added filter

Signed-off-by: munishchouhan <[email protected]>

src/main/groovy/io/seqera/wave/service/persistence/impl/SurrealPersistenceService.groovy

@@ -38,6 +38,7 @@ import io.seqera.wave.service.persistence.WaveBuildRecord
 import io.seqera.wave.service.persistence.WaveContainerRecord
 import io.seqera.wave.service.persistence.WaveScanRecord
 import io.seqera.wave.service.scan.ScanVulnerability
+import io.seqera.wave.service.scan.TrivyResultProcessor
 import io.seqera.wave.util.JacksonHelper
 import jakarta.inject.Inject
 import jakarta.inject.Singleton
@@ -258,14 +259,12 @@ class SurrealPersistenceService implements PersistenceService {
 
     @Override
     void saveScanRecord(WaveScanRecord scanRecord) {
-        final vulnerabilities = scanRecord.vulnerabilities ?: List.<ScanVulnerability>of()
+        final vulnerabilities = scanRecord.vulnerabilities
+                ? TrivyResultProcessor.filter(scanRecord.vulnerabilities, scanConfig.vulnerabilityLimit)
+                : List.<ScanVulnerability>of()
 
         // save all vulnerabilities
-        int count = 0
         for( ScanVulnerability it : vulnerabilities ) {
-            if ( ++count > scanConfig.vulnerabilityLimit )
-                break
-
             surrealDb
                     .insertScanVulnerabilityAsync(authorization, it)
                     .subscribe({result ->

src/main/groovy/io/seqera/wave/service/scan/TrivyResultProcessor.groovy

@@ -57,4 +57,9 @@ class TrivyResultProcessor {
             throw new ScanRuntimeException("Failed to parse the trivy result", e)
         }
     }
+
+    static List<ScanVulnerability> filter( List<ScanVulnerability> vulnerabilities, int limit){
+        Collections.sort(vulnerabilities, Collections.reverseOrder())
+        vulnerabilities.take(limit)
+    }
 }

src/test/groovy/io/seqera/wave/service/scan/TrivyResultProcessorTest.groovy

@@ -105,6 +105,86 @@ class TrivyResultProcessorTest extends Specification {
 
     }
 
+    def "should return a sorted map of vulnerabilities"() {
+        given:
+        def trivyDockerResulJson = """
+            { "Results": [
+                {
+                   "Target": "sample-application",
+                   "Class": "os-pkgs",
+                   "Type": "linux",
+                   "Vulnerabilities": [
+                      {
+                         "VulnerabilityID": "CVE-2023-0001",
+                         "PkgID": "[email protected]",
+                         "PkgName": "example-lib",
+                         "InstalledVersion": "1.0.0",
+                         "FixedVersion": "1.0.1",
+                         "Severity": "LOW",
+                         "Description": "A minor vulnerability with low impact.",
+                         "PrimaryURL": "https://example.com/CVE-2023-0001"
+                      },
+                      {
+                         "VulnerabilityID": "CVE-2023-0002",
+                         "PkgID": "[email protected]",
+                         "PkgName": "example-lib",
+                         "InstalledVersion": "1.2.3",
+                         "FixedVersion": "1.2.4",
+                         "Severity": "MEDIUM",
+                         "Description": "A vulnerability that allows unauthorized access.",
+                         "PrimaryURL": "https://example.com/CVE-2023-0002"
+                      },
+                      {
+                         "VulnerabilityID": "CVE-2023-0003",
+                         "PkgID": "[email protected]",
+                         "PkgName": "example-lib",
+                         "InstalledVersion": "2.3.4",
+                         "FixedVersion": "2.3.5",
+                         "Severity": "HIGH",
+                         "Description": "A vulnerability that could lead to remote code execution.",
+                         "PrimaryURL": "https://example.com/CVE-2023-0003"
+                      },
+                        {
+                           "VulnerabilityID": "CVE-2023-0004",
+                           "PkgID": "[email protected]",
+                           "PkgName": "example-lib",
+                           "InstalledVersion": "3.0.0",
+                           "FixedVersion": "3.0.1",
+                           "Severity": "HIGH",
+                           "Description": "A random test vulnerability with unspecified impact.",
+                           "PrimaryURL": "https://example.com/CVE-2023-0004"
+                        },
+                        {
+                           "VulnerabilityID": "CVE-2023-0005",
+                           "PkgID": "[email protected]",
+                           "PkgName": "example-lib",
+                           "InstalledVersion": "3.1.0",
+                           "FixedVersion": "3.1.1",
+                           "Severity": "CRITICAL",
+                           "Description": "Another random test vulnerability for testing purposes.",
+                           "PrimaryURL": "https://example.com/CVE-2023-0005"
+                        }
+                   ]
+                }
+            ]
+        }""".stripIndent()
+
+        when:
+        def result = TrivyResultProcessor.process(trivyDockerResulJson)
+        result = TrivyResultProcessor.filter(result, 4)
+
+        then:
+        result.size() == 4
+        result[0].severity == "CRITICAL"
+        result[0].id == "CVE-2023-0005"
+        result[1].severity == "HIGH"
+        result[1].id == "CVE-2023-0003"
+        result[2].severity == "HIGH"
+        result[2].id == "CVE-2023-0004"
+        result[3].severity == "MEDIUM"
+        result[3].id == "CVE-2023-0002"
+    }
+
     def "process should throw exception if json is not correct"() {
         when:
         TrivyResultProcessor.process("invalid json")