fix: Improve markdown summary report to make malware analysis section collapsable (#313)

2025-12-10 13:43:01 -06:00 · 2025-01-22 11:20:51 +05:30 · 2025-01-22 11:20:51 +05:30 · 2354b4af31
commit 2354b4af31
parent 2c92368985
2 changed files with 38 additions and 13 deletions
--- a/pkg/reporter/markdown/emoji.go
+++ b/pkg/reporter/markdown/emoji.go
@ -1,12 +1,13 @@
 package markdown

 const (
-	EmojiArrowRight     = ":arrow_right:"
-	EmojiWhiteCheckMark = ":white_check_mark:"
-	EmojiCrossMark      = ":x:"
-	EmojiLink           = ":link:"
-	EmojiWarning        = ":warning:"
-	EmojiRedExclamation = ":exclamation:"
-	EmojiOrangeCircle   = ":orange_circle:"
-	EmojiRedCircle      = ":red_circle:"
+	EmojiArrowRight        = ":arrow_right:"
+	EmojiWhiteCheckMark    = ":white_check_mark:"
+	EmojiCrossMark         = ":x:"
+	EmojiLink              = ":link:"
+	EmojiWarning           = ":warning:"
+	EmojiRedExclamation    = ":exclamation:"
+	EmojiOrangeCircle      = ":orange_circle:"
+	EmojiRedCircle         = ":red_circle:"
+	EmojiInformationSource = ":information_source:"
 )
--- a/pkg/reporter/markdown_summary.go
+++ b/pkg/reporter/markdown_summary.go
@ -54,6 +54,8 @@ type markdownSummaryMalwareInfo struct {
 	malwareInfo              map[string]*markdownSummaryPackageMalwareInfo
 	haveMalwarAnalysisReport int
 	missingMalwareAnalysis   int
+	maliciousPackages        int
+	suspiciousPackages       int
 }

 type markdownSummaryReporter struct {
@ -423,11 +425,26 @@ func (r *markdownSummaryReporter) addMalwareAnalysisReportSection(builder *markd
 	}

 	builder.AddHeader(2, "Malicious Package Analysis")
-	builder.AddParagraph("The following packages have been analyzed for malware")
-	builder.AddRaw(malwareInfoTable)
-	builder.AddParagraph(fmt.Sprintf("%d/%d packages have malware analysis reports",
-		r.malwareInfo.haveMalwarAnalysisReport,
-		r.malwareInfo.haveMalwarAnalysisReport+r.malwareInfo.missingMalwareAnalysis))
+	builder.AddParagraph("Malicious package analysis is performed using [SafeDep Cloud API](https://docs.safedep.io/cloud/malware-analysis).")
+
+	reportSection := builder.StartCollapsibleSection("Malicious Package Analysis Report")
+	reportSection.Builder().AddRaw(malwareInfoTable)
+	reportSection.Builder().AddParagraph("")
+	builder.AddCollapsibleSection(reportSection)
+
+	builder.AddBulletPoint(fmt.Sprintf("%s %d packages have been actively analyzed for malicious behaviour.",
+		markdown.EmojiInformationSource, r.malwareInfo.haveMalwarAnalysisReport))
+
+	if r.malwareInfo.maliciousPackages > 0 {
+		builder.AddBulletPoint(fmt.Sprintf("%s %d packages are identified as malicious.",
+			markdown.EmojiRedCircle, r.malwareInfo.maliciousPackages))
+	} else if r.malwareInfo.suspiciousPackages > 0 {
+		builder.AddBulletPoint(fmt.Sprintf("%s %d packages are identified as suspicious.",
+			markdown.EmojiOrangeCircle, r.malwareInfo.suspiciousPackages))
+	} else {
+		builder.AddBulletPoint(fmt.Sprintf("%s No malicious packages found.",
+			markdown.EmojiWhiteCheckMark))
+	}

 	if r.malwareInfo.missingMalwareAnalysis > 0 {
 		builder.AddQuote("Note: Some of the package analysis jobs may still be running." +
@ -500,6 +517,13 @@ func (m *markdownSummaryMalwareInfo) handlePackage(pkg *models.Package) error {

 	if _, ok := m.malwareInfo[pkg.Id()]; !ok {
 		m.haveMalwarAnalysisReport++
+
+		if ma.IsMalware {
+			m.maliciousPackages++
+		} else if ma.IsSuspicious {
+			m.suspiciousPackages++
+		}
+
 		m.malwareInfo[pkg.Id()] = &markdownSummaryPackageMalwareInfo{
 			ecosystem:     pkg.GetControlTowerSpecEcosystem().String(),
 			name:          pkg.GetName(),