Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
newer_than = None
if args.save_dt:
with open(".last_run", "w") as f:
f.write(datetime.now().isoformat())
logging.basicConfig(format='%(asctime)s:%(levelname)s:%(message)s', stream=sys.stderr, level=logging.DEBUG)
logging.getLogger("requests").setLevel(logging.WARNING)
logging.getLogger("urllib3").setLevel(logging.WARNING)
hub = HubInstance()
project = hub.get_project_by_name(args.project_name)
version = hub.get_version_by_name(project, args.version)
version_id = object_id(version)
vulnerable_components_url = hub.get_link(version, "vulnerable-components") + "?limit=9999"
custom_headers = {'Accept':'application/vnd.blackducksoftware.bill-of-materials-6+json'}
response = hub.execute_get(vulnerable_components_url, custom_headers=custom_headers)
vulnerable_bom_components = response.json().get('items', [])
for i, vuln in enumerate(vulnerable_bom_components):
source = vuln['vulnerabilityWithRemediation']['source']
vuln_name = vuln['vulnerabilityWithRemediation']['vulnerabilityName']
# Retrieve additional details about the vulnerability
#
update_guidance_url = vuln['componentVersion'] + "/upgrade-guidance"
update_guidance_results = hub.execute_get(update_guidance_url).json()
vuln['update_guidance'] = update_guidance_results
parameters={}
if args.unmapped:
code_locations = hub.get_codelocations(limit=10000, unmapped=True, parameters=parameters)
else:
code_locations = hub.get_codelocations(limit=10000, parameters=parameters)
code_locations = code_locations.get('items', [])
if args.scan_summaries:
for code_location in code_locations:
scan_summaries = hub.get_codelocation_scan_summaries(code_location_obj=code_location).get('items', [])
code_location['scan_summaries'] = scan_summaries
if args.scan_details:
for scan in scan_summaries:
scan_id = object_id(scan)
# This uses a private API endpoint that can, and probably will, break in the future
# HUB-15330 is the (internal) JIRA ticket # asking that the information in this endpoint
# be made part of the public API
url = hub.get_apibase() + "/v1/scans/{}".format(scan_id)
scan_details = hub.execute_get(url).json()
scan['scan_details'] = scan_details
print(json.dumps(code_locations))
def _get_scans(self, code_location_obj):
# TODO: Scans are returned in reverse chronological order, but should we be safe and sort here?
scan_summaries = self.hub.get_codelocation_scan_summaries(code_location_obj = code_location_obj).get("items", [])
for scan_summary in scan_summaries:
scan_id = object_id(scan_summary)
url = self.hub.get_apibase() + "/v1/scans/{}".format(scan_id)
response = hub.execute_get(url)
scan_details = response.json() if response.status_code == 200 else None
scan_summary['scan_details'] = scan_details
# Check that they all share the same code (scan) location name
names = set([s['scan_details']['name'] for s in scan_summaries])
assert len(names) == 1, "Uh oh, all the scans for a given code (scan) location should have the same name"
return scan_summaries