in src/main/java/com/amazon/inspector/jenkins/amazoninspectorbuildstep/csvconversion/CsvConverter.java [170:212]
public void routeDockerCsvData(Vulnerability vulnerability, Component component) {
String installedVersion = component.getPurl();
String fixedVersion = getPropertyValueFromKey(vulnerability,
String.format("amazon:inspector:sbom_scanner:fixed_version:%s", component.getBomRef()));
String exploitAvailable = getPropertyValueFromKey(vulnerability,
"amazon:inspector:sbom_scanner:exploit_available");
String exploitLastSeen = getPropertyValueFromKey(vulnerability,
"amazon:inspector:sbom_scanner:exploit_last_seen_in_public");
String path = getPropertyValueFromKey(component,
"amazon:inspector:sbom_scanner:path");
List<Component> lineComponents = getLineComponents(sbomData.getSbom().getComponents());
for (Component lineComponent : lineComponents) {
String file = lineComponent.getName();
String lines = HtmlConversionUtils.getLines(vulnerability.getId(), lineComponent.getProperties());
if (lineComponent != null && lineComponent.getName().startsWith("dockerfile:")) {
lines += " - Derived";
}
CsvData csvData = CsvData.builder()
.vulnerabilityId(vulnerability.getId())
.severity(getSeverity(vulnerability))
.published(vulnerability.getCreated())
.modified(getUpdated(vulnerability))
.epssScore(getEpssScore(vulnerability))
.description(vulnerability.getDescription())
.packageInstalledVersion(installedVersion)
.packageFixedVersion(fixedVersion)
.packagePath(path)
.cwes(getCwesAsString(vulnerability))
.exploitAvailable(exploitAvailable)
.exploitLastSeen(exploitLastSeen)
.file(file)
.lines(lines)
.build();
if (vulnerability.getId().startsWith("IN-DOCKER")) {
dockerData.add(csvData);
}
}
}