🎉 Add fix_available information to blackduck component risk #12633 (#13201)

manuel-sommer · web-flow · commit 8a1992c8287f · 2025-09-19T12:13:06.000-06:00
diff --git a/dojo/tools/blackduck_component_risk/parser.py b/dojo/tools/blackduck_component_risk/parser.py
@@ -67,6 +67,7 @@ def ingest_findings(self, components, securities, sources, test):
                 description = self.license_description(component, source)
                 severity = "High"
                 mitigation = self.license_mitigation(component)
+                fix_available = bool(mitigation)
                 impact = "N/A"
                 references = self.license_references(component)
                 finding = Finding(
@@ -79,6 +80,7 @@ def ingest_findings(self, components, securities, sources, test):
                     references=references,
                     static_finding=True,
                     unique_id_from_tool=component_id,
+                    fix_available=fix_available,
                 )
                 license_risk.append(finding)
             elif "None" not in self.license_severity(component):
@@ -88,6 +90,7 @@ def ingest_findings(self, components, securities, sources, test):
                 description = self.license_description(component, source)
                 severity = self.license_severity(component)
                 mitigation = self.license_mitigation(component, violation=False)
+                fix_available = bool(mitigation)
                 impact = "N/A"
                 references = self.license_references(component)
                 finding = Finding(
@@ -100,6 +103,7 @@ def ingest_findings(self, components, securities, sources, test):
                     references=references,
                     static_finding=True,
                     unique_id_from_tool=component_id,
+                    fix_available=fix_available,
                 )
                 license_risk.append(finding)
         items.extend(license_risk)
@@ -111,10 +115,10 @@ def ingest_findings(self, components, securities, sources, test):
             description = self.security_description(vulns)
             severity = self.security_severity(vulns)
             mitigation = self.security_mitigation(vulns)
+            fix_available = bool(mitigation)
             impact = self.security_impact(vulns)
             references = self.security_references(vulns)
             file_path = self.security_filepath(vulns)
-
             finding = Finding(
                 title=title,
                 test=test,
@@ -126,6 +130,7 @@ def ingest_findings(self, components, securities, sources, test):
                 static_finding=True,
                 file_path=file_path,
                 unique_id_from_tool=component_id,
+                fix_available=fix_available,
             )
             security_risk.append(finding)
         items.extend(security_risk)
diff --git a/unittests/tools/test_blackduck_component_risk_parser.py b/unittests/tools/test_blackduck_component_risk_parser.py
@@ -10,3 +10,11 @@ def test_blackduck_enhanced_zip_upload(self):
             parser = BlackduckComponentRiskParser()
             findings = parser.get_findings(testfile, Test())
             self.assertEqual(12, len(findings))
+            findings = list(findings)
+            self.assertEqual("License Risk: xmldom:0.1.21", findings[0].title)
+            self.assertEqual(True, findings[0].fix_available)
+            self.assertEqual("Package has a license that is In Violation and should not be used: xmldom:0.1.21.  Please use another component with an acceptable license.", findings[0].mitigation)
+            self.assertEqual("High", findings[0].severity)
+            self.assertEqual("N/A", findings[0].impact)
+            self.assertEqual("**Project:** foo-project ID-355b2cb252662e07153802b82041e8322ccef144-1.0.0\n", findings[0].references)
+            self.assertEqual(None, findings[0].file_path)
