Closed madchap closed 5 years ago
This is due to the licenses output, which do not have a cvssScore key.
I am going to submit an untested PR, very simple. You should see right away if that's good for you or not. Cheers.
Example output for a license:
{
"license": "(EPL-1.0 OR GPL-2.0 OR GPL-3.0)",
"semver": {
"vulnerable": [
"[3.0.45,)"
]
},
"id": "snyk:lic:maven:com.github.jnr:jnr-posix:(EPL-1.0_OR_GPL-2.0_OR_GPL-3.0)",
"type": "license",
"packageManager": "maven",
"language": "java",
"packageName": "com.github.jnr:jnr-posix",
"title": "Multiple licenses: EPL-1.0, GPL-2.0, GPL-3.0",
"description": "Multiple licenses: EPL-1.0, GPL-2.0, GPL-3.0",
"publicationTime": "2019-03-30T13:49:57.268Z",
"creationTime": "2019-03-30T13:49:57.268Z",
"licenseTemplateUrl": [
"https://raw.githubusercontent.com/spdx/license-list/master/EPL-1.0.txt",
"https://raw.githubusercontent.com/spdx/license-list/master/GPL-2.0.txt",
"https://raw.githubusercontent.com/spdx/license-list/master/GPL-3.0.txt"
],
"severity": "medium",
"from": [
"org.jenkins-ci.main:jenkins-parent@2.170-SNAPSHOT",
"org.jenkins-ci.main:jenkins-war@2.170-SNAPSHOT",
"org.jenkins-ci.main:jenkins-core@2.170-SNAPSHOT",
"com.github.jnr:jnr-posix@3.0.45"
],
"upgradePath": [],
"isUpgradable": false,
"isPatchable": false,
"name": "com.github.jnr:jnr-posix",
"version": "3.0.45"
},
Attempt to fix at https://github.com/DefectDojo/django-DefectDojo/pull/992
Issue Template
Issue Type
Description
Generating a snyk test output in json from a pom.xml file is failing to import.
It looks like the
cvssScore
is not handled.If the issue is a bug, please also include the following:
Operating System
Using the master branch docker-compose.
Install
DefectDojo Version
1.5.4
Steps to Reproduce
* Checkout the jenkins project
snyk test --json > output.json
Sample Scan File (if applicable)
Screenshots (optional)
Console Logs (optional)