private boolean assessCVEsAgainstEPSS()

in src/main/java/com/amazon/inspector/jenkins/amazoninspectorbuildstep/AmazonInspectorBuilder.java [391:440]

• 50 lines of code
• 11 McCabe index (conditional complexity)

    private boolean assessCVEsAgainstEPSS(Run<?, ?> build, FilePath workspace, TaskListener listener, Double epssThreshold, String sbomPath)
            throws IOException, InterruptedException {
        FilePath sbomFile = workspace.child(sbomPath);
        if (!sbomFile.exists()) {
            listener.getLogger().println("SBOM file not found at: " + sbomFile.getRemote());
            return true;
        }
        try {
            String sbomContent = sbomFile.readToString();
            listener.getLogger().println("SBOM file read successfully.");
            Gson gson = new Gson();
            Sbom sbom = gson.fromJson(sbomContent, Sbom.class);
            listener.getLogger().println("SBOM JSON parsed successfully.");
            List<Vulnerability> vulnerabilities = sbom.getVulnerabilities();
            if (vulnerabilities == null || vulnerabilities.isEmpty()) {
                listener.getLogger().println("No vulnerabilities found in the SBOM.");
                return false;
            }
            listener.getLogger().println("Starting EPSS assessment for vulnerabilities...");
            boolean exceedsThreshold = false;
            Map<String, Double> exceedingCVEsMap = new HashMap<>();
            for (Vulnerability vulnerability : vulnerabilities) {
                String cveId = vulnerability.getId();
                Double epssScore = vulnerability.getEpssScore();
                if (epssScore == null) {
                    continue;
                }
                if (epssScore >= epssThreshold) {
                    exceedsThreshold = true;
                    exceedingCVEsMap.put(cveId, epssScore);
                }
            }
            if (exceedsThreshold) {
                listener.getLogger().println("The following CVEs exceed the EPSS threshold of " + epssThreshold + ":");
                for (Map.Entry<String, Double> entry : exceedingCVEsMap.entrySet()) {
                    listener.getLogger().println(String.format("%s, EPSS Score: %.4f", entry.getKey(), entry.getValue()));
                }
                listener.getLogger().println("Failing the build due to EPSS threshold breach.");
            } else {
                listener.getLogger().println("All assessed CVEs are within the EPSS threshold of " + epssThreshold + ".");
            }
            return exceedsThreshold;
        } catch (JsonParseException e) {
            listener.getLogger().println("Invalid JSON structure in SBOM file: " + e.getMessage());
            return true;
        } catch (IOException e) {
            listener.getLogger().println("Error reading SBOM file: " + e.getMessage());
            return true;
        }
    }