From 078f72e6aac250580382a9ee8cf5f65e5917e7be Mon Sep 17 00:00:00 2001 From: Martin Todorov Date: Tue, 1 Apr 2025 05:20:40 +0300 Subject: [PATCH 1/4] feat: Added support for graphs for multiple build tools Fixes #14. --- scan-dependencies/mend-dependencies-sarif-converter.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scan-dependencies/mend-dependencies-sarif-converter.py b/scan-dependencies/mend-dependencies-sarif-converter.py index d50b14f..0e28d8f 100644 --- a/scan-dependencies/mend-dependencies-sarif-converter.py +++ b/scan-dependencies/mend-dependencies-sarif-converter.py @@ -129,8 +129,10 @@ def create_sarif(vulnerable_dependencies, dependencies_by_tool): ) markdown_msg = f"Recommendations for [{vuln_id}]({url}):

" \ - f"* {fixResolution}.

" \ - f"[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})
" + f"* {fixResolution}.

"; + + if display_dependency_graph_link: + markdown_msg += f"[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})
" # Add formatted details results.append({ @@ -241,11 +243,13 @@ def main(input_file, output_file): print(f"Failed to write SARIF file: {e}") if __name__ == "__main__": + global display_dependency_graph_link global github_url global github_repository global workflow_run parser = argparse.ArgumentParser(description="Convert dependencies to SARIF with optional GitHub workflow link.") + parser.add_argument("--display-dependency-graph-link", default="true", help="Whether to display a link to the dependency graph") parser.add_argument("--github-url", help="The GitHub host URL") parser.add_argument("--github-repository", help="The GitHub repository owner/name") parser.add_argument("--input", default="dependencies.json", help="Path to input JSON file") @@ -253,6 +257,7 @@ def main(input_file, output_file): parser.add_argument("--workflow-run", help="GitHub Actions workflow run ID") args = parser.parse_args() + display_dependency_graph_link = args.display_dependency_graph_link github_url = args.github_url github_repository = args.github_repository workflow_run = args.workflow_run From f84c1c478dc6becd14edcd7cc831dbc9d5c34ee0 Mon Sep 17 00:00:00 2001 From: Martin Todorov Date: Tue, 1 Apr 2025 05:25:30 +0300 Subject: [PATCH 2/4] feat: Added support for graphs for multiple build tools Fixes #14. --- scan-dependencies/action.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scan-dependencies/action.yml b/scan-dependencies/action.yml index 4c39def..b5d2115 100644 --- a/scan-dependencies/action.yml +++ b/scan-dependencies/action.yml @@ -2,6 +2,10 @@ name: 'Scan dependencies using the Mend.io CLI' description: 'Action to scan dependencies using the Mend.io CLI' inputs: + display_dependency_graph_link: + description: 'Whether to display the dependency graph link in the scan results' + default: 'true' + required: true github_url: description: 'The GitHub URL' default: 'https://github.com' @@ -57,6 +61,7 @@ runs: shell: bash run: | python ${GITHUB_ACTION_PATH}/mend-dependencies-sarif-converter.py \ + --display-dependency-graph-link "${{ inputs.display_dependency_graph_link }}" \ --input "${{ inputs.json_filename }}" \ --output "${{ inputs.sarif_filename }}" \ --github-url "${{ inputs.github_url }}" \ From 79236c1da0d3d2e0713aec3da217a7cf2b54064c Mon Sep 17 00:00:00 2001 From: Martin Todorov Date: Tue, 1 Apr 2025 05:41:00 +0300 Subject: [PATCH 3/4] feat: Added support for graphs for multiple build tools Fixes #14. --- scan-dependencies/mend-dependencies-sarif-converter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scan-dependencies/mend-dependencies-sarif-converter.py b/scan-dependencies/mend-dependencies-sarif-converter.py index 0e28d8f..9faf56d 100644 --- a/scan-dependencies/mend-dependencies-sarif-converter.py +++ b/scan-dependencies/mend-dependencies-sarif-converter.py @@ -131,8 +131,8 @@ def create_sarif(vulnerable_dependencies, dependencies_by_tool): markdown_msg = f"Recommendations for [{vuln_id}]({url}):

" \ f"* {fixResolution}.

"; - if display_dependency_graph_link: - markdown_msg += f"[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})
" + # if display_dependency_graph_link: + # markdown_msg += f"[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})
" # Add formatted details results.append({ From c66771b9a1eb3fc9b08f616d5c6af7f0cef33c61 Mon Sep 17 00:00:00 2001 From: Martin Todorov Date: Tue, 1 Apr 2025 05:52:19 +0300 Subject: [PATCH 4/4] feat: Added support for graphs for multiple build tools Fixes #14. --- scan-dependencies/mend-dependencies-sarif-converter.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scan-dependencies/mend-dependencies-sarif-converter.py b/scan-dependencies/mend-dependencies-sarif-converter.py index 9faf56d..b1b5cf2 100644 --- a/scan-dependencies/mend-dependencies-sarif-converter.py +++ b/scan-dependencies/mend-dependencies-sarif-converter.py @@ -129,10 +129,10 @@ def create_sarif(vulnerable_dependencies, dependencies_by_tool): ) markdown_msg = f"Recommendations for [{vuln_id}]({url}):

" \ - f"* {fixResolution}.

"; + f"* {fixResolution}.

" - # if display_dependency_graph_link: - # markdown_msg += f"[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})
" + if display_dependency_graph_link: + markdown_msg += f"[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})
" # Add formatted details results.append({