github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/formatters/sarif.go (about) 1 package formatters 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/severity" 5 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 8 "github.com/owenrumney/go-sarif/v2/sarif" 9 ) 10 11 func outputSARIF(b ConfigurableFormatter, results scan.Results) error { 12 report, err := sarif.New(sarif.Version210) 13 if err != nil { 14 return err 15 } 16 17 run := sarif.NewRunWithInformationURI("defsec", "https://github.com/khulnasoft-lab/defsec") 18 report.AddRun(run) 19 20 for _, res := range results { 21 22 switch res.Status() { 23 case scan.StatusIgnored: 24 if !b.IncludeIgnored() { 25 continue 26 } 27 case scan.StatusPassed: 28 if !b.IncludePassed() { 29 continue 30 } 31 } 32 33 rule := run.AddRule(res.Rule().LongID()). 34 WithDescription(res.Rule().Summary) 35 36 links := b.GetLinks(res) 37 if len(links) > 0 { 38 rule.WithHelpURI(links[0]) 39 } 40 41 rng := res.Metadata().Range() 42 message := sarif.NewTextMessage(res.Description()) 43 region := sarif.NewSimpleRegion(rng.GetStartLine(), rng.GetEndLine()) 44 var level string 45 switch res.Severity() { 46 case severity.None: 47 level = "none" 48 case severity.Low: 49 level = "note" 50 case severity.Medium: 51 level = "warning" 52 case severity.High, severity.Critical: 53 level = "error" 54 } 55 56 path := b.Path(res, res.Metadata()) 57 58 location := sarif.NewPhysicalLocation(). 59 WithArtifactLocation(sarif.NewSimpleArtifactLocation(path)). 60 WithRegion(region) 61 62 ruleResult := run.CreateResultForRule(rule.ID) 63 64 ruleResult.WithMessage(message). 65 WithLevel(level). 66 AddLocation(sarif.NewLocation().WithPhysicalLocation(location)) 67 } 68 69 return report.PrettyWrite(b.Writer()) 70 }