Script to convert OWASP Dependency Check Results to a format that can be ingested into SonarCloud

DependancyCheckToSonarCloudConvertor.ps1

param
(
   # The OWASP results XML file
   $input = "dependancy-results.xml",
   # The SonarCloud generic issue JSON file
   $output = "dependancy-results.json",
   # The file to associate issues with
   $filename = "c:\folder\file.cs"
)

$doc = New-Object xml
$doc.Load( (Convert-Path $input) )


$list = New-Object System.Collections.ArrayList

$doc.analysis.dependencies.dependency | ForEach-Object {
    if ( [bool]($_.PSobject.Properties.name -match "vulnerabilities")) {
        $_.vulnerabilities.vulnerability | ForEach-Object {
            $jsonItem = @{}
            $jsonItem.Add("engineId","DependencyCheck")
            $jsonItem.Add("ruleId",$_.name)
            $servity = "MAJOR"
            if ($_.severity -eq "HIGH") {
                $servity = "CRITICAL"
            } 
            $jsonItem.Add("severity",$servity)
            $jsonItem.Add("type","VULNERABILITY")
            $jsonItemDetail = @{}
            $jsonItemDetail.Add("message",$_.description)
            $jsonItemDetail.Add("filePath",$filename)
            $jsonItem.Add("primaryLocation",$jsonItemDetail)
        
            $list.Add($jsonItem)
        }
    }
}

$jsonBase = @{}
$jsonBase.Add("issues",$list)


$jsonBase | ConvertTo-Json -Depth 10 | Out-File $output -Encoding utf8