🎉 Add fix_available to TrivyOperator (#13056)

Author: manuel-sommer

dojo/tools/trivy_operator/checks_handler.py

@@ -45,6 +45,7 @@ def handle_checks(self, labels, checks, test):
                 static_finding=True,
                 dynamic_finding=False,
                 service=service,
+                fix_available=True,
             )
             if resource_namespace != "":
                 finding.tags = resource_namespace

dojo/tools/trivy_operator/clustercompliance_handler.py

@@ -37,6 +37,7 @@ def handle_clustercompliance(self, controls, clustercompliance, test):
                     severity=severity,
                     static_finding=False,
                     dynamic_finding=True,
+                    fix_available=True,
                 )
                 if vulnerabilityids != []:
                     finding.unsaved_vulnerability_ids = vulnerabilityids

dojo/tools/trivy_operator/compliance_handler.py

@@ -53,6 +53,7 @@ def handle_compliance(self, benchmarkreport, test):
                         description=description,
                         static_finding=False,
                         dynamic_finding=True,
+                        fix_available=True,
                     )
                     if check_checkID:
                         finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_checkID)]

dojo/tools/trivy_operator/secrets_handler.py

@@ -53,6 +53,7 @@ def handle_secrets(self, labels, secrets, test):
                 static_finding=True,
                 dynamic_finding=False,
                 service=service,
+                fix_available=True,
             )
             if resource_namespace != "":
                 finding.tags = resource_namespace

dojo/tools/trivy_operator/vulnerability_handler.py

@@ -29,6 +29,9 @@ def handle_vulns(self, labels, vulnerabilities, test):
             severity = TRIVY_SEVERITIES[vulnerability.get("severity")]
             references = vulnerability.get("primaryLink")
             mitigation = vulnerability.get("fixedVersion")
+            fix_available = True
+            if vulnerability.get("fixedVersion") == "":
+                fix_available = False
             package_name = vulnerability.get("resource")
             package_version = vulnerability.get("installedVersion")
             cvssv3_score = vulnerability.get("score")
@@ -84,6 +87,7 @@ def handle_vulns(self, labels, vulnerabilities, test):
                 service=service,
                 file_path=file_path,
                 tags=[tag for tag in finding_tags if tag != ""],
+                fix_available=fix_available,
             )
             if vuln_id:
                 finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)]

unittests/tools/test_trivy_operator_parser.py

@@ -61,6 +61,7 @@ def test_vulnerabilityreport_single_vulns(self):
             self.assertEqual("CVE-2023-23914 curl 7.87.0-r1", finding.title)
             self.assertEqual("7.87.0-r2", finding.mitigation)
             self.assertEqual(4.2, finding.cvssv3_score)
+            self.assertEqual(True, finding.fix_available)
 
     def test_vulnerabilityreport_many(self):
         with sample_path("vulnerabilityreport_many.json").open(encoding="utf-8") as test_file: