Skip to content

Feat/14/support multiple build tools #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 1, 2025
Merged

Feat/14/support multiple build tools #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
078f72e
feat: Added support for graphs for multiple build tools
carlspring Apr 1, 2025
f84c1c4
feat: Added support for graphs for multiple build tools
carlspring Apr 1, 2025
79236c1
feat: Added support for graphs for multiple build tools
carlspring Apr 1, 2025
c66771b
feat: Added support for graphs for multiple build tools
carlspring Apr 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions scan-dependencies/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ name: 'Scan dependencies using the Mend.io CLI'
description: 'Action to scan dependencies using the Mend.io CLI'

inputs:
display_dependency_graph_link:
description: 'Whether to display the dependency graph link in the scan results'
default: 'true'
required: true
github_url:
description: 'The GitHub URL'
default: 'https://github.com'
Expand Down Expand Up @@ -57,6 +61,7 @@ runs:
shell: bash
run: |
python ${GITHUB_ACTION_PATH}/mend-dependencies-sarif-converter.py \
--display-dependency-graph-link "${{ inputs.display_dependency_graph_link }}" \
--input "${{ inputs.json_filename }}" \
--output "${{ inputs.sarif_filename }}" \
--github-url "${{ inputs.github_url }}" \
Expand Down
9 changes: 7 additions & 2 deletions scan-dependencies/mend-dependencies-sarif-converter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,10 @@ def create_sarif(vulnerable_dependencies, dependencies_by_tool):
)

markdown_msg = f"<b>Recommendations for [{vuln_id}]({url}):</b><br/><br/>" \
f"* {fixResolution}.<br/><br/>" \
f"<b>[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})<br/>"
f"* {fixResolution}.<br/><br/>"

if display_dependency_graph_link:
markdown_msg += f"<b>[View dependency graphs]({github_url}/{github_repository}/actions/runs/{workflow_run})<br/>"

# Add formatted details
results.append({
Expand Down Expand Up @@ -241,18 +243,21 @@ def main(input_file, output_file):
print(f"Failed to write SARIF file: {e}")

if __name__ == "__main__":
global display_dependency_graph_link
global github_url
global github_repository
global workflow_run

parser = argparse.ArgumentParser(description="Convert dependencies to SARIF with optional GitHub workflow link.")
parser.add_argument("--display-dependency-graph-link", default="true", help="Whether to display a link to the dependency graph")
parser.add_argument("--github-url", help="The GitHub host URL")
parser.add_argument("--github-repository", help="The GitHub repository owner/name")
parser.add_argument("--input", default="dependencies.json", help="Path to input JSON file")
parser.add_argument("--output", default="results.sarif", help="Path to output SARIF file")
parser.add_argument("--workflow-run", help="GitHub Actions workflow run ID")
args = parser.parse_args()

display_dependency_graph_link = args.display_dependency_graph_link
github_url = args.github_url
github_repository = args.github_repository
workflow_run = args.workflow_run
Expand Down
Loading