Add identifiers to the report metadata section

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Apache License 2.0

715 stars 62 forks source link

Add identifiers to the report metadata section #71

Closed rgreinho closed 2 years ago

rgreinho commented 2 years ago

This patch adds 2 identifiers to the report metadata section:

a scan id, which which allows to identify a specific scan run
a URL to ensure we know where the report was generated from

The main use case behind this patch is to be able to use the reports without having to add extra context. For now we agreed on a convention to name the report file as {owner}-{repo}-{timestamp}.json, but this information gets lost when the content of the repost is simply shared via email or pastebin.

rgreinho commented 2 years ago

Looks like coverage is not very happy right now:

Run codecov/codecov-action@v2
  with:
==> linux OS detected
Error: certificate has expired
    at TLSSocket.onConnectSecure (_tls_wrap.js:1502:34)
    at TLSSocket.emit (events.js:314:20)
    at TLSSocket._finishInit (_tls_wrap.js:937:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:711:12)

naortalmor1 commented 2 years ago

hi @itaywol can you help with the this?

rgreinho commented 2 years ago

@naortalmor1 @itaywol it looks like all the tests passed now 👍 Ready to review?

naortalmor1 commented 2 years ago

Yep on it

naortalmor1 commented 2 years ago

Hi @rgreinho thanks for contributing! Merged (: