diff --git a/src/cli/commands/test/iac-output.ts b/src/cli/commands/test/iac-output.ts index 363afd2949..f8c6028ac8 100644 --- a/src/cli/commands/test/iac-output.ts +++ b/src/cli/commands/test/iac-output.ts @@ -174,7 +174,7 @@ export function mapIacTestResponseToSarifTool( tool.driver.rules?.push({ id: iacIssue.id, shortDescription: { - text: `${upperFirst(iacIssue.severity)} - ${iacIssue.title}`, + text: `${upperFirst(iacIssue.severity)} severity - ${iacIssue.title}`, }, fullDescription: { text: `${iacTypeToText[iacIssue.type]} ${iacIssue.subType}`, diff --git a/src/cli/commands/test/sarif-output.ts b/src/cli/commands/test/sarif-output.ts index 4aa7db1e8a..1e027b41ad 100644 --- a/src/cli/commands/test/sarif-output.ts +++ b/src/cli/commands/test/sarif-output.ts @@ -1,4 +1,5 @@ import * as sarif from 'sarif'; +import { upperFirst } from 'lodash'; export function createSarifOutputForContainers(testResult): sarif.Log { const sarifRes: sarif.Log = { @@ -40,7 +41,9 @@ export function getTool(testResult): sarif.Tool { return { id: vuln.id, shortDescription: { - text: `${vuln.severity} severity ${vuln.title} vulnerability in ${vuln.packageName}`, + text: `${upperFirst(vuln.severity)} severity - ${ + vuln.title + } vulnerability in ${vuln.packageName}`, }, fullDescription: { text: cve diff --git a/test/acceptance/fixtures/docker/sarif-container-result.json b/test/acceptance/fixtures/docker/sarif-container-result.json index 60910425a8..4835d81393 100644 --- a/test/acceptance/fixtures/docker/sarif-container-result.json +++ b/test/acceptance/fixtures/docker/sarif-container-result.json @@ -9,7 +9,7 @@ { "id": "SNYK-LINUX-BZIP2-106947", "shortDescription": { - "text": "low severity Denial of Service (DoS) vulnerability in bzip2" + "text": "Low severity - Denial of Service (DoS) vulnerability in bzip2" }, "fullDescription": { "text": "(CVE-2016-3189) bzip2/libbz2-1.0@1.0.6-8.1"