Created
May 30, 2020 19:28
-
-
Save prabhu/f106e695beafb72eac0ea90972c436c1 to your computer and use it in GitHub Desktop.
Script to summarize all ShiftLeft Scan SAST reports
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| from pathlib import Path | |
| import json | |
| # pip install jinja2 | |
| from jinja2 import Template | |
| def agg_summary(summary, metrics): | |
| if not summary: | |
| summary = {"total": 0, "critical": 0, "high": 0, "medium": 0, "low": 0} | |
| if metrics: | |
| summary["total"] += metrics["total"] | |
| summary["critical"] += metrics["critical"] | |
| summary["high"] += metrics["high"] | |
| summary["medium"] += metrics["medium"] | |
| summary["low"] += metrics["low"] | |
| return summary | |
| def get_sast_summary(jsonfile): | |
| with open(jsonfile, mode="r") as fp: | |
| json_data = fp.read() | |
| summary = None | |
| for line in json_data.split("\n"): | |
| if not line.strip(): | |
| continue | |
| try: | |
| sarif_data = json.loads(line) | |
| metrics = sarif_data.get("properties", {}).get("metrics", {}) | |
| summary = agg_summary(summary, metrics) | |
| except: | |
| print(line) | |
| return summary | |
| def to_html(repo_summary, grand_summary): | |
| SUMMARY_HTML = Template( | |
| """ | |
| <h2>Summary {% if repo %}for {{ repo }} {%- endif %}</h2> | |
| <table class="table"> | |
| <thead> | |
| <tr> | |
| <th>Severity</th> | |
| <th>Count</th> | |
| </tr> | |
| </thead> | |
| <tbody> | |
| {% for sev in ["critical", "high", "medium", "low", "total"] -%} | |
| <tr> | |
| <td>{{ sev|upper }}</span></td> | |
| <td>{{ metrics.get(sev)|default('NA') }}</td> | |
| </tr> | |
| {%- endfor %} | |
| </tbody> | |
| </table> | |
| """ | |
| ) | |
| print(SUMMARY_HTML.render(repo=None, metrics=grand_summary)) | |
| for k, v in repo_summary.items(): | |
| print(SUMMARY_HTML.render(repo=k, metrics=v)) | |
| def main(): | |
| # This file should be placed outside reports_dir | |
| reports_dir = Path(__file__).parent / "reports_dir" | |
| full_reports = [p.as_posix() for p in reports_dir.rglob("scan-full-report.json")] | |
| # This is a dict with repo name as the key and summary count as value | |
| repo_summary = {d.split("/")[1]: get_sast_summary(d) for d in full_reports} | |
| # This dict would have a grand summary for all repositories | |
| grand_summary = None | |
| for k, v in repo_summary.items(): | |
| grand_summary = agg_summary(grand_summary, v) | |
| print(repo_summary) | |
| print(grand_summary) | |
| to_html(repo_summary, grand_summary) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment