OPA rego policy with ShiftLeft API integration

shiftleft.rego

package shiftleft

default allow = true

runtime := opa.runtime()
sl_app_name := runtime.env.SHIFTLEFT_APP
sl_access_token := runtime.env.SHIFTLEFT_ACCESS_TOKEN
payload := io.jwt.decode(sl_access_token)
sl_org_id := payload[1].orgID
headers := {"Content-Type": "application/json", "Authorization": sprintf("Bearer %s", [sl_access_token])}
url := sprintf("https://www.shiftleft.io/api/v4/orgs/%s/apps/%s/findings?per_page=249", [sl_org_id, sl_app_name])
http_response := http.send({"method": "get", "headers": headers, "url": url})

scan := http_response.body.response.scan
findings := http_response.body.response.findings

has_findings = true {
	count(findings) > 0
}

has_critical_findings = true {
    findings[_].severity == "critical"
}

has_non_info_findings = true {
    findings[_].severity == "critical"
}

has_non_info_findings = true {
    findings[_].severity == "moderate"
}

list_critical_findings[finding.id] = finding.title {
	finding := findings[_]
	finding.severity == "critical"
}

list_app_critical_findings[finding.id] = finding.title {
	finding := findings[_]
	finding.category == "XSS"
	finding.severity == "critical"
}

list_app_critical_findings[finding.id] = finding.title {
	finding := findings[_]
	finding.category == "Deserialization"
}