diff --git a/internal/sarif/sarif.go b/internal/sarif/sarif.go index 07c77174..65ba5c92 100644 --- a/internal/sarif/sarif.go +++ b/internal/sarif/sarif.go @@ -2,6 +2,7 @@ package sarif import ( "bytes" + "encoding/json" "fmt" "strings" @@ -36,12 +37,28 @@ func Create(kubeauditReport *kubeaudit.Report) (*sarif.Report, error) { auditor := strings.ToLower(result.Auditor) + var metadataTxt string + if len(result.Metadata) > 0 { + formattedMap := make(map[string]string) + + for k, v := range result.Metadata { + formattedMap[k] = v + } + + metadata, jsonErr := json.Marshal(formattedMap) + if jsonErr != nil { + metadata = []byte(jsonErr.Error()) + } + + metadataTxt = fmt.Sprintf("Metadata: %s\n", string(metadata)) + } + docsURL := "https://github.com/Shopify/kubeaudit/blob/main/docs/auditors/" + auditor + ".md" - helpText := fmt.Sprintf("Type: kubernetes\nAuditor Docs: To find out more about the issue and how to fix it, follow [this link](%s)\nDescription: %s\n\n Note: These audit results are generated with `kubeaudit`, a command line tool and a Go package that checks for potential security concerns in kubernetes manifest specs. You can read more about it at https://github.com/Shopify/kubeaudit ", docsURL, allAuditors[auditor]) + helpText := fmt.Sprintf("Type: kubernetes\nAuditor Docs: To find out more about the issue and how to fix it, follow [this link](%s)\nDescription: %s\n%s\n\n Note: These audit results are generated with `kubeaudit`, a command line tool and a Go package that checks for potential security concerns in kubernetes manifest specs. You can read more about it at https://github.com/Shopify/kubeaudit ", docsURL, allAuditors[auditor], metadataTxt) - helpMarkdown := fmt.Sprintf("**Type**: kubernetes\n**Auditor Docs**: To find out more about the issue and how to fix it, follow [this link](%s)\n**Description:** %s\n\n *Note*: These audit results are generated with `kubeaudit`, a command line tool and a Go package that checks for potential security concerns in kubernetes manifest specs. You can read more about it at https://github.com/Shopify/kubeaudit ", - docsURL, allAuditors[auditor]) + helpMarkdown := fmt.Sprintf("**Type**: kubernetes\n**Auditor Docs**: To find out more about the issue and how to fix it, follow [this link](%s)\n**Description:** %s\n **Metadata**: %s\n\n *Note*: These audit results are generated with `kubeaudit`, a command line tool and a Go package that checks for potential security concerns in kubernetes manifest specs. You can read more about it at https://github.com/Shopify/kubeaudit ", + docsURL, allAuditors[auditor], metadataTxt) // we only add rules to the report based on the result findings run.AddRule(result.Rule).