export function createDigestForSeverity()

in packages/repocop/src/remediation/vuln-digest/vuln-digest.ts [51:107]

• 48 lines of code
• 9 McCabe index (conditional complexity)

export function createDigestForSeverity(
	team: Team,
	severity: 'critical' | 'high',
	repoOwners: view_repo_ownership[],
	results: EvaluationResult[],
	cutOffInDays: number,
): VulnerabilityDigest | undefined {
	const resultsForTeam: EvaluationResult[] = getOwningRepos(
		team,
		repoOwners,
		results,
	);
	const vulns = resultsForTeam.flatMap((r) => r.vulnerabilities);

	const cutOffDate = new Date();
	cutOffDate.setDate(cutOffDate.getDate() - cutOffInDays);

	const patchableFirst = (a: RepocopVulnerability, b: RepocopVulnerability) => {
		if (a.is_patchable && !b.is_patchable) {
			return -1;
		}
		if (!a.is_patchable && b.is_patchable) {
			return 1;
		}
		return 0;
	};

	const vulnsSinceImplementationDate = vulns
		.filter(
			(v) =>
				v.severity == severity && new Date(v.alert_issue_date) > cutOffDate,
		)
		.sort(patchableFirst);

	const totalNewVulnsCount = vulnsSinceImplementationDate.length;

	if (totalNewVulnsCount === 0) {
		return undefined;
	}

	const preamble = String.raw`Found ${totalNewVulnsCount} ${severity} vulnerabilities introduced in the last ${cutOffInDays} days. Teams have ${SLAs[severity]} days to fix these.
Note: DevX only aggregates vulnerability information for runtime dependencies in repositories with a production topic.`;

	const digestString = vulnsSinceImplementationDate
		.map((v) => createHumanReadableVulnMessage(v))
		.join('\n\n');

	const message = `${preamble}\n\n${digestString}`;
	const actions = [createTeamDashboardLinkAction(team, vulns.length)];

	return {
		teamSlug: team.slug,
		subject: `Vulnerability Digest for ${team.name}`,
		message,
		actions,
	};
}