From 2c874da3207effdefed76008a6fb9e30ede5f61e Mon Sep 17 00:00:00 2001 From: ryanhkho Date: Wed, 24 Apr 2024 08:42:56 -1000 Subject: [PATCH] Resolve: Gatecheck not reporting the description and ID of the vuln. when failing --- pkg/gatecheck/validate.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pkg/gatecheck/validate.go b/pkg/gatecheck/validate.go index bd48d2e..9573754 100644 --- a/pkg/gatecheck/validate.go +++ b/pkg/gatecheck/validate.go @@ -207,15 +207,21 @@ func ruleGrypeKEVLimit(config *Config, report *artifacts.GrypeReportMin, catalog slog.Error("kev limit enabled but no catalog data exists") return false } + foundKevMatch := false // Check if vulnerability is in the KEV Catalog for _, vulnerability := range report.Matches { inKEVCatalog := slices.ContainsFunc(catalog.Vulnerabilities, func(kevVul kev.Vulnerability) bool { return kevVul.CveID == vulnerability.Vulnerability.ID }) if inKEVCatalog { - return false + slog.Warn("Matched to KEV Catalog", + "vulnerability", vulnerability.Vulnerability.ID) + foundKevMatch = true } } + if foundKevMatch { + return false + } slog.Info("kev limit validated, no cves in catalog", "vulnerabilities", len(report.Matches), "kev_catalog_count", len(catalog.Vulnerabilities)) return true @@ -230,6 +236,7 @@ func ruleCyclonedxKEVLimit(config *Config, report *artifacts.CyclonedxReportMin, slog.Error("kev limit enabled but no catalog data exists", "artifact", "cyclonedx") return false } + foundKevMatch := false // Check if vulnerability is in the KEV Catalog for _, vulnerability := range report.Vulnerabilities { inKEVCatalog := slices.ContainsFunc(catalog.Vulnerabilities, func(kevVul kev.Vulnerability) bool { @@ -237,9 +244,14 @@ func ruleCyclonedxKEVLimit(config *Config, report *artifacts.CyclonedxReportMin, }) if inKEVCatalog { - return false + slog.Warn("Matched to KEV Catalog", + "vulnerability", vulnerability.ID) + foundKevMatch = true } } + if foundKevMatch { + return false + } slog.Info("kev limit validated, no cves in catalog", "vulnerabilities", len(report.Vulnerabilities), "kev_catalog_count", len(catalog.Vulnerabilities)) return true