search

fabric8-analytics / fabric8-analytics-server

fabric8-analytics API server
Apache License 2.0
16 stars 56 forks source link

fix: add snyk attribution and utm to CA response #754

Open arajkumar opened 3 years ago

arajkumar commented 3 years ago

This PR adds snyk attribution and utm param for requests coming from Clair component. This is just a stop gap solution to unblock Quay 3.5.2 release.

Sample response

[
    {
        "package_unknown": false,
        "package": "github.com/slackhq/nebula@github.com/slackhq/nebula/cert",
        "version": "v1.1.0",
        "recommended_versions": "v1.3.0",
        "registration_link": "https://app.snyk.io/login",
        "vulnerability": [
            {
                "id": "SNYK-GOLANG-GITHUBCOMSLACKHQNEBULA-564380",
                "cvss": "7.5",
                "is_private": false,
                "cwes": [
                    "CWE-23"
                ],
                "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R",
                "severity": "high",
                "title": "Path Traversal (data source: https://snyk.io/vuln) Sign up at https://snyk.co/crda",
                "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSLACKHQNEBULA-564380?utm_medium=Partner&utm_source=RedHat&utm_campaign=Code-Ready-Analytics-2020&utm_content=vuln/golang:github.com%2Fslackhq%2Fnebula%40github.com%2Fslackhq%2Fnebula%2Fcert",
                "cve_ids": [
                    "CVE-2020-11498"
                ],
                "fixed_in": [
                    "1.2.0"
                ]
            }
        ],
        "message": "github.com/slackhq/nebula@github.com/slackhq/nebula/cert - v1.1.0 has 1 known security vulnerability having high severity. Recommendation: use version v1.3.0.",
        "highest_severity": "high",
        "known_security_vulnerability_count": 1,
        "security_advisory_count": 0
    }
]

Signed-off-by: Arunprasad Rajkumar arajkuma@redhat.com

codecov-commenter commented 3 years ago

Codecov Report

Merging #754 (e6e36d7) into master (3f6df57) will increase coverage by 0.22%. The diff coverage is 92.50%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #754      +/-   ##
==========================================
+ Coverage   83.18%   83.41%   +0.22%     
==========================================
  Files          21       22       +1     
  Lines        1588     1628      +40     
==========================================
+ Hits         1321     1358      +37     
- Misses        267      270       +3
Impacted Files Coverage Δ
bayesian/api/api_v2.py 87.20% <60.00%> (-0.67%) :arrow_down:
bayesian/settings.py 86.36% <80.00%> (-1.88%) :arrow_down:
bayesian/utility/snyk.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 3f6df57...e6e36d7. Read the comment docs.