Fix wording when Fix not available (#49)

* Update wording when fix unavailable (#47)

* Bump package version (#48)

* Update wording when fix unavailable

* Bump package version to match vbranch

---------

Co-authored-by: Paul Hodgetts <paul.hodgetts@paul.hodgetts>

---------

Co-authored-by: Paul Hodgetts <paul.hodgetts@paul.hodgetts>

Author: Jujuyeh

dist/index.js

@@ -463,7 +463,6 @@ function check_level(sev_value) {
 function vulnerabilities2SARIFResByPackage(data) {
   let results = [];
   let rules = [];
-  let ruleIds = [];
   let resultUrl = "";
   let baseUrl = null;
 
@@ -630,7 +629,7 @@ function getSARIFVulnFullDescription(pkg, vuln) {
 Severity: ${vuln.severity.value}
 Package: ${pkg.name}
 Type: ${pkg.type}
-Fix: ${pkg.suggestedFix || "Unknown"}
+Fix: ${pkg.suggestedFix || "No fix available"}
 URL: https://nvd.nist.gov/vuln/detail/${vuln.name}`;
 }
 
@@ -643,7 +642,7 @@ function getSARIFPkgHelp(pkg) {
   CVSS Version: ${vuln.cvssScore.value.version}
   CVSS Vector: ${vuln.cvssScore.value.vector}
   Version: ${pkg.version}
-  Fix Version: ${pkg.suggestedFix || "Unknown"}
+  Fix Version: ${pkg.suggestedFix || "No fix available"}
   Exploitable: ${vuln.exploitable}
   Type: ${pkg.type}
   Location: ${pkg.path}
@@ -670,7 +669,7 @@ CVSS Score: ${vuln.cvssScore.value.score}
 CVSS Version: ${vuln.cvssScore.value.version}
 CVSS Vector: ${vuln.cvssScore.value.vector}
 Version: ${pkg.version}
-Fix Version: ${pkg.suggestedFix || "Unknown"}
+Fix Version: ${pkg.suggestedFix || "No fix available"}
 Exploitable: ${vuln.exploitable}
 Type: ${pkg.type}
 Location: ${pkg.path}
@@ -709,7 +708,7 @@ function getSARIFReportMessageByPackage(data, pkg, baseUrl) {
     CVSS Score: ${vuln.cvssScore.value.score}
     CVSS Version: ${vuln.cvssScore.value.version}
     CVSS Vector: ${vuln.cvssScore.value.vector}
-    Fixed Version: ${(vuln.fixedInVersion || 'Unknown')}
+    Fixed Version: ${(vuln.fixedInVersion || 'No fix available')}
     Exploitable: ${vuln.exploitable}
     Link to NVD: [${vuln.name}](https://nvd.nist.gov/vuln/detail/${vuln.name})\n`;
   });
@@ -740,7 +739,7 @@ function getSARIFReportMessage(data, vuln, pkg, baseUrl) {
   CVSS Score: ${vuln.cvssScore.value.score}
   CVSS Version: ${vuln.cvssScore.value.version}
   CVSS Vector: ${vuln.cvssScore.value.vector}
-  Fixed Version: ${(vuln.fixedInVersion || 'Unknown')}
+  Fixed Version: ${(vuln.fixedInVersion || 'No fix available')}
   Exploitable: ${vuln.exploitable}
   Link to NVD: [${vuln.name}](https://nvd.nist.gov/vuln/detail/${vuln.name})`;
 
@@ -793,7 +792,7 @@ function getRulePkgMessage(rule, packages) {
       `${vuln.cvssScore.value.score}`,
       `${vuln.cvssScore.value.version}`,
       `${vuln.cvssScore.value.vector}`,
-      `${pkg.suggestedFix || "Unknown"}`,
+      `${pkg.suggestedFix || "No fix available"}`,
       `${vuln.exploitable}`
       ]);
     }

dist/index.js.map

@@ -1,6 +1,6 @@
 {
   "name": "secure-inline-scan-action",
-  "version": "4.1.0",
+  "version": "5.1.0",
   "description": "This actions performs image analysis on locally built container image and posts the result of the analysis to Sysdig Secure.",
   "main": "index.js",
   "scripts": {

index.js

@@ -17,7 +17,7 @@ function cleanupTemporaryDir(tmpDir) {
 }
 
 const exampleReport = JSON.stringify(require("./fixtures/report-test.json"));
-const exampleSarif = JSON.stringify(require("./fixtures/sarif-test.json"),null,2);
+//const exampleSarif = JSON.stringify(require("./fixtures/sarif-test.json"),null,2);
 
 describe("input parsing", () => {
     let oldEnv;