fix: Detect app vulnerabilities in container scans

snykTask/src/__tests__/task-lib.test.ts

@@ -184,6 +184,16 @@ test('finds no issues in code test of high threshold', () => {
   expect(itemsFound).toBe(false);
 });
 
+test('finds issues in container test of high threshold', () => {
+  const fixturePath = 'snykTask/test/fixtures/container-test-error-issues.json';
+  const itemsFound = doVulnerabilitiesExistForFailureThreshold(
+    fixturePath,
+    'high',
+  );
+
+  expect(itemsFound).toBe(true);
+});
+
 test('getOptionsToExecuteSnykCLICommand builds IExecOptions like we need it', () => {
   const taskNameForAnalytics = 'AZURE_PIPELINES';
   const version = '1.2.3';

snykTask/src/task-lib.ts

@@ -191,6 +191,13 @@ function hasMatchingVulnerabilities(project: any, thresholdOrdinal: number) {
       return true;
     }
   }
+  if (project['applications']) {
+    for (const application of project['applications']) {
+      if (hasMatchingVulnerabilities(application, thresholdOrdinal)) {
+        return true;
+      }
+    }
+  }
   return false;
 }
 

snykTask/test/fixtures/container-test-error-issues.json

@@ -0,0 +1,13 @@
+{
+  "vulnerabilities": [],
+  "ok": true,
+  "applications": [
+    {
+      "vulnerabilities": [
+        {
+          "severity": "critical"
+        }
+      ]
+    }
+  ]
+}