def sca_scan(project_name, zip_file_path):
if not exists(zip_file_path):
print("zip_file_path:{} not exists. \n abort scan.".format(
zip_file_path))
return
project_id = get_project_id(project_name)
print("project_id: {}".format(project_id))
upload_link = generate_upload_link_for_scanning(project_id=project_id)
is_successful = upload_zip_content_for_scanning(upload_link, zip_file_path)
if not is_successful:
print(
"Fail to upload file with upload link: {} \n abort scan.".format(
upload_link))
return
scan_id = scan_previously_uploaded_zip(project_id=project_id,
uploaded_file_url=upload_link)
print("scan_id: {}".format(scan_id))
while True:
response = get_scan_status(scan_id=scan_id)
scan_status = response.get("name")
if scan_status == "Scanning":
print("scanning ...")
continue
elif scan_status == "Done":
print("scan finished successfully!")
break
elif scan_status == "Failed":
print("scan_status:{}, message:{}".format(scan_status,
response.get("message")))
return
time.sleep(10)
risk_report_summary = get_risk_report_summary(project_id=project_id)
print("risk_report_summary:{}".format(risk_report_summary))
packages = get_packages_of_a_scan(scan_id=scan_id)
print("get packages of a scan")
vulnerabilities = get_vulnerabilities_of_a_scan(scan_id=scan_id)
print("get vulnerabilities of a scan")
licenses = get_licenses_of_a_scan(scan_id=scan_id)
print("get licenses of a scan")
time_stamp = datetime.now().strftime('_%Y_%m_%d_%H_%M_%S')
print("create sca json report")
with open("sca_report" + time_stamp + ".json", "w") as out_file:
out_file.write(
json.dumps(
{
"project_name": project_name,
"project_id": project_id,
"scan_id": scan_id,
"risk_report_summary": risk_report_summary,
"packages": packages,
"vulnerabilities": vulnerabilities,
"licenses": licenses
},
indent=4))
def test_undo_the_ignore_state_of_an_ignored_vulnerability():
project_id = get_project_id_by_name(project_name)
scan_id = get_latest_can_id_of_a_project(project_id=project_id)
vulnerabilities = get_vulnerabilities_of_a_scan(scan_id=scan_id)
vulnerability_id = vulnerabilities[0].get("id")
packages = get_packages_of_a_scan(scan_id=scan_id)
package_id = packages[0].get("id")
is_successful = undo_the_ignore_state_of_an_ignored_vulnerability(
project_id=project_id,
vulnerability_id=vulnerability_id,
package_id=package_id)
assert is_successful is True
def test_ignore_a_vulnerability_for_a_specific_package_and_project():
project_id = get_project_id_by_name(project_name)
scan_id = get_latest_can_id_of_a_project(project_id=project_id)
vulnerabilities = get_vulnerabilities_of_a_scan(scan_id=scan_id)
vulnerability_id = vulnerabilities[0].get("id")
packages = get_packages_of_a_scan(scan_id=scan_id)
package_id = packages[0].get("id")
is_successful = ignore_a_vulnerability_for_a_specific_package_and_project(
project_id=project_id,
vulnerability_id=vulnerability_id,
package_id=package_id)
assert is_successful is True
def test_get_vulnerabilities_of_a_scan():
project_id = get_project_id_by_name(project_name)
scan_id = get_latest_scan_id_of_a_project(project_id=project_id)
vulnerabilities = get_vulnerabilities_of_a_scan(scan_id=scan_id)
assert len(vulnerabilities) > 0