Check nested components when parsing inspector scan results - Githubissues

aws-actions / vulnerability-scan-github-action-for-amazon-inspector

Scan artifacts with Amazon Inspector from GitHub Actions workflows.

https://docs.aws.amazon.com/inspector/

MIT License

21 stars 5 forks source link

Check nested components when parsing inspector scan results #78

Closed s-kenji closed 1 month ago

s-kenji commented 1 month ago

Description

Check nested packages when parsing inspector scan results.

Currently the plugin does not check nested components. As a result, purl column for markdown table and CSV becomes null unexpectedly.

Testing

make test (Added a test case for nested components)
Manual testing: build docker image for the plugin, and verify the result.
- Previously there were 103 null purl findings for ubuntu:14.04, but after this change, only one purl is null(id: IN-DISCONTINUED-001).
- did spot check and verified purl is correct.

Screenshot

Screenshot 2024-07-29 at 1 52 34 PM