Skip to content

Checkov report parsing enhanced #12398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jun 3, 2025
Merged

Checkov report parsing enhanced #12398

Changes from 9 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f9de48f
Introduced needed dependencies
shodanwashere May 7, 2025
08f68d9
Added info injection from guideline into finding
shodanwashere May 7, 2025
d4d86f7
Adding BeautifulSoup to requirements
shodanwashere May 7, 2025
f174164
Add benchmark guidelines to mitigation section
shodanwashere May 7, 2025
b2540e2
Revert "Adding BeautifulSoup to requirements"
shodanwashere May 15, 2025
ed4b3f1
Revert "Added info injection from guideline into finding"
shodanwashere May 15, 2025
a25aa8d
Revert "Introduced needed dependencies"
shodanwashere May 15, 2025
195f902
Maintaining benchmark refs in finding
shodanwashere May 15, 2025
f27cd82
Implemented future proofed description inclusion
shodanwashere May 15, 2025
a601ef3
Fixes problems raised by Ruff Linter
shodanwashere May 20, 2025
3100b06
Removed whitespace reported by linter
shodanwashere May 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions dojo/tools/checkov/parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,17 @@
if "check_name" in vuln:
description += f"{vuln['check_name']}\n"

if "description" in vuln:
description += f"\n{vuln['description']}\n"

if "benchmarks" in vuln:
bms = vuln['benchmarks'].keys()

Check failure on line 126 in dojo/tools/checkov/parser.py

View workflow job for this annotation

GitHub Actions / ruff-linting

Ruff (Q000) 

dojo/tools/checkov/parser.py:126:20: Q000 Single quotes found but double quotes preferred
if len(bms) > 0:
mitigation += f"\nBenchmarks:\n"

Check failure on line 128 in dojo/tools/checkov/parser.py

View workflow job for this annotation

GitHub Actions / ruff-linting

Ruff (F821) 

dojo/tools/checkov/parser.py:128:13: F821 Undefined name `mitigation`

Check failure on line 128 in dojo/tools/checkov/parser.py

View workflow job for this annotation

GitHub Actions / ruff-linting

Ruff (F541) 

dojo/tools/checkov/parser.py:128:27: F541 f-string without any placeholders
for bm in bms:
for gl in vuln['benchmarks'][bm]:

Check failure on line 130 in dojo/tools/checkov/parser.py

View workflow job for this annotation

GitHub Actions / ruff-linting

Ruff (Q000) 

dojo/tools/checkov/parser.py:130:32: Q000 Single quotes found but double quotes preferred
mitigation += f"- {bm} # {gl['name']} : {gl['description']}\n"

file_path = vuln.get("file_path", None)
source_line = None
if "file_line_range" in vuln:
Expand All @@ -133,8 +144,6 @@
if "severity" in vuln and vuln["severity"] is not None:
severity = vuln["severity"].capitalize()

mitigation = ""

references = vuln.get("guideline", "")
return Finding(
title=title,
Expand Down
Loading