": "RHSA-2024:001",
+ "document_id": "RHSA-2024:001",
+ "title": "Advisory 1",
+ "issuer": {
+ "id": "id-1",
+ "name": "Red Hat Product Security"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
+ "uuid": "urn:uuid:a2",
+ "identifier": "GHSA-xxxx",
+ "document_id": "GHSA-xxxx",
+ "title": "GHSA Advisory",
+ "issuer": {
+ "id": "id-2",
+ "name": "GitHub"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
+ }
+ ],
+ "warnings": []
+ }
+ }
+ """;
+
+ byte[] responseBytes = jsonResponse.getBytes();
+ ProviderResponse result =
+ handler.responseToIssues(buildExchange(responseBytes, dependencyTree));
+
+ PackageItem packageItem = result.pkgItems().get("pkg:maven/org.postgresql/postgresql@42.5.0");
+ assertNotNull(packageItem);
+ List issues = packageItem.issues();
+ assertEquals(2, issues.size(), "Same CVE from different sources should produce two issues");
+ assertTrue(issues.stream().anyMatch(i -> "Red Hat Product Security".equals(i.getSource())));
+ assertTrue(issues.stream().anyMatch(i -> "GitHub".equals(i.getSource())));
+ }
}
diff --git a/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java b/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java
index 951fcb09..fc3bc9b8 100644
--- a/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java
+++ b/src/test/java/io/github/guacsec/trustifyda/integration/registry/RegistryEnrichmentServiceTest.java
@@ -38,8 +38,10 @@
import io.github.guacsec.trustifyda.api.v5.DependencyReport;
import io.github.guacsec.trustifyda.api.v5.Issue;
import io.github.guacsec.trustifyda.api.v5.ProviderReport;
+import io.github.guacsec.trustifyda.api.v5.Remediation;
import io.github.guacsec.trustifyda.api.v5.Source;
import io.github.guacsec.trustifyda.api.v5.SourceSummary;
+import io.github.guacsec.trustifyda.api.v5.VersionRange;
import io.github.guacsec.trustifyda.model.DependencyTree;
import io.github.guacsec.trustifyda.model.DirectDependency;
@@ -167,6 +169,39 @@ void setIssueRemediationAlongsideRecommendation() {
assertEquals(dep.getRecommendation(), issue.getRemediation().getTrustedContent().getRef());
}
+ @Test
+ void preserveUpstreamRemediationWhenAddingTrustedContent() {
+ var report = buildReportWithPypiDep("pkg:pypi/requests@2.31.0");
+ var dep = getFirstDep(report);
+
+ var existingRemediation = new Remediation();
+ existingRemediation.addFixedInItem("2.32.0");
+ existingRemediation.addVersionRangesItem(
+ new VersionRange().lowVersion("2.31.0").highVersion("2.32.0"));
+
+ var issue = new Issue().id("CVE-2024-35195").remediation(existingRemediation);
+ dep.issues(new ArrayList<>(List.of(issue)));
+
+ var tree = buildTree("pkg:pypi/requests@2.31.0", Map.of("SHA-256", "abc123"));
+
+ service.enrichReport(report, tree, PKG_PYPI_PREFIX, alwaysRecommend);
+
+ var resultIssue = dep.getIssues().get(0);
+ var remediation = resultIssue.getRemediation();
+ assertNotNull(remediation);
+
+ assertNotNull(remediation.getFixedIn());
+ assertEquals(1, remediation.getFixedIn().size());
+ assertEquals("2.32.0", remediation.getFixedIn().get(0));
+
+ assertNotNull(remediation.getVersionRanges());
+ assertEquals(1, remediation.getVersionRanges().size());
+ assertEquals("2.31.0", remediation.getVersionRanges().get(0).getLowVersion());
+
+ assertNotNull(remediation.getTrustedContent());
+ assertEquals(dep.getRecommendation(), remediation.getTrustedContent().getRef());
+ }
+
@Test
void noEnrichmentWhenRegistryReturnsEmpty() {
var report = buildReportWithPypiDep("pkg:pypi/requests@2.31.0");
diff --git a/src/test/resources/__files/reports/batch_report.json b/src/test/resources/__files/reports/batch_report.json
index 5d29b9c0..c3adfd1b 100644
--- a/src/test/resources/__files/reports/batch_report.json
+++ b/src/test/resources/__files/reports/batch_report.json
@@ -45,7 +45,7 @@
"id": "CVE-2024-1597",
"title": "pgjdbc SQL Injection via line comment generation",
"source": "osv-github",
- "cvssScore": 10.0,
+ "cvssScore": 9.8,
"severity": "CRITICAL",
"cves": [
"CVE-2024-1597"
@@ -68,7 +68,7 @@
"id": "CVE-2024-1597",
"title": "pgjdbc SQL Injection via line comment generation",
"source": "osv-github",
- "cvssScore": 10.0,
+ "cvssScore": 9.8,
"severity": "CRITICAL",
"cves": [
"CVE-2024-1597"
@@ -81,7 +81,7 @@
"id": "CVE-2024-1597",
"title": "pgjdbc SQL Injection via line comment generation",
"source": "osv-github",
- "cvssScore": 10.0,
+ "cvssScore": 9.8,
"severity": "CRITICAL",
"cves": [
"CVE-2024-1597"
diff --git a/src/test/resources/__files/reports/report.json b/src/test/resources/__files/reports/report.json
index f1142c52..60c754f1 100644
--- a/src/test/resources/__files/reports/report.json
+++ b/src/test/resources/__files/reports/report.json
@@ -44,7 +44,7 @@
"id": "CVE-2024-1597",
"title": "pgjdbc SQL Injection via line comment generation",
"source": "osv-github",
- "cvssScore": 10.0,
+ "cvssScore": 9.8,
"severity": "CRITICAL",
"cves": [
"CVE-2024-1597"
@@ -67,7 +67,7 @@
"id": "CVE-2024-1597",
"title": "pgjdbc SQL Injection via line comment generation",
"source": "osv-github",
- "cvssScore": 10.0,
+ "cvssScore": 9.8,
"severity": "CRITICAL",
"cves": [
"CVE-2024-1597"
@@ -80,7 +80,7 @@
"id": "CVE-2024-1597",
"title": "pgjdbc SQL Injection via line comment generation",
"source": "osv-github",
- "cvssScore": 10.0,
+ "cvssScore": 9.8,
"severity": "CRITICAL",
"cves": [
"CVE-2024-1597"
diff --git a/src/test/resources/__files/trustify/maven_report.json b/src/test/resources/__files/trustify/maven_report.json
index f788bfc8..ac4b9a55 100644
--- a/src/test/resources/__files/trustify/maven_report.json
+++ b/src/test/resources/__files/trustify/maven_report.json
@@ -13,33 +13,27 @@
"discovered": null,
"released": null,
"cwes": [],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "high",
+ "score": 8.2
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:6466bd7c-1996-4c47-a5c6-23b77acf12ed",
"identifier": "GHSA-57j2-w4cx-62h2",
"document_id": "GHSA-57j2-w4cx-62h2",
- "issuer": null,
- "published": "2022-03-12T00:00:36Z",
- "modified": "2024-03-15T00:24:56Z",
- "withdrawn": null,
"title": "Deeply nested json in jackson-databind",
- "labels": {
- "file": "github-reviewed/2022/03/GHSA-57j2-w4cx-62h2/GHSA-57j2-w4cx-62h2.json",
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database",
- "type": "osv"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 8.2,
- "severity": "high"
- }
- ]
- }
- ]
- }
+ "issuer": {
+ "name": "osv-github"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -53,33 +47,27 @@
"discovered": null,
"released": null,
"cwes": [],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "high",
+ "score": 8.2
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:355800f5-7dc0-4ccd-9b67-4a3376c9aa27",
"identifier": "GHSA-jjjh-jjxp-wpff",
"document_id": "GHSA-jjjh-jjxp-wpff",
- "issuer": null,
- "published": "2022-10-03T00:00:31Z",
- "modified": "2024-09-13T18:29:13Z",
- "withdrawn": null,
"title": "Uncontrolled Resource Consumption in Jackson-databind",
- "labels": {
- "source": "https://github.com/github/advisory-database",
- "type": "osv",
- "file": "github-reviewed/2022/10/GHSA-jjjh-jjxp-wpff/GHSA-jjjh-jjxp-wpff.json",
- "importer": "osv-github"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 8.2,
- "severity": "high"
- }
- ]
- }
- ]
- }
+ "issuer": {
+ "name": "osv-github"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -93,33 +81,27 @@
"discovered": null,
"released": null,
"cwes": [],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "high",
+ "score": 8.2
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:c81dee15-f217-4f82-9341-4c33fe3329ff",
"identifier": "GHSA-rgv9-q543-rqg4",
"document_id": "GHSA-rgv9-q543-rqg4",
- "issuer": null,
- "published": "2022-10-03T00:00:31Z",
- "modified": "2024-12-02T16:17:21Z",
- "withdrawn": null,
"title": "Uncontrolled Resource Consumption in FasterXML jackson-databind",
- "labels": {
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database",
- "file": "github-reviewed/2022/10/GHSA-rgv9-q543-rqg4/GHSA-rgv9-q543-rqg4.json",
- "type": "osv"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 8.2,
- "severity": "high"
- }
- ]
- }
- ]
- }
+ "issuer": {
+ "name": "osv-github"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
]
},
@@ -140,33 +122,27 @@
"cwes": [
"CWE-757"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "medium",
+ "score": 6.7
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:79474942-d60c-4e59-a876-4c2cbc04649c",
"identifier": "GHSA-3fhx-3vvg-2j84",
"document_id": "GHSA-3fhx-3vvg-2j84",
- "issuer": null,
- "published": "2023-07-04T15:30:18Z",
- "modified": "2023-07-06T15:32:02Z",
- "withdrawn": null,
"title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
- "labels": {
- "importer": "osv-github",
- "file": "github-reviewed/2023/07/GHSA-3fhx-3vvg-2j84/GHSA-3fhx-3vvg-2j84.json",
- "source": "https://github.com/github/advisory-database",
- "type": "osv"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 6.7,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": {
+ "name": "osv-github"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -182,145 +158,95 @@
"cwes": [
"CWE-526"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "high",
+ "score": 7
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:3bfc1236-c7fd-4b2d-b483-ac8a8d98d5f0",
"identifier": "GHSA-f8h5-v2vg-46rr",
"document_id": "GHSA-f8h5-v2vg-46rr",
- "issuer": null,
- "published": "2024-04-04T15:30:34Z",
- "modified": "2024-12-13T00:30:50Z",
- "withdrawn": null,
"title": "quarkus-core leaks local environment variables from Quarkus namespace during application's build",
- "labels": {
- "type": "osv",
- "source": "https://github.com/github/advisory-database",
- "file": "github-reviewed/2024/04/GHSA-f8h5-v2vg-46rr/GHSA-f8h5-v2vg-46rr.json",
- "importer": "osv-github"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7,
- "severity": "high"
- }
- ]
+ "issuer": {
+ "name": "osv-github"
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:71539fc2-a170-4189-90b7-3584119ae418",
"identifier": "https://www.redhat.com/#CVE-2024-2700",
"document_id": "CVE-2024-2700",
+ "title": "quarkus-core: Leak of local configuration properties into Quarkus applications",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-04-03T00:00:00Z",
- "modified": "2025-06-18T18:10:32Z",
- "withdrawn": null,
- "title": "quarkus-core: Leak of local configuration properties into Quarkus applications",
- "labels": {
- "source": "https://security.access.redhat.com/data/csaf/v2/vex/",
- "file": "2024/cve-2024-2700.json",
- "type": "csaf",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7,
- "severity": "high"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:8cd936a2-4583-40dd-ac1b-2c2eea038e7d",
"identifier": "https://www.redhat.com/#CVE-2024-2700",
"document_id": "CVE-2024-2700",
+ "title": "quarkus-core: Leak of local configuration properties into Quarkus applications",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-04-03T00:00:00Z",
- "modified": "2025-03-03T16:41:17Z",
- "withdrawn": null,
- "title": "quarkus-core: Leak of local configuration properties into Quarkus applications",
- "labels": {
- "file": "2024/cve-2024-2700.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/vex/",
- "type": "csaf",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7,
- "severity": "high"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:8d11d8c4-b7ac-4520-ac55-f0b4251b496e",
"identifier": "https://www.redhat.com/#RHSA-2024_2705",
"document_id": "RHSA-2024:2705",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-05-09T11:56:56Z",
- "modified": "2025-06-26T02:53:02Z",
- "withdrawn": null,
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12 release and security update",
- "labels": {
- "importer": "redhat-csaf",
- "file": "2024/rhsa-2024_2705.json",
- "type": "csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7,
- "severity": "high"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:c7ccfee4-2723-4aa5-9968-fd6e6b744102",
"identifier": "https://www.redhat.com/#RHSA-2024_2106",
"document_id": "RHSA-2024:2106",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.8.4 release",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-05-07T16:21:20Z",
- "modified": "2025-06-26T02:53:20Z",
- "withdrawn": null,
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.8.4 release",
- "labels": {
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "file": "2024/rhsa-2024_2106.json",
- "type": "csaf",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 7,
- "severity": "high"
- }
- ]
- }
- ]
- }
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
],
"warnings": []
@@ -342,33 +268,27 @@
"CWE-200",
"CWE-377"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "medium",
+ "score": 5.8
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:595a7085-f230-42b5-9c8f-ab25939d99ed",
"identifier": "GHSA-562r-vg33-8x8h",
"document_id": "GHSA-562r-vg33-8x8h",
- "issuer": null,
- "published": "2022-11-23T22:17:25Z",
- "modified": "2024-03-29T15:42:58Z",
- "withdrawn": null,
"title": "TemporaryFolder on unix-like systems does not limit access to created files",
- "labels": {
- "type": "osv",
- "importer": "osv-github",
- "file": "github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json",
- "source": "https://github.com/github/advisory-database"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.8,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": {
+ "name": "osv-github"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
},
{
"normative": true,
@@ -384,257 +304,163 @@
"cwes": [
"CWE-89"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "critical",
+ "score": 9.8
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:020c0585-32db-4949-bd41-87850add2277",
"identifier": "https://www.redhat.com/#RHSA-2024_1797",
"document_id": "RHSA-2024:1797",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-04-22T10:59:06Z",
- "modified": "2025-06-26T02:54:07Z",
- "withdrawn": null,
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
- "labels": {
- "type": "csaf",
- "file": "2024/rhsa-2024_1797.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:0aeb82c2-3bdd-41dd-a3e3-c30480726986",
"identifier": "https://www.redhat.com/#CVE-2024-1597",
"document_id": "CVE-2024-1597",
+ "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-02-19T00:00:00Z",
- "modified": "2025-07-10T09:23:53Z",
- "withdrawn": null,
- "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
- "labels": {
- "file": "2024/cve-2024-1597.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/vex/",
- "importer": "redhat-csaf",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:35c6db3d-ddcc-4c6b-9c65-4fe823937971",
"identifier": "https://www.redhat.com/#CVE-2024-1597",
"document_id": "CVE-2024-1597",
+ "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-02-19T00:00:00Z",
- "modified": "2025-06-25T01:49:37Z",
- "withdrawn": null,
- "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
- "labels": {
- "source": "https://security.access.redhat.com/data/csaf/v2/vex/",
- "type": "csaf",
- "importer": "redhat-csaf",
- "file": "2024/cve-2024-1597.json"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:6b500ddc-8971-482a-a56d-b835a77904dd",
"identifier": "https://www.redhat.com/#CVE-2024-1597",
"document_id": "CVE-2024-1597",
+ "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-02-19T00:00:00Z",
- "modified": "2025-05-20T16:30:50Z",
- "withdrawn": null,
- "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
- "labels": {
- "file": "2024/cve-2024-1597.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/vex/",
- "importer": "redhat-csaf",
- "type": "csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:7a3fa444-f1c7-4c70-9276-25ba4a25bf59",
"identifier": "https://www.redhat.com/#RHSA-2024_1662",
"document_id": "RHSA-2024:1662",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-04-03T10:53:02Z",
- "modified": "2025-06-26T02:52:45Z",
- "withdrawn": null,
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
- "labels": {
- "type": "csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "file": "2024/rhsa-2024_1662.json",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:9ba57b5f-e234-4a3e-b5a3-7b64cd2bf3a3",
"identifier": "https://www.redhat.com/#CVE-2024-1597",
"document_id": "CVE-2024-1597",
+ "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-02-19T00:00:00Z",
- "modified": "2025-06-24T18:27:58Z",
- "withdrawn": null,
- "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
- "labels": {
- "file": "2024/cve-2024-1597.json",
- "type": "csaf",
- "importer": "redhat-csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/vex/"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:b8be1866-e7a2-4e12-8c61-8b06ec95fdc7",
"identifier": "https://www.redhat.com/#RHSA-2024_1797",
"document_id": "RHSA-2024:1797",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-04-22T10:59:06Z",
- "modified": "2025-07-10T09:25:47Z",
- "withdrawn": null,
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP2 release and security update",
- "labels": {
- "type": "csaf",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "importer": "redhat-csaf",
- "file": "2024/rhsa-2024_1797.json"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:d5b874f9-7dde-409a-98bc-15c68f1bc52c",
"identifier": "GHSA-24rp-q3w6-vc56",
"document_id": "GHSA-24rp-q3w6-vc56",
- "issuer": null,
- "published": "2024-02-21T23:33:43Z",
- "modified": "2024-02-21T23:33:43Z",
- "withdrawn": null,
"title": "org.postgresql:postgresql vulnerable to SQL Injection via line comment generation",
- "labels": {
- "type": "osv",
- "source": "https://github.com/github/advisory-database",
- "importer": "osv-github",
- "file": "github-reviewed/2024/02/GHSA-24rp-q3w6-vc56/GHSA-24rp-q3w6-vc56.json"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 10,
- "severity": "critical"
- }
- ]
+ "issuer": {
+ "name": "osv-github"
+ }
},
- {
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ },
+ {
+ "advisory": {
"uuid": "urn:uuid:ea8dd8f5-40a9-4817-ba11-9606f799fe6e",
"identifier": "https://www.redhat.com/#RHSA-2024_1662",
"document_id": "RHSA-2024:1662",
+ "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
"issuer": {
"id": "aa42c1b1-0591-447c-b2bb-80888252c85f",
- "name": "Red Hat Product Security",
+ "name": "redhat-csaf",
"cpe_key": null,
"website": null
- },
- "published": "2024-04-03T10:53:02Z",
- "modified": "2025-07-10T09:24:30Z",
- "withdrawn": null,
- "title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update",
- "labels": {
- "type": "csaf",
- "file": "2024/rhsa-2024_1662.json",
- "source": "https://security.access.redhat.com/data/csaf/v2/advisories/",
- "importer": "redhat-csaf"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 9.8,
- "severity": "critical"
- }
- ]
- }
- ]
- }
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
],
"warnings": []
@@ -645,4 +471,4 @@
"I don't like this package"
]
}
-}
\ No newline at end of file
+}
diff --git a/src/test/resources/__files/trustify/pypi_report.json b/src/test/resources/__files/trustify/pypi_report.json
index 2f434210..ea49333c 100644
--- a/src/test/resources/__files/trustify/pypi_report.json
+++ b/src/test/resources/__files/trustify/pypi_report.json
@@ -15,33 +15,27 @@
"cwes": [
"CWE-295"
],
- "status": {
- "affected": [
- {
+ "base_score": {
+ "type": "3.1",
+ "severity": "medium",
+ "score": 5.6
+ },
+ "purl_statuses": [
+ {
+ "advisory": {
"uuid": "urn:uuid:a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"identifier": "GHSA-9wx4-h78v-vm56",
"document_id": "GHSA-9wx4-h78v-vm56",
- "issuer": null,
- "published": "2024-05-20T20:15:00Z",
- "modified": "2024-06-10T18:39:00Z",
- "withdrawn": null,
"title": "Requests Session object does not verify requests after making first request with verify=False",
- "labels": {
- "importer": "osv-github",
- "source": "https://github.com/github/advisory-database",
- "file": "github-reviewed/2024/05/GHSA-9wx4-h78v-vm56/GHSA-9wx4-h78v-vm56.json",
- "type": "osv"
- },
- "scores": [
- {
- "type": "3.1",
- "value": 5.6,
- "severity": "medium"
- }
- ]
- }
- ]
- }
+ "issuer": {
+ "name": "osv-github"
+ }
+ },
+ "status": "affected",
+ "version_range": null,
+ "remediations": []
+ }
+ ]
}
],
"warnings": []