feat: add support for showing suppressed issues (#175)

Author: owenrumney

trivy-task/trivyV1/task.json

@@ -10,7 +10,7 @@
   "author": "Aqua Security",
   "version": {
     "Major": 1,
-    "Minor": 15,
+    "Minor": 16,
     "Patch": 0
   },
   "instanceNameFormat": "Echo trivy $(version)",

trivy-task/trivyV2/index.ts

@@ -81,6 +81,7 @@ function configureScan(runner: ToolRunner, inputs: TaskInputs) {
   runner.arg('--list-all-pkgs');
   runner.argIf(inputs.severities, ['--severity', inputs.severities]);
   runner.argIf(inputs.ignoreUnfixed, ['--ignore-unfixed']);
+  runner.argIf(inputs.showSuppressed, ['--show-suppressed']);
   runner.arg(['--output', resultsFilePath]);
   runner.arg(inputs.options);
   runner.arg(inputs.target);

trivy-task/trivyV2/inputs.ts

@@ -13,6 +13,7 @@ export type TaskInputs = {
   templates?: string;
   publish: boolean;
   ignoreUnfixed: boolean;
+  showSuppressed: boolean;
   ignoreScanErrors: boolean;
   hasAquaAccount: boolean;
   aquaKey?: string;
@@ -42,6 +43,7 @@ export function getTaskInputs(): TaskInputs {
       .map((s) => s.trim())
       .join(','),
     ignoreUnfixed: task.getBoolInput('ignoreUnfixed', false),
+    showSuppressed: task.getBoolInput('showSuppressed', false),
     ignoreScanErrors: task.getBoolInput('ignoreScanErrors', false),
     reports: task.getDelimitedInput('reports', ',').map((s) => s.trim()),
     publish: task.getBoolInput('publish', false),

trivy-task/trivyV2/task.json

@@ -10,7 +10,7 @@
   "author": "Aqua Security",
   "version": {
     "Major": 2,
-    "Minor": 3,
+    "Minor": 4,
     "Patch": 0
   },
   "instanceNameFormat": "Echo trivy $(version)",
@@ -153,6 +153,15 @@
       "required": false,
       "helpMarkDown": "Include only fixed vulnerabilities."
     },
+    {
+      "groupName": "scanInput",
+      "name": "showSuppressed",
+      "type": "boolean",
+      "label": "Show Suppressed",
+      "defaultValue": false,
+      "required": false,
+      "helpMarkDown": "Include any issues that have been ignored through config."
+    },
     {
       "groupName": "scanInput",
       "name": "ignoreScanErrors",

ui/src/BaseReport.tsx

@@ -5,13 +5,15 @@ import {
   countReportLicenses,
   countReportMisconfigurations,
   countReportSecrets,
+  countReportSuppressed,
   countReportVulnerabilities,
   Report,
 } from './trivy';
 import { SecretsTable } from './SecretsTable';
 import { VulnerabilitiesTable } from './VulnerabilitiesTable';
 import { MisconfigurationsTable } from './MisconfigurationsTable';
 import { LicensesTable } from './LicenseTable';
+import { SuppressedTable } from './SuppressedTable';
 import { Tab, TabBar, TabSize } from 'azure-devops-ui/Tabs';
 import { AssuranceTable } from './AssuranceTable';
 
@@ -47,6 +49,7 @@ export class BaseReport extends React.Component<
     const misconfigCount = countReportMisconfigurations(this.props.report);
     const secretsCount = countReportSecrets(this.props.report);
     const licensesCount = countReportLicenses(this.props.report);
+    const suppressedCount = countReportSuppressed(this.props.report);
     const assuranceCount = countAssuranceIssues(this.props.assurance);
 
     return (
@@ -89,6 +92,14 @@ export class BaseReport extends React.Component<
                 badgeCount={licensesCount}
               />
             )}
+            {suppressedCount > 0 && (
+              <Tab
+                id="suppressed"
+                name="Suppressed"
+                key="Suppressed"
+                badgeCount={suppressedCount}
+              />
+            )}
             {assuranceCount > 0 && (
               <Tab
                 id="assurance"
@@ -132,6 +143,14 @@ export class BaseReport extends React.Component<
               />
             </div>
           )}
+          {this.state.selectedTabId === 'suppressed' && (
+            <div className="flex-grow">
+              <SuppressedTable
+                key={this.props.report.DisplayName}
+                report={this.props.report}
+              />
+            </div>
+          )}
           {this.state.selectedTabId === 'assurance' && (
             <div className="flex-grow">
               <AssuranceTable

ui/src/ReportStats.tsx

@@ -4,6 +4,7 @@ import {
   countReportLicenses,
   countReportMisconfigurations,
   countReportSecrets,
+  countReportSuppressed,
   countReportVulnerabilities,
   Report,
 } from './trivy';
@@ -52,6 +53,10 @@ export class ReportStats extends React.Component<ReportStatsProps> {
         name: 'Licenses',
         value: countReportLicenses(this.props.report),
       },
+      {
+        name: 'Suppressed',
+        value: countReportSuppressed(this.props.report),
+      },
     ];
     return (
       <Card className="flex-grow">

ui/src/SuppressedTable.tsx

@@ -0,0 +1,262 @@
+import * as React from 'react';
+import {
+  ObservableArray,
+  ObservableValue,
+} from 'azure-devops-ui/Core/Observable';
+import {
+  ColumnSorting,
+  ISimpleTableCell,
+  renderSimpleCell,
+  sortItems,
+  SortOrder,
+  Table,
+  TableColumnLayout,
+} from 'azure-devops-ui/Table';
+import {
+  Report,
+  Result,
+  Severity,
+  ExperimentalModifiedFindings,
+} from './trivy';
+import { ISimpleListCell } from 'azure-devops-ui/List';
+import { ZeroData } from 'azure-devops-ui/ZeroData';
+import { compareSeverity, renderSeverity } from './severity';
+import { ITableColumn } from 'azure-devops-ui/Components/Table/Table.Props';
+import { ArrayItemProvider } from 'azure-devops-ui/Utilities/Provider';
+
+interface SuppressedTableProps {
+  report: Report;
+}
+
+interface ListSuppressed extends ISimpleTableCell {
+  Type: ISimpleTableCell;
+  ID: ISimpleTableCell;
+  Status: ISimpleTableCell;
+  Statement: ISimpleTableCell;
+  Source: ISimpleTableCell;
+  Title: ISimpleTableCell;
+  Severity: ISimpleListCell;
+  FilePath: ISimpleListCell;
+}
+
+function renderSuppressedSeverity(
+  rowIndex: number,
+  columnIndex: number,
+  tableColumn: ITableColumn<ListSuppressed>,
+  tableItem: ListSuppressed
+): JSX.Element {
+  return renderSeverity(
+    rowIndex,
+    columnIndex,
+    tableColumn,
+    tableItem.Severity.text as Severity
+  );
+}
+
+const fixedColumns = [
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'ID',
+    name: 'ID',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: 150,
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'Type',
+    name: 'Type',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: 150,
+    sortProps: {
+      ariaLabelAscending: 'Sorted A to Z',
+      ariaLabelDescending: 'Sorted Z to A',
+    },
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'Status',
+    name: 'Status',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: 100,
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'Statement',
+    name: 'Statement',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: new ObservableValue(-20),
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'Source',
+    name: 'Source',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: new ObservableValue(-8),
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'Title',
+    name: 'Title',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: new ObservableValue(-20),
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'Severity',
+    name: 'Severity',
+    readonly: true,
+    renderCell: renderSuppressedSeverity,
+    width: 120,
+    sortProps: {
+      ariaLabelAscending: 'Sorted by severity ascending',
+      ariaLabelDescending: 'Sorted by severity descending',
+    },
+  },
+  {
+    columnLayout: TableColumnLayout.singleLine,
+    id: 'FilePath',
+    name: 'Location',
+    readonly: true,
+    renderCell: renderSimpleCell,
+    width: new ObservableValue(-35),
+    sortProps: {
+      ariaLabelAscending: 'Sorted A to Z',
+      ariaLabelDescending: 'Sorted Z to A',
+    },
+  },
+];
+
+const sortFunctions = [
+  (item1: ListSuppressed, item2: ListSuppressed): number => {
+    const severity1: ISimpleListCell = item1.Severity;
+    const severity2: ISimpleListCell = item2.Severity;
+    return compareSeverity(severity1.text, severity2.text);
+  },
+  (item1: ListSuppressed, item2: ListSuppressed): number => {
+    const value1: ISimpleListCell = item1.Type;
+    const value2: ISimpleListCell = item2.Type;
+    return value1.text?.localeCompare(value2.text ?? '') || 0;
+  },
+  null,
+  (item1: ListSuppressed, item2: ListSuppressed): number => {
+    const value1: ISimpleListCell = item1.FilePath;
+    const value2: ISimpleListCell = item2.FilePath;
+    return value1.text?.localeCompare(value2.text ?? '') || 0;
+  },
+  null,
+];
+
+export class SuppressedTable extends React.Component<SuppressedTableProps> {
+  private readonly results: ObservableArray<ListSuppressed> =
+    new ObservableArray<ListSuppressed>([]);
+
+  constructor(props: SuppressedTableProps) {
+    super(props);
+    this.results = new ObservableArray<ListSuppressed>(
+      convertSuppressed(props.report.Results || [])
+    );
+    // sort by severity desc by default
+    this.results.splice(
+      0,
+      this.results.length,
+      ...sortItems<ListSuppressed>(
+        0,
+        SortOrder.descending,
+        sortFunctions,
+        fixedColumns,
+        this.results.value
+      )
+    );
+  }
+
+  render() {
+    const sortingBehavior = new ColumnSorting<ListSuppressed>(
+      (columnIndex: number, proposedSortOrder: SortOrder) => {
+        this.results.splice(
+          0,
+          this.results.length,
+          ...sortItems<ListSuppressed>(
+            columnIndex,
+            proposedSortOrder,
+            sortFunctions,
+            fixedColumns,
+            this.results.value
+          )
+        );
+      }
+    );
+
+    return this.results.length == 0 ? (
+      <ZeroData
+        primaryText="No problems found."
+        secondaryText={
+          <span>No suppressions were found for this scan target.</span>
+        }
+        imageAltText="trivy"
+        imagePath={'images/trivy.png'}
+      />
+    ) : (
+      <Table
+        pageSize={this.results.length}
+        selectableText={true}
+        ariaLabel="Suppressed Table"
+        role="table"
+        behaviors={[sortingBehavior]}
+        columns={fixedColumns}
+        itemProvider={new ArrayItemProvider(this.results.value)}
+        containerClassName="h-scroll-auto"
+      />
+    );
+  }
+}
+
+function convertSuppressed(results: Result[]): ListSuppressed[] {
+  const output: ListSuppressed[] = [];
+  results.forEach((result) => {
+    if (
+      Object.prototype.hasOwnProperty.call(
+        result,
+        'ExperimentalModifiedFindings'
+      ) &&
+      result.ExperimentalModifiedFindings !== null
+    ) {
+      const target = result.Target;
+      result.ExperimentalModifiedFindings.forEach(function (
+        suppressed: ExperimentalModifiedFindings
+      ) {
+        let id = '';
+        if (suppressed.Finding.ID) {
+          id = suppressed.Finding.ID;
+        } else if (suppressed.Finding.VulnerabilityID) {
+          id = suppressed.Finding.VulnerabilityID;
+        }
+
+        output.push({
+          ID: { text: id },
+          Type: {
+            text: suppressed.Type.split(' ')
+              .map((word) => word.charAt(0).toUpperCase() + word.slice(1))
+              .join(' '),
+          },
+          Severity: { text: suppressed.Finding.Severity },
+          Status: {
+            text: suppressed.Status.split(' ')
+              .map((word) => word.charAt(0).toUpperCase() + word.slice(1))
+              .join(' '),
+          },
+          Statement: { text: suppressed.Statement },
+          Source: { text: suppressed.Source },
+          Title: { text: suppressed.Finding.Title },
+          FilePath: { text: target },
+        });
+      });
+    }
+  });
+  return output;
+}