Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeyError when FixedVersion is absent in Trivy JSON #10606

Closed
denniebouman opened this issue Jan 6, 2025 · 0 comments · Fixed by #10607
Closed

KeyError when FixedVersion is absent in Trivy JSON #10606

denniebouman opened this issue Jan 6, 2025 · 0 comments · Fixed by #10607
Assignees
@fniessink
Labels
Bug Something isn't working

Comments

@denniebouman
Copy link
Member

Describe the bug
KeyError when FixedVersion is absent in Trivy JSON

To Reproduce
Steps to reproduce the behaviour:

  1. Metric Type: Security Warnings with Trivy JSON as Source
  2. Configure Trivy JSON file with absent FixedVersion

Expected behaviour
Vulnerabilities / Security Warnings (if present) are shown

Screenshots
Parse error Traceback (most recent call last): File "/home/collector/base_collectors/source_collector.py", line 148, in __safely_parse_source_responses return await self._parse_source_responses(responses) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/collector/base_collectors/source_collector.py", line 161, in _parse_source_responses included_entities = [entity for entity in await self._parse_entities(responses) if self._include_entity(entity)] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/collector/base_collectors/file_source_collector.py", line 113, in _parse_entities entities.extend(self._parse_json(json, filename)) ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^ File "/home/collector/source_collectors/trivy/security_warnings.py", line 83, in _parse_json fixed_version=vulnerability["FixedVersion"], ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^ KeyError: 'FixedVersion'

Your environment (please complete the following information):

  • Browser: Chrome
  • Quality-time version: v5.21.0
@denniebouman denniebouman added the Bug Something isn't working label Jan 6, 2025
@fniessink fniessink moved this from Inbox to Development in progress in Quality-time backlog Jan 7, 2025
@fniessink fniessink self-assigned this Jan 7, 2025
fniessink added a commit that referenced this issue Jan 7, 2025
@fniessink
Don't throw an exception when a Trivy JSON file contains vulnerabilit…
7c08cb1 
…ies without fixed version information.

Fixes #10606.
@fniessink fniessink linked a pull request Jan 7, 2025 that will close this issue
Don't throw an exception when a Trivy JSON file contains vulnerabilit… #10607
Merged
@fniessink fniessink mentioned this issue Jan 7, 2025
Merged
fniessink added a commit that referenced this issue Jan 7, 2025
@fniessink
Don't throw an exception when a Trivy JSON file contains vulnerabilit…
2a6b52b 
…ies without fixed version information.

Fixes #10606.
@github-project-automation github-project-automation bot moved this from Development in progress to Merged in Quality-time backlog Jan 7, 2025
@fniessink fniessink moved this from Merged to Release candidate released in Quality-time backlog Jan 15, 2025
@fniessink fniessink moved this from Release candidate released to Released in Quality-time backlog Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fniessink fniessink

Labels
Bug Something isn't working
Projects
Quality-time backlog
Status: Released
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't throw an exception when a Trivy JSON file contains vulnerabilit… ICTU/quality-time
2 participants
@fniessink @denniebouman