DefectDojo
diff --git a/‎docs/content/en/connecting_your_tools/parsers/file/anchore_engine.md
Lines changed: 1 addition & 26 deletions b/‎docs/content/en/connecting_your_tools/parsers/file/anchore_engine.md
Lines changed: 1 addition & 26 deletions
diff --git a/‎dojo/tools/anchore_engine/parser.py
Lines changed: 82 additions & 1 deletion b/‎dojo/tools/anchore_engine/parser.py
Lines changed: 82 additions & 1 deletion
@@ -9,32 +9,7 @@ DefectDojo parser accepts a .json file.
 Using the [Anchore CLI](https://docs.anchore.com/current/docs/using/cli_usage/images/inspecting_image_content/) is the most reliable way to generate an Anchore report which DefectDojo can parse. When generating a report with the Anchore CLI, please use the following command to ensure complete data: `anchore-cli --json image vuln <image:tag> all`
 
 ### Acceptable JSON Format
-All properties are strings and are required by the parser.
-
-~~~
-
-{
-    "imageDigest": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-    "vulnerabilities": [
-        {
-            "feed": "example-feed",
-            "feed_group": "example-feed-group",
-            "fix": "1.2.4",
-            "package": "example-package",
-            "package_cpe": "cpe:2.3:a:*:example:1.2.3:*:*:*:*:*:*:*",
-            "package_name": "example-package-name",
-            "package_path": "path/to/package",
-            "package_type": "dpkg",
-            "package_version": "1.2.3",
-            "severity": "Medium",
-            "url": "https://example.com/cve/CVE-2011-3389",
-            "vuln": "CVE-2011-3389"
-        },
-      ...
-    ],
-    "vulnerability_type": "os"
-}
-~~~
+All properties are strings and are required by the parser. As the parser evolved, two anchore engine parser JSON formats are present till now. Both ([old](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine/many_vulns.json) / [new](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine/new_format_issue_11552.json)) are supported.
 
 ### Sample Scan Data
 Sample Anchore-Engine scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine).
@@ -14,7 +14,88 @@ def get_description_for_scan_types(self, scan_type):
         return "Anchore-CLI JSON vulnerability report format."
 
     def get_findings(self, filename, test):
-        data = json.load(filename)
+        try:
+            data = json.load(filename)
+        except AttributeError:
+            with open(filename, encoding="utf-8") as file:
+                data = json.load(file)
+        if data.get("metadata"):
+            return self.get_findings_with_metadata(data, test)
+        return self.get_findings_without_metadata(data, test)
+
+    def get_findings_with_metadata(self, data, test):
+        dupes = {}
+        metadata = data.get("metadata", {})
+        details = f"**Image hash**: {metadata.get('imageDigest', metadata.get('image_digest', 'None'))} \n\n"
+
+        for item in data.get("securityEvaluation", []):
+            vulnerability_id = item.get("vulnerabilityId", "Unknown")
+
+            title = (
+                vulnerability_id + "-" + item.get("package", "Unknown") + "(" + item.get("packageType", "Unknown") + ")"
+            )
+
+            details += f"**Package**: {item.get('package', 'Unknown')}\n\n"
+            details += f"**Package path**: {item.get('path', 'Unknown')}\n\n"
+            details += f"**Package type**: {item.get('packageType', 'Unknown')}\n\n"
+
+            severity = item.get("severity", "Unknown")
+
+            if severity.lower() in {"negligible", "unknown"}:
+                severity = "Info"
+
+            mitigation = "No fix available."
+
+            if item.get("fixAvailable") and item["fixAvailable"] != "None":
+                mitigation = f"Upgrade to: {' or '.join(item['fixAvailable'].split(','))}\n\n"
+                mitigation += f"URL: {item.get('link', 'None')}"
+            cvssv3_base_score = item.get("nvdCvssBaseScore")
+
+            if isinstance(cvssv3_base_score, str) and cvssv3_base_score.replace(".", "", 1).isdigit():
+                cvssv3_base_score = float(cvssv3_base_score)
+            elif not isinstance(cvssv3_base_score, int | float):
+                cvssv3_base_score = None
+
+            references = item.get("link")
+
+            dupe_key = "|".join(
+                [
+                    item.get("cves", "None"),
+                    item.get("package", "None"),
+                    item.get("packageType", "None"),
+                    item.get("path", "None"),
+                    item.get("severity", "None"),
+                ],
+            )
+
+            if dupe_key in dupes:
+                find = dupes[dupe_key]
+            else:
+                find = Finding(
+                    title=title,
+                    test=test,
+                    cve=item.get("cves"),
+                    cvssv3_score=cvssv3_base_score,
+                    description=details,
+                    severity=severity,
+                    mitigation=mitigation,
+                    references=references,
+                    file_path=item.get("path"),
+                    component_name=item.get("package"),
+                    url=item.get("link"),
+                    static_finding=True,
+                    dynamic_finding=False,
+                    vuln_id_from_tool=vulnerability_id,
+                )
+
+                if vulnerability_id:
+                    find.unsaved_vulnerability_ids = [vulnerability_id]
+
+                dupes[dupe_key] = find
+
+        return list(dupes.values())
+
+    def get_findings_without_metadata(self, data, test):
         dupes = {}
         for item in data["vulnerabilities"]:
             vulnerability_id = item.get("vuln")