chore: provide Red Hat catalog link as image analysis recommendation

Signed-off-by: Ilona Shishov <[email protected]>
RHEcosystemAppEng · Jul 24, 2024 · 4e9bb13 · 4e9bb13
1 parent 48bb794
commit 4e9bb13
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 5 deletions.
diff --git a/dist/index.js b/dist/index.js
@@ -138036,6 +138036,8 @@ const UTM_SOURCE = 'github-actions';
 const SARIF_SCHEMA_URL = 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json';
 // Version of the SARIF schema.
 const SARIF_SCHEMA_VERSION = '2.1.0';
+// Red Hat certified container image catalog
+const REDHAT_CATALOG = 'https://catalog.redhat.com/software/containers/search';
 // Supported manifests and files
 const GO_MOD = 'go.mod';
 const POM_XML = 'pom.xml';
@@ -141243,6 +141245,7 @@ function fetchRecomendationRules(recommendation) {
 
 
 
+
 /**
  * Converts RHDA dependency data into SARIF results and rules.
  * @param rhdaDependency - The RHDA dependency data to convert.
@@ -141287,7 +141290,9 @@ function rhdaToResult(rhdaDependency, manifestFilePath, startLine, refHasIssues)
         }
     }
     else if (!refHasIssues && rhdaDependency.recommendationRef) {
-        const textMessage = `Recommended Red Hat verified version: ${rhdaDependency.recommendationRef}.`;
+        const textMessage = rhdaDependency.imageRef
+            ? `Switch to [Red Hat UBI](${REDHAT_CATALOG}) for enhanced security and enterprise-grade stability`
+            : `Recommended Red Hat verified version: ${rhdaDependency.recommendationRef}.`;
         const result = fetchResult(rhdaDependency.recommendationRef, textMessage, manifestFilePath, startLine);
         const rule = fetchRecomendationRules(rhdaDependency.recommendationRef);
         rules.push(rule);

diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/constants.ts b/src/constants.ts
@@ -8,6 +8,10 @@ export const SARIF_SCHEMA_URL =
 // Version of the SARIF schema.
 export const SARIF_SCHEMA_VERSION = '2.1.0';
 
+// Red Hat certified container image catalog
+export const REDHAT_CATALOG =
+    'https://catalog.redhat.com/software/containers/search';
+
 // Supported manifests and files
 const GO_MOD = 'go.mod';
 const POM_XML = 'pom.xml';

diff --git a/src/sarif/results.ts b/src/sarif/results.ts
@@ -7,6 +7,7 @@ import {
     resolveDependencyFromReference,
     resolveVersionFromReference,
 } from './convert.js';
+import { REDHAT_CATALOG } from '../constants.js';
 
 /**
  * Converts RHDA dependency data into SARIF results and rules.
@@ -75,7 +76,9 @@ export function rhdaToResult(
             });
         }
     } else if (!refHasIssues && rhdaDependency.recommendationRef) {
-        const textMessage = `Recommended Red Hat verified version: ${rhdaDependency.recommendationRef}.`;
+        const textMessage = rhdaDependency.imageRef
+            ? `Switch to [Red Hat UBI](${REDHAT_CATALOG}) for enhanced security and enterprise-grade stability`
+            : `Recommended Red Hat verified version: ${rhdaDependency.recommendationRef}.`;
 
         const result = fetchResult(
             rhdaDependency.recommendationRef,

diff --git a/test/sarif/results.test.ts b/test/sarif/results.test.ts
@@ -2,7 +2,8 @@ import { describe, it, expect, vi, beforeEach } from 'vitest';
 
 import { rhdaToResult } from '../../src/sarif/results';
 import * as types from '../../src/sarif/types';
-import { resolveVersionFromReference } from '../../src/sarif/convert.js';
+import { resolveVersionFromReference } from '../../src/sarif/convert';
+import { REDHAT_CATALOG } from '../../src/constants';
 
 vi.mock('../../src/sarif/rules', () => ({
     fetchIssueRules: vi.fn().mockImplementation(() => 'example rule'),
@@ -274,4 +275,56 @@ describe('rhdaToResult', () => {
 
         expect(results).toStrictEqual(expectedResult);
     });
+
+    it('should return correct SARIF result for a image without issues and with recommendation', () => {
+        const refHasIssues = false;
+
+        const dependencyData: types.IDependencyData = {
+            imageRef: 'image:tag',
+            depRef: 'pkg:ecosystem/groupId/artifact@version',
+            depGroup: 'groupId',
+            depName: 'groupId/artifact',
+            depVersion: 'version',
+            ecosystem: 'ecosystem',
+            providerId: 'providerId',
+            sourceId: 'sourceId',
+            issues: null,
+            transitives: null,
+            recommendationRef:
+                'pkg:ecosystem/groupId/artifact@recommendedversion',
+        };
+
+        const expectedResult = [
+            [
+                {
+                    ruleId: dependencyData.recommendationRef,
+                    message: {
+                        text: `Switch to [Red Hat UBI](${REDHAT_CATALOG}) for enhanced security and enterprise-grade stability`,
+                    },
+                    locations: [
+                        {
+                            physicalLocation: {
+                                artifactLocation: {
+                                    uri: manifestFilePath,
+                                },
+                                region: {
+                                    startLine: startLine,
+                                },
+                            },
+                        },
+                    ],
+                },
+            ],
+            ['example rule'],
+        ];
+
+        const results = rhdaToResult(
+            dependencyData,
+            manifestFilePath,
+            startLine,
+            refHasIssues,
+        );
+
+        expect(results).toStrictEqual(expectedResult);
+    });
 });
diff --git a/test/utils.test.ts b/test/utils.test.ts
@@ -5,7 +5,7 @@ import * as fs from 'fs';
 import * as zlib from 'zlib';
 
 import * as utils from '../src/utils';
-import { Inputs } from '../src/generated/inputs-outputs.js';
+import { Inputs } from '../src/generated/inputs-outputs';
 
 vi.mock('@actions/core', () => ({
     warning: vi.fn(),