Updating pip-audit parser to handle new JSON file format #9696
Conversation
|
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Tip Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example... Powered by DryRun Security |
dojo/tools/pip_audit/parser.py
Outdated
| logger.debug("**-**") | ||
| logger.debug(dependency) |
There was a problem hiding this comment.
Are these log statements necessary?
| logger.debug("**-**") | |
| logger.debug(dependency) |
There was a problem hiding this comment.
Thank you, resolved with 8fdf3fa
dojo/tools/pip_audit/parser.py
Outdated
| finding = Finding( | ||
| test=test, | ||
| title=title, | ||
| cwe=1352, |
There was a problem hiding this comment.
It looks like MITRE prefers not to use this CWE. Searching through the Dojo codebase, it appears that we tend to use CWE-1035, which MITRE also discourages.
We might want to start defaulting to CWE-1395 for these SCA issues, though I realize it would be somewhat disruptive to modify the default CWEs in all these different tools...
There was a problem hiding this comment.
I updated to default to 1395: 0820dc9
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Updating pip-audit parser to handle new JSON file format [sc-3854]