DefectDojo
diff --git a/‎dojo/tools/sysdig_reports/parser.py‎
Lines changed: 2 additions & 1 deletion b/‎dojo/tools/sysdig_reports/parser.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎dojo/tools/sysdig_reports/sysdig_csv_parser.py‎
Lines changed: 81 additions & 35 deletions b/‎dojo/tools/sysdig_reports/sysdig_csv_parser.py‎
Lines changed: 81 additions & 35 deletions
diff --git a/‎dojo/tools/sysdig_reports/sysdig_data.py‎
Lines changed: 1 addition & 0 deletions b/‎dojo/tools/sysdig_reports/sysdig_data.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎…ittests/scans/sysdig_reports/sysdig.json‎ ‎…ysdig_reports/legacy_scanner/sysdig.json‎unittests/scans/sysdig_reports/sysdig.json renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig.json b/‎…ittests/scans/sysdig_reports/sysdig.json‎ ‎…ysdig_reports/legacy_scanner/sysdig.json‎unittests/scans/sysdig_reports/sysdig.json renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig.json
diff --git a/‎…orts/sysdig_reports_empty_with_error.csv‎ ‎…nner/sysdig_reports_empty_with_error.csv‎unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_empty_with_error.csv b/‎…orts/sysdig_reports_empty_with_error.csv‎ ‎…nner/sysdig_reports_empty_with_error.csv‎unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_empty_with_error.csv
diff --git a/‎…sdig_reports/sysdig_reports_many_vul.csv‎ ‎…gacy_scanner/sysdig_reports_many_vul.csv‎unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_many_vul.csv b/‎…sdig_reports/sysdig_reports_many_vul.csv‎ ‎…gacy_scanner/sysdig_reports_many_vul.csv‎unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_many_vul.csv
diff --git a/‎…rts/sysdig_reports_missing_cve_field.csv‎ ‎…ner/sysdig_reports_missing_cve_field.csv‎unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_missing_cve_field.csv b/‎…rts/sysdig_reports_missing_cve_field.csv‎ ‎…ner/sysdig_reports_missing_cve_field.csv‎unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_missing_cve_field.csv
diff --git a/‎…sysdig_reports_not_starting_with_cve.csv‎ ‎…sysdig_reports_not_starting_with_cve.csv‎unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_not_starting_with_cve.csv b/‎…sysdig_reports_not_starting_with_cve.csv‎ ‎…sysdig_reports_not_starting_with_cve.csv‎unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_not_starting_with_cve.csv
diff --git a/‎…ysdig_reports/sysdig_reports_one_vul.csv‎ ‎…egacy_scanner/sysdig_reports_one_vul.csv‎unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_one_vul.csv b/‎…ysdig_reports/sysdig_reports_one_vul.csv‎ ‎…egacy_scanner/sysdig_reports_one_vul.csv‎unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_one_vul.csv
diff --git a/‎…sdig_reports/sysdig_reports_zero_vul.csv‎ ‎…gacy_scanner/sysdig_reports_zero_vul.csv‎unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_zero_vul.csv b/‎…sdig_reports/sysdig_reports_zero_vul.csv‎ ‎…gacy_scanner/sysdig_reports_zero_vul.csv‎unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv renamed to unittests/scans/sysdig_reports/legacy_scanner/sysdig_reports_zero_vul.csv
@@ -18,7 +18,7 @@ def get_label_for_scan_types(self, scan_type):
         return "Sysdig Vulnerability Report Scan"
 
     def get_description_for_scan_types(self, scan_type):
-        return "Import of Sysdig Pipeline, Registry and Runtime Vulnerability Report Scans in CSV format or a Sysdig UI JSON Report"
+        return "Legacy scanner: Import of Sysdig Pipeline, Registry and Runtime Vulnerability Report Scans in CSV format or a Sysdig UI JSON Report"
 
     def get_findings(self, filename, test):
         if filename is None:
@@ -215,6 +215,7 @@ def parse_csv(self, arr_data, test):
             if row.vuln_link != "":
                 finding.references = row.vuln_link
                 finding.url = row.vuln_link
+            finding.epss_score = row.epss_score
             # finally, Add finding to list
             sysdig_report_findings.append(finding)
         return sysdig_report_findings
@@ -41,40 +41,86 @@ def parse(self, filename) -> SysdigData:
         for row in csvarray:
 
             csv_data_record = SysdigData()
-
-            csv_data_record.vulnerability_id = row.get("vulnerability id", "")
-            csv_data_record.severity = csv_data_record._map_severity(row.get("severity").upper())
-            csv_data_record.package_name = row.get("package name", "")
-            csv_data_record.package_version = row.get("package version", "")
-            csv_data_record.package_type = row.get("package type", "")
-            csv_data_record.package_path = row.get("package path", "")
-            csv_data_record.image = row.get("image", "")
-            csv_data_record.os_name = row.get("os name", "")
-            csv_data_record.cvss_version = row.get("cvss version", "")
-            csv_data_record.cvss_score = row.get("cvss score", "")
-            csv_data_record.cvss_vector = row.get("cvss vector", "")
-            csv_data_record.vuln_link = row.get("vuln link", "")
-            csv_data_record.vuln_publish_date = row.get("vuln publish date", "")
-            csv_data_record.vuln_fix_date = row.get("vuln fix date", "")
-            csv_data_record.vuln_fix_version = row.get("fix version", "")
-            csv_data_record.public_exploit = row.get("public exploit", "")
-            csv_data_record.k8s_cluster_name = row.get("k8s cluster name", "")
-            csv_data_record.k8s_namespace_name = row.get("k8s namespace name", "")
-            csv_data_record.k8s_workload_type = row.get("k8s workload type", "")
-            csv_data_record.k8s_workload_name = row.get("k8s workload name", "")
-            csv_data_record.k8s_container_name = row.get("k8s container name", "")
-            csv_data_record.image_id = row.get("image id", "")
-            csv_data_record.k8s_pod_count = row.get("k8s pod count", "")
-            csv_data_record.package_suggested_fix = row.get("package suggested fix", "")
-            csv_data_record.in_use = row.get("in use", "") == "TRUE"
-            csv_data_record.risk_accepted = row.get("risk accepted", "") == "TRUE"
-            csv_data_record.registry_name = row.get("registry name", "")
-            csv_data_record.registry_image_repository = row.get("registry image repository", "")
-            csv_data_record.cloud_provider_name = row.get("cloud provider name", "")
-            csv_data_record.cloud_provider_account_id = row.get("cloud provider account ID", "")
-            csv_data_record.cloud_provider_region = row.get("cloud provider region", "")
-            csv_data_record.registry_vendor = row.get("registry vendor", "")
-
-            arr_csv_data.append(csv_data_record)
+            if "vulnerability id" in reader.fieldnames:
+                # Legacy report format
+                csv_data_record.vulnerability_id = row.get("vulnerability id", "")
+                csv_data_record.severity = csv_data_record._map_severity(row.get("severity").upper())
+                csv_data_record.package_name = row.get("package name", "")
+                csv_data_record.package_version = row.get("package version", "")
+                csv_data_record.package_type = row.get("package type", "")
+                csv_data_record.package_path = row.get("package path", "")
+                csv_data_record.image = row.get("image", "")
+                csv_data_record.os_name = row.get("os name", "")
+                csv_data_record.cvss_version = row.get("cvss version", "")
+                csv_data_record.cvss_score = row.get("cvss score", "")
+                csv_data_record.cvss_vector = row.get("cvss vector", "")
+                csv_data_record.vuln_link = row.get("vuln link", "")
+                csv_data_record.vuln_publish_date = row.get("vuln publish date", "")
+                csv_data_record.vuln_fix_date = row.get("vuln fix date", "")
+                csv_data_record.vuln_fix_version = row.get("fix version", "")
+                csv_data_record.public_exploit = row.get("public exploit", "")
+                csv_data_record.k8s_cluster_name = row.get("k8s cluster name", "")
+                csv_data_record.k8s_namespace_name = row.get("k8s namespace name", "")
+                csv_data_record.k8s_workload_type = row.get("k8s workload type", "")
+                csv_data_record.k8s_workload_name = row.get("k8s workload name", "")
+                csv_data_record.k8s_container_name = row.get("k8s container name", "")
+                csv_data_record.image_id = row.get("image id", "")
+                csv_data_record.k8s_pod_count = row.get("k8s pod count", "")
+                csv_data_record.package_suggested_fix = row.get("package suggested fix", "")
+                csv_data_record.in_use = row.get("in use", "") == "TRUE"
+                csv_data_record.risk_accepted = row.get("risk accepted", "") == "TRUE"
+                csv_data_record.registry_name = row.get("registry name", "")
+                csv_data_record.registry_image_repository = row.get("registry image repository", "")
+                csv_data_record.cloud_provider_name = row.get("cloud provider name", "")
+                csv_data_record.cloud_provider_account_id = row.get("cloud provider account ID", "")
+                csv_data_record.cloud_provider_region = row.get("cloud provider region", "")
+                csv_data_record.registry_vendor = row.get("registry vendor", "")
+
+                arr_csv_data.append(csv_data_record)
+
+            elif "cve id" in reader.fieldnames:
+                # Vulnerability Engine report format
+                csv_data_record.vulnerability_id = row.get("cve id", "")
+                csv_data_record.severity = csv_data_record._map_severity(row.get("cve severity").upper())
+                csv_data_record.cvss_score = row.get("cvss score", "")
+                csv_data_record.cvss_version = row.get("cvss score version", "")
+                csv_data_record.package_name = row.get("package name", "")
+                csv_data_record.package_version = row.get("package version", "")
+                csv_data_record.package_type = row.get("package type", "")
+                csv_data_record.package_path = row.get("package path", "")
+                csv_data_record.vuln_fix_version = row.get("fix version", "")
+                csv_data_record.vuln_link = row.get("cve url", "")
+                csv_data_record.vuln_publish_date = row.get("vuln disclosure date", "")
+                csv_data_record.vuln_fix_date = row.get("vuln fix date", "")
+                csv_data_record.risk_accepted = row.get("risk accepted", "") == "TRUE"
+
+                # new fields:
+                csv_data_record.epss_score = row.get("epss score", "")
+
+                # not present:
+                # csv_data_record.public_exploit = row.get("public exploit", "")
+                # csv_data_record.cvss_vector = row.get("cvss vector", "")
+                # csv_data_record.image = row.get("image", "")
+                # csv_data_record.os_name = row.get("os name", "")
+                # csv_data_record.k8s_cluster_name = row.get("k8s cluster name", "")
+                # csv_data_record.k8s_namespace_name = row.get("k8s namespace name", "")
+                # csv_data_record.k8s_workload_type = row.get("k8s workload type", "")
+                # csv_data_record.k8s_workload_name = row.get("k8s workload name", "")
+                # csv_data_record.k8s_container_name = row.get("k8s container name", "")
+                # csv_data_record.image_id = row.get("image id", "")
+                # csv_data_record.k8s_pod_count = row.get("k8s pod count", "")
+                # csv_data_record.package_suggested_fix = row.get("package suggested fix", "")
+                # csv_data_record.in_use = row.get("in use", "") == "TRUE"
+                # csv_data_record.registry_name = row.get("registry name", "")
+                # csv_data_record.registry_image_repository = row.get("registry image repository", "")
+                # csv_data_record.cloud_provider_name = row.get("cloud provider name", "")
+                # csv_data_record.cloud_provider_account_id = row.get("cloud provider account ID", "")
+                # csv_data_record.cloud_provider_region = row.get("cloud provider region", "")
+                # csv_data_record.registry_vendor = row.get("registry vendor", "")
+
+                arr_csv_data.append(csv_data_record)
+            else:
+                msg = "Unknown CSV format: expected Vulnerability ID or CVE ID column"
+                raise ValueError(msg)
 
         return arr_csv_data
@@ -57,3 +57,4 @@ def __init__(self):
         self.cloud_provider_name: str = ""
         self.cloud_provider_account_id: str = ""
         self.cloud_provider_region: str = ""
+        self.epss_score: float = 0