Add Applicability evidence to non-applicable vulnerabilities #497

dortam888 · 2024-09-15T22:38:56Z

All tests passed. If this feature is not already covered by the tests, I added new tests.
I used npm run format for formatting the code before submitting the pull request.

Add Applicability evidence logic to non-applicable vulnerabilities. So far we had applicability evidence only for applicable status. Added the logic that non-applicable will also send API to webview to show.

Linked to webview fix: jfrog/jfrog-ide-webview#63

attiasas

Nice, check out my comments

src/main/scanLogic/scanRunners/applicabilityScan.ts

src/main/treeDataProviders/issuesTree/descriptorTree/projectDependencyTreeNode.ts

src/main/treeDataProviders/utils/analyzerUtils.ts

…new added applicability results

attiasas

Add tests cases for CVE that are not applicable/not applicable

src/main/scanLogic/scanRunners/applicabilityScan.ts

src/main/treeDataProviders/utils/analyzerUtils.ts

…/jfrog-vscode-extension into applicability-evidence

github-actions · 2024-11-19T09:42:15Z

🐸 JFrog Frogbot

attiasas

LGTM

dortam888 added 4 commits September 15, 2024 16:37

Add applicability evidence to non-applicable CVEs

3eef29f

change applicable test to match the new nonapplicable type

66c7d27

fix formatting of typescript

81ab736

add evidence reason for nonapplicable

dc6cb9d

dortam888 had a problem deploying to frogbot September 15, 2024 22:39 — with GitHub Actions Failure

dortam888 mentioned this pull request Sep 19, 2024

Adding webview logic for non applicable vulnerabilities. jfrog/jfrog-ide-webview#63

Merged

dortam888 requested a review from attiasas September 19, 2024 00:27

attiasas added improvement Automatically generated release notes safe to test Approve running integration tests on a pull request labels Sep 22, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 22, 2024

attiasas reviewed Sep 22, 2024

View reviewed changes

code review changes

72f6c1f

dortam888 had a problem deploying to frogbot September 29, 2024 10:51 — with GitHub Actions Failure

changed expected result for non applicable CVEs in test to match the …

75af5d7

…new added applicability results

dortam888 had a problem deploying to frogbot October 7, 2024 17:22 — with GitHub Actions Failure

dortam888 added the safe to test Approve running integration tests on a pull request label Oct 7, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 7, 2024

dortam888 requested a review from attiasas October 7, 2024 17:43

dortam888 added the safe to test Approve running integration tests on a pull request label Oct 7, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 7, 2024

dortam888 added the safe to test Approve running integration tests on a pull request label Oct 7, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 7, 2024

attiasas requested changes Oct 9, 2024

View reviewed changes

src/main/scanLogic/scanRunners/applicabilityScan.ts Outdated Show resolved Hide resolved

src/main/treeDataProviders/utils/analyzerUtils.ts Show resolved Hide resolved

change nonapplicable to notApplicable

28547b1

dortam888 had a problem deploying to frogbot October 13, 2024 07:31 — with GitHub Actions Failure

dortam888 added the safe to test Approve running integration tests on a pull request label Oct 15, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 15, 2024

update analyzer manager

d737a18

dortam888 had a problem deploying to frogbot October 28, 2024 12:52 — with GitHub Actions Failure

Merge branch 'master' into applicability-evidence

0c4b8a1

dortam888 had a problem deploying to frogbot October 28, 2024 12:53 — with GitHub Actions Failure

dortam888 added the safe to test Approve running integration tests on a pull request label Oct 28, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 28, 2024

dortam888 added 3 commits November 18, 2024 14:38

fixing tests for non applicability

fa1939c

version of analyzer manager

86ed4d9

Merge branch 'applicability-evidence' of https://github.com/dortam888…

eb11e6d

…/jfrog-vscode-extension into applicability-evidence

dortam888 temporarily deployed to frogbot November 18, 2024 13:16 — with GitHub Actions Inactive

dortam888 added the safe to test Approve running integration tests on a pull request label Nov 18, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Nov 18, 2024

dortam888 requested a review from attiasas November 18, 2024 13:53

attiasas approved these changes Nov 20, 2024

View reviewed changes

attiasas merged commit d7825a7 into jfrog:master Nov 20, 2024
7 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Applicability evidence to non-applicable vulnerabilities #497

Add Applicability evidence to non-applicable vulnerabilities #497

dortam888 commented Sep 15, 2024 •

edited

Loading

attiasas left a comment

attiasas left a comment

github-actions bot commented Nov 19, 2024

attiasas left a comment

Add Applicability evidence to non-applicable vulnerabilities #497

Add Applicability evidence to non-applicable vulnerabilities #497

Conversation

dortam888 commented Sep 15, 2024 • edited Loading

attiasas left a comment

Choose a reason for hiding this comment

attiasas left a comment

Choose a reason for hiding this comment

github-actions bot commented Nov 19, 2024

attiasas left a comment

Choose a reason for hiding this comment

dortam888 commented Sep 15, 2024 •

edited

Loading