fix: sarif change - severity to look the same for IaC and containers

Mattlk13 · Sep 29, 2020 · 4abfb97 · 4abfb97
1 parent e4647d6
commit 4abfb97
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/src/cli/commands/test/iac-output.ts b/src/cli/commands/test/iac-output.ts
@@ -174,7 +174,7 @@ export function mapIacTestResponseToSarifTool(
       tool.driver.rules?.push({
         id: iacIssue.id,
         shortDescription: {
-          text: `${upperFirst(iacIssue.severity)} - ${iacIssue.title}`,
+          text: `${upperFirst(iacIssue.severity)} severity - ${iacIssue.title}`,
         },
         fullDescription: {
           text: `${iacTypeToText[iacIssue.type]} ${iacIssue.subType}`,

diff --git a/src/cli/commands/test/sarif-output.ts b/src/cli/commands/test/sarif-output.ts
@@ -1,4 +1,5 @@
 import * as sarif from 'sarif';
+import { upperFirst } from 'lodash';
 
 export function createSarifOutputForContainers(testResult): sarif.Log {
   const sarifRes: sarif.Log = {
@@ -40,7 +41,9 @@ export function getTool(testResult): sarif.Tool {
       return {
         id: vuln.id,
         shortDescription: {
-          text: `${vuln.severity} severity ${vuln.title} vulnerability in ${vuln.packageName}`,
+          text: `${upperFirst(vuln.severity)} severity - ${
+            vuln.title
+          } vulnerability in ${vuln.packageName}`,
         },
         fullDescription: {
           text: cve

diff --git a/test/acceptance/fixtures/docker/sarif-container-result.json b/test/acceptance/fixtures/docker/sarif-container-result.json
@@ -9,7 +9,7 @@
             {
               "id": "SNYK-LINUX-BZIP2-106947",
               "shortDescription": {
-                "text": "low severity Denial of Service (DoS) vulnerability in bzip2"
+                "text": "Low severity - Denial of Service (DoS) vulnerability in bzip2"
               },
               "fullDescription": {
                 "text": "(CVE-2016-3189) bzip2/libbz2-1.0@1.0.6-8.1"