Fix #11: Add support for tags in summary report table

2025-12-10 00:22:08 -06:00 · 2023-02-16 17:06:12 +05:30 · 2023-02-16 17:06:12 +05:30 · b5457c23b1
commit b5457c23b1
parent e895f8a0ec
3 changed files with 33 additions and 12 deletions
--- a/go.mod
+++ b/go.mod
@ -8,7 +8,7 @@ require (
 	github.com/google/cel-go v0.13.0
 	github.com/google/osv-scanner v1.1.0
 	github.com/jedib0t/go-pretty/v6 v6.4.4
-	github.com/safedep/dry v0.0.0-20230203134955-367834d99b1c
+	github.com/safedep/dry v0.0.0-20230216112435-385c68e56634
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
 	github.com/stretchr/testify v1.8.1
--- a/go.sum
+++ b/go.sum
@ -45,6 +45,8 @@ github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/safedep/dry v0.0.0-20230203134955-367834d99b1c h1:zbhTBT463mwcIuCq89GT8pFTU8UtGalBWFaa/wsgVXA=
 github.com/safedep/dry v0.0.0-20230203134955-367834d99b1c/go.mod h1:yZ8R6kv4pR0yertVoxgBmnN4bvHT8TLubE7aahpWDDk=
+github.com/safedep/dry v0.0.0-20230216112435-385c68e56634 h1:JRIzwT2Xo7TFH2O1gMJpHS5Fn6jDJdF+/+2JdyhzI3A=
+github.com/safedep/dry v0.0.0-20230216112435-385c68e56634/go.mod h1:yZ8R6kv4pR0yertVoxgBmnN4bvHT8TLubE7aahpWDDk=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
--- a/pkg/reporter/summary.go
+++ b/pkg/reporter/summary.go
@ -26,12 +26,17 @@ const (
 	summaryWeightUnpopular    = 2
 	summaryWeightMajorDrift   = 2

+	tagVuln      = "vulnerabiity"
+	tagUnpopular = "low popularity"
+	tagDrift     = "drift"
+
 	summaryReportMaxUpgradeAdvice = 5
 )

 type summaryReporterRemediationData struct {
 	pkg   *models.Package
 	score int
+	tags  []string
 }

 type summaryReporter struct {
@ -100,7 +105,7 @@ func (r *summaryReporter) processForVersionDrift(pkg *models.Package) {
 	driftType, _ := semver.Diff(version, latestVersion)
 	if driftType.IsMajor() {
 		r.summary.metrics.drifts += 1
-		r.addPkgForRemediationAdvice(pkg, summaryWeightMajorDrift)
+		r.addPkgForRemediationAdvice(pkg, summaryWeightMajorDrift, tagDrift)
 	}
 }

@ -121,7 +126,7 @@ func (r *summaryReporter) processForPopularity(pkg *models.Package) {

 		if (strings.EqualFold(projectType, "github")) && (starsCount < 10) {
 			r.summary.metrics.unpopular += 1
-			r.addPkgForRemediationAdvice(pkg, summaryWeightUnpopular)
+			r.addPkgForRemediationAdvice(pkg, summaryWeightUnpopular, tagUnpopular)
 		}
 	}
 }
@ -141,33 +146,39 @@ func (r *summaryReporter) processForVulns(pkg *models.Package) {
 			switch risk {
 			case insightapi.PackageVulnerabilitySeveritiesRiskCRITICAL:
 				r.summary.vulns.critical += 1
-				r.addPkgForRemediationAdvice(pkg, summaryWeightCriticalVuln)
+				r.addPkgForRemediationAdvice(pkg, summaryWeightCriticalVuln, tagVuln)
 				break
 			case insightapi.PackageVulnerabilitySeveritiesRiskHIGH:
 				r.summary.vulns.high += 1
-				r.addPkgForRemediationAdvice(pkg, summaryWeightHighVuln)
+				r.addPkgForRemediationAdvice(pkg, summaryWeightHighVuln, tagVuln)
 				break
 			case insightapi.PackageVulnerabilitySeveritiesRiskMEDIUM:
 				r.summary.vulns.medium += 1
-				r.addPkgForRemediationAdvice(pkg, summaryWeightMediumVuln)
+				r.addPkgForRemediationAdvice(pkg, summaryWeightMediumVuln, tagVuln)
 				break
 			case insightapi.PackageVulnerabilitySeveritiesRiskLOW:
 				r.summary.vulns.low += 1
-				r.addPkgForRemediationAdvice(pkg, summaryWeightLowVuln)
+				r.addPkgForRemediationAdvice(pkg, summaryWeightLowVuln, tagVuln)
 				break
 			}
 		}
 	}
 }

-func (r *summaryReporter) addPkgForRemediationAdvice(pkg *models.Package, weight int) {
+func (r *summaryReporter) addPkgForRemediationAdvice(pkg *models.Package,
+	weight int, tag string) {
 	if _, ok := r.remediationScores[pkg.Id()]; !ok {
 		r.remediationScores[pkg.Id()] = &summaryReporterRemediationData{
-			pkg: pkg,
+			pkg:  pkg,
+			tags: []string{},
 		}
 	}

 	r.remediationScores[pkg.Id()].score += weight
+
+	if utils.FindInSlice(r.remediationScores[pkg.Id()].tags, tag) == -1 {
+		r.remediationScores[pkg.Id()].tags = append(r.remediationScores[pkg.Id()].tags, tag)
+	}
 }

 func (r *summaryReporter) Finish() error {
@ -185,9 +196,6 @@ func (r *summaryReporter) Finish() error {
 	r.renderRemediationAdvice()
 	fmt.Println()

-	fmt.Println("Install as a security gate in CI for incremental scan and blocking risky dependencies")
-	fmt.Println("Run `vet ci` to generate CI scripts")
-	fmt.Println()
 	fmt.Println("Run with `vet --filter=\"...\"` for custom filters to identify risky libraries")
 	fmt.Println()
 	fmt.Println("For more details", text.Bold.Sprint("https://github.com/safedep/vet"))
@ -236,6 +244,17 @@ func (r *summaryReporter) renderRemediationAdvice() {
 			utils.SafelyGetValue(insight.PackageCurrentVersion),
 			sp.score,
 		})
+
+		tagText := ""
+		for _, t := range sp.tags {
+			tagText += text.BgMagenta.Sprint(" "+t+" ") + " "
+		}
+
+		tbl.AppendRow(table.Row{
+			tagText, "", "",
+		})
+
+		tbl.AppendSeparator()
 	}

 	tbl.Render()