chore(saas-24128): update SSCS templates (#652)

rego-templates/iac-html.rego

@@ -11,6 +11,7 @@ import data.postee.number_of_vulns
 tpl:=`
 <p><b>Triggered by:</b> %s</p>
 <p><b>Repository Name:</b> %s</p>
+<p><b>URL: </b><a href= %s>%s</a></p>
 <p> </p>
 <!-- Stats -->
 <h3> Vulnerability summary: </h3>
@@ -19,8 +20,6 @@ tpl:=`
 %s
 <h3> Pipeline Misconfiguration summary: </h3>
 %s
-<!-- CVE list -->
-%s
 <p><b>Response policy name:</b> %s</p>
 <p><b>Response policy application scopes:</b> %s</p>
 `
@@ -45,9 +44,6 @@ row_tpl:=`
 
 colored_text_tpl:="<span style='color:%s'>%s</span>"
 
-vln_list_table_tpl := `<h3> List of Critical/High CVEs: </h3>
-%s`
-
 ############################################## Html rendering #############################################
 render_table_headers(headers) = row {
     count(headers) > 0
@@ -101,30 +97,7 @@ severities_stats(vuln_type) = stats{
       ]
 }
 
-vlnrb_headers := ["ID", "Severity", "New Finding"]
-
-vln_list = vlnrb {
-	some i
-	vlnrb := [r |
-    				result := input.results[i]
-    				is_critical_or_high_vuln(result.severity) # add only critical and high vulns
-    				avd_id := result.avd_id
-    				startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
-                    severity := severity_as_string(result.severity)
-                    is_new := is_new_vuln(with_default(result, "is_new", false))
-
-                    r := [avd_id, severity, is_new]
-              ]
-}
-
-render_vuln_list_table = s {
-    count(vln_list) > 0
-    s := sprintf(vln_list_table_tpl, [render_table(vlnrb_headers, vln_list, "33%")])
-}
 
-render_vuln_list_table = "" {
-    count(vln_list) == 0
-}
 ############################################## result values #############################################
 title = sprintf("%s repository scan report", [input.repository_name])
 
@@ -133,10 +106,10 @@ result = msg {
     msg := sprintf(tpl, [
     triggered_by_as_string(with_default(input, "triggered_by", "")),
     input.repository_name,
+    input.url, input.url,
     render_table([], severities_stats("vulnerability"), "50%"),
     render_table([], severities_stats("misconfiguration"), "50%"),
     render_table([], severities_stats("pipeline_misconfiguration"), "50%"),
-    render_vuln_list_table,
     with_default(input, "response_policy_name", "none"),
     with_default(input, "application_scope", "none")
     ])

rego-templates/iac-jira.rego

@@ -12,9 +12,7 @@ import future.keywords.if
 tpl:=`
 *Triggered by:* %s
 *Repository name:* %s
-
-%v
-
+*URL:* %s
 %v
 
 %v
@@ -34,48 +32,18 @@ severities_stats_table(vuln_type) = sprintf("\n*%s summary:*\n||*Severity*
                                     number_of_vulns(lower(replace(vuln_type, " ", "_")), 1),
                                     number_of_vulns(lower(replace(vuln_type, " ", "_")), 0)])
 
-vln_list = vlnrb {
-	some i
-	vlnrb := [r |
-    				result := input.results[i]
-    				is_critical_or_high_vuln(result.severity) # add only critical and high vulns
-    				avd_id := result.avd_id
-    				startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
-                    severity := severity_as_string(result.severity)
-                    is_new := is_new_vuln(with_default(result, "is_new", false))
-
-                    r := sprintf("|%s|%s|%s|\n",[avd_id, severity, is_new])
-              ]
-}
-
-concat_list(prefix,list) = output{
-    out := array.concat(prefix, list)
-    x := concat("", out)
-    output := x
-}
 
-vln_list_table = table {
-                list := vln_list
-                count(list) > 0
-                prefix := ["\n*List of Critical/High CVEs:*\n||*ID*                    ||*Severity*                   ||*New Finding*                   ||\n"]
-                table := concat_list(prefix,list)
-}
-
-vln_list_table = "" { # no vulnerabilities of this severity
-                list := vln_list
-                count(list) == 0
-}
 
 ####################################### results #######################################
 title = sprintf("%s repository scan report", [input.repository_name])
 result = msg {
     msg := sprintf(tpl, [
     triggered_by_as_string(with_default(input, "triggered_by", "")),
     input.repository_name,
+    input.url,
     severities_stats_table("Vulnerability"),
     severities_stats_table("Misconfiguration"),
     severities_stats_table("Pipeline Misconfiguration"),
-    vln_list_table,
     with_default(input, "response_policy_name", "none"),
     with_default(input, "application_scope", "none")
     ])

rego-templates/iac-servicenow.rego

@@ -15,6 +15,7 @@ import future.keywords.if
 html_tpl:=`
 <p><b>Triggered by:</b> %s</p>
 <p><b>Repository Name:</b> %s</p>
+<p><b>URL: </b><a href= %s>%s</a></p>
 <p> </p>
 <!-- Stats -->
 <h3> Vulnerability summary: </h3>
@@ -23,8 +24,6 @@ html_tpl:=`
 %s
 <h3> Pipeline Misconfiguration summary: </h3>
 %s
-<!-- CVE list -->
-%s
 <p><b>Response policy name:</b> %s</p>
 <p><b>Response policy application scopes:</b> %s</p>
 `
@@ -52,9 +51,6 @@ row_tpl:=`
 
 colored_text_tpl:="<span style='color:%s'>%s</span>"
 
-vln_list_table_tpl := `<h3> List of Critical/High CVEs: </h3>
-%s`
-
 ############################################## Html rendering #############################################
 render_table_headers(headers) = row {
     count(headers) > 0
@@ -108,30 +104,6 @@ severities_stats(vuln_type) = stats{
       ]
 }
 
-vlnrb_headers := ["ID", "Severity", "New Finding"]
-
-vln_list = vlnrb {
-	some i
-	vlnrb := [r |
-                    result := input.results[i]
-    				is_critical_or_high_vuln(result.severity) # add only critical and high vulns
-    				avd_id := result.avd_id
-    				startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
-                    severity := severity_as_string(result.severity)
-                    is_new := is_new_vuln(with_default(result, "is_new", false))
-
-                    r := [avd_id, severity, is_new]
-              ]
-}
-
-render_vuln_list_table = s {
-    count(vln_list) > 0
-    s := sprintf(vln_list_table_tpl, [render_table(vlnrb_headers, vln_list, "33%")])
-}
-
-render_vuln_list_table = "" {
-    count(vln_list) == 0
-}
 ############################################## result values #############################################
 title = sprintf(`Aqua security | Repository | %s | Scan report`, [input.repository_name])
 
@@ -157,10 +129,10 @@ result = msg {
     msg := sprintf(html_tpl, [
     triggered_by_as_string(with_default(input, "triggered_by", "")),
     input.repository_name,
+    input.url, input.url,
     render_table([], severities_stats("vulnerability"), "50%"),
     render_table([], severities_stats("misconfiguration"), "50%"),
-    render_table([], severities_stats("pipeline_misconfiguration"), "50%"),
-    render_vuln_list_table,
+    render_table([], severities_stats("pipeline_misconfiguration"), "50%"),,
     with_default(input, "response_policy_name", "none"),
     with_default(input, "application_scope", "none")
     ])

rego-templates/iac-slack.rego

@@ -21,72 +21,14 @@ severity_stats(vuln_type) := flat_array([gr |
 	]
 ])
 
-# render_sections split collection of cells provided to chunks of 5 rows each and wraps every chunk with section element
-render_sections(rows, caption) = a {
-    count(rows) > 2 # only if some vulnerabilities are found
-    s1 := [{
-              "type": "section",
-              "text": {
-                  "type": "mrkdwn",
-                  "text": caption
-              }
-          }]
-    b:=[ s |
-        # code below converts 2 dimension array like [[row1, row2, ... row5], ....]
-        group_size := 10 #it's 5 but every row is represented by 2 items
-        num_chunks := ceil(count(rows) / group_size) - 1
-        indices := { b | b := numbers.range(0, num_chunks)[_] * group_size }
-    	fields := [array.slice(rows, i, i + group_size) | i := indices[_]][_]
-
-        # builds markdown section based on slice
-
-        s := [
-            {
-                "type": "section",
-                "fields": fields
-            }
-        ]
-	]
-	a := array.concat(s1, flat_array(b))
-}
-render_sections(rows, caption) = [] { #do not render section if provided collection is empty
-    count(rows) < 3
-}
-
-vln_list = l {
-    vlnrb := [r |
-                        result := input.results[i]
-                        is_critical_or_high_vuln(result.severity) # add only critical and high vulns
-        				avd_id := result.avd_id
-        				startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
-                        severity := severity_as_string(result.severity)
-                        is_new := is_new_vuln(with_default(result, "is_new", false))
-
-                        r := [
-                        	{"type": "mrkdwn", "text": avd_id},
-                        	{"type": "mrkdwn", "text": sprintf("%s/%s", [severity, is_new])},
-                        ]
-                  ]
-
-    caption := "*List of Critical/High CVEs:*"
-
-    headers := [
-        {"type": "mrkdwn", "text": "*ID*"},
-        {"type": "mrkdwn", "text": "*Severity / New Finding*"}
-    ]
-    rows := array.concat(headers, flat_array(vlnrb))
-
-    # split rows and wrap slices with markdown section
-    l := render_sections(rows, caption)
-}
-
 ####################################### results #######################################
 
 title = sprintf("%s repository scan report", [input.repository_name]) # title is string
 
 result = res {
 	header1 := [{"type":"section","text":{"type":"mrkdwn","text":sprintf("Triggered by: %s", [triggered_by_as_string(with_default(input, "triggered_by", "")),])}},
 	            {"type":"section","text":{"type":"mrkdwn","text":sprintf("Repository name: %s", [input.repository_name])}},
+                {"type":"section","text":{"type":"mrkdwn","text":sprintf("*URL:* %s", [with_default(input, "url", "")])}}
 	            {"type": "section","text": {"type": "mrkdwn","text": "*Vulnerabilities summary:*"}},
                 {"type": "section","fields": severity_stats("vulnerability")},
                 {"type": "section","text": {"type": "mrkdwn","text": "*Misconfiguration summary:*"}},
@@ -102,7 +44,6 @@ result = res {
 
     res := flat_array([
         header1,
-    	vln_list,
     	header2
     ])
 }