in src/main/java/com/amazon/inspector/jenkins/amazoninspectorbuildstep/html/HtmlConversionUtils.java [94:141]
public static List<DockerVulnerability> convertDocker(List<Vulnerability> vulnerabilities,
List<Component> components) {
List<DockerVulnerability> dockerVulnerabilities = new ArrayList<>();
List<Component> lineComponents = getLineComponents(components);
if (vulnerabilities == null) {
return dockerVulnerabilities;
}
for (Vulnerability vulnerability : vulnerabilities) {
if (!vulnerability.getId().contains("IN-DOCKER")) {
continue;
}
String severity = getSeverity(vulnerability.getRatings());
if (severity == null) {
severity = "Untriaged";
}
String description = vulnerability.getDescription();
String filename = "N/A";
String lines = "N/A";
for (Component lineComponent : lineComponents) {
if (lineComponent != null) {
lines = getLines(vulnerability.getId(), lineComponent.getProperties());
filename = lineComponent.getName();
}
if (lineComponent.getName().equals("dockerfile:comp-1.Dockerfile")) {
lines += " - Derived";
}
}
DockerVulnerability dockerVulnerability = DockerVulnerability.builder()
.id(vulnerability.getId())
.severity(severity)
.description(description)
.file(filename)
.lines(lines)
.build();
dockerVulnerabilities.add(dockerVulnerability);
}
Collections.sort(dockerVulnerabilities, (v1, v2) -> sortVulnerabilitiesBySeverity(v1.severity, v2.severity));
return dockerVulnerabilities;
}