diff --git a/rego-templates/iac-html.rego b/rego-templates/iac-html.rego
index a3d864cc..3a4afe74 100644
--- a/rego-templates/iac-html.rego
+++ b/rego-templates/iac-html.rego
@@ -11,6 +11,7 @@ import data.postee.number_of_vulns
tpl:=`
Triggered by: %s
Repository Name: %s
+URL: %s
Vulnerability summary:
@@ -19,8 +20,6 @@ tpl:=`
%s
Pipeline Misconfiguration summary:
%s
-
-%s
Response policy name: %s
Response policy application scopes: %s
`
@@ -45,9 +44,6 @@ row_tpl:=`
colored_text_tpl:="%s"
-vln_list_table_tpl := ` List of Critical/High CVEs:
-%s`
-
############################################## Html rendering #############################################
render_table_headers(headers) = row {
count(headers) > 0
@@ -101,30 +97,7 @@ severities_stats(vuln_type) = stats{
]
}
-vlnrb_headers := ["ID", "Severity", "New Finding"]
-
-vln_list = vlnrb {
- some i
- vlnrb := [r |
- result := input.results[i]
- is_critical_or_high_vuln(result.severity) # add only critical and high vulns
- avd_id := result.avd_id
- startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
- severity := severity_as_string(result.severity)
- is_new := is_new_vuln(with_default(result, "is_new", false))
-
- r := [avd_id, severity, is_new]
- ]
-}
-
-render_vuln_list_table = s {
- count(vln_list) > 0
- s := sprintf(vln_list_table_tpl, [render_table(vlnrb_headers, vln_list, "33%")])
-}
-render_vuln_list_table = "" {
- count(vln_list) == 0
-}
############################################## result values #############################################
title = sprintf("%s repository scan report", [input.repository_name])
@@ -133,10 +106,10 @@ result = msg {
msg := sprintf(tpl, [
triggered_by_as_string(with_default(input, "triggered_by", "")),
input.repository_name,
+ input.url, input.url,
render_table([], severities_stats("vulnerability"), "50%"),
render_table([], severities_stats("misconfiguration"), "50%"),
render_table([], severities_stats("pipeline_misconfiguration"), "50%"),
- render_vuln_list_table,
with_default(input, "response_policy_name", "none"),
with_default(input, "application_scope", "none")
])
diff --git a/rego-templates/iac-jira.rego b/rego-templates/iac-jira.rego
index 956dc844..46199694 100644
--- a/rego-templates/iac-jira.rego
+++ b/rego-templates/iac-jira.rego
@@ -12,9 +12,7 @@ import future.keywords.if
tpl:=`
*Triggered by:* %s
*Repository name:* %s
-
-%v
-
+*URL:* %s
%v
%v
@@ -34,37 +32,7 @@ severities_stats_table(vuln_type) = sprintf("\n*%s summary:*\n||*Severity*
number_of_vulns(lower(replace(vuln_type, " ", "_")), 1),
number_of_vulns(lower(replace(vuln_type, " ", "_")), 0)])
-vln_list = vlnrb {
- some i
- vlnrb := [r |
- result := input.results[i]
- is_critical_or_high_vuln(result.severity) # add only critical and high vulns
- avd_id := result.avd_id
- startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
- severity := severity_as_string(result.severity)
- is_new := is_new_vuln(with_default(result, "is_new", false))
-
- r := sprintf("|%s|%s|%s|\n",[avd_id, severity, is_new])
- ]
-}
-
-concat_list(prefix,list) = output{
- out := array.concat(prefix, list)
- x := concat("", out)
- output := x
-}
-vln_list_table = table {
- list := vln_list
- count(list) > 0
- prefix := ["\n*List of Critical/High CVEs:*\n||*ID* ||*Severity* ||*New Finding* ||\n"]
- table := concat_list(prefix,list)
-}
-
-vln_list_table = "" { # no vulnerabilities of this severity
- list := vln_list
- count(list) == 0
-}
####################################### results #######################################
title = sprintf("%s repository scan report", [input.repository_name])
@@ -72,10 +40,10 @@ result = msg {
msg := sprintf(tpl, [
triggered_by_as_string(with_default(input, "triggered_by", "")),
input.repository_name,
+ input.url,
severities_stats_table("Vulnerability"),
severities_stats_table("Misconfiguration"),
severities_stats_table("Pipeline Misconfiguration"),
- vln_list_table,
with_default(input, "response_policy_name", "none"),
with_default(input, "application_scope", "none")
])
diff --git a/rego-templates/iac-servicenow.rego b/rego-templates/iac-servicenow.rego
index 2ed25168..cc71c660 100644
--- a/rego-templates/iac-servicenow.rego
+++ b/rego-templates/iac-servicenow.rego
@@ -15,6 +15,7 @@ import future.keywords.if
html_tpl:=`
Triggered by: %s
Repository Name: %s
+URL: %s
Vulnerability summary:
@@ -23,8 +24,6 @@ html_tpl:=`
%s
Pipeline Misconfiguration summary:
%s
-
-%s
Response policy name: %s
Response policy application scopes: %s
`
@@ -52,9 +51,6 @@ row_tpl:=`
colored_text_tpl:="%s"
-vln_list_table_tpl := ` List of Critical/High CVEs:
-%s`
-
############################################## Html rendering #############################################
render_table_headers(headers) = row {
count(headers) > 0
@@ -108,30 +104,6 @@ severities_stats(vuln_type) = stats{
]
}
-vlnrb_headers := ["ID", "Severity", "New Finding"]
-
-vln_list = vlnrb {
- some i
- vlnrb := [r |
- result := input.results[i]
- is_critical_or_high_vuln(result.severity) # add only critical and high vulns
- avd_id := result.avd_id
- startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
- severity := severity_as_string(result.severity)
- is_new := is_new_vuln(with_default(result, "is_new", false))
-
- r := [avd_id, severity, is_new]
- ]
-}
-
-render_vuln_list_table = s {
- count(vln_list) > 0
- s := sprintf(vln_list_table_tpl, [render_table(vlnrb_headers, vln_list, "33%")])
-}
-
-render_vuln_list_table = "" {
- count(vln_list) == 0
-}
############################################## result values #############################################
title = sprintf(`Aqua security | Repository | %s | Scan report`, [input.repository_name])
@@ -157,10 +129,10 @@ result = msg {
msg := sprintf(html_tpl, [
triggered_by_as_string(with_default(input, "triggered_by", "")),
input.repository_name,
+ input.url, input.url,
render_table([], severities_stats("vulnerability"), "50%"),
render_table([], severities_stats("misconfiguration"), "50%"),
- render_table([], severities_stats("pipeline_misconfiguration"), "50%"),
- render_vuln_list_table,
+ render_table([], severities_stats("pipeline_misconfiguration"), "50%"),,
with_default(input, "response_policy_name", "none"),
with_default(input, "application_scope", "none")
])
diff --git a/rego-templates/iac-slack.rego b/rego-templates/iac-slack.rego
index d4478bd5..2465f47e 100644
--- a/rego-templates/iac-slack.rego
+++ b/rego-templates/iac-slack.rego
@@ -21,65 +21,6 @@ severity_stats(vuln_type) := flat_array([gr |
]
])
-# render_sections split collection of cells provided to chunks of 5 rows each and wraps every chunk with section element
-render_sections(rows, caption) = a {
- count(rows) > 2 # only if some vulnerabilities are found
- s1 := [{
- "type": "section",
- "text": {
- "type": "mrkdwn",
- "text": caption
- }
- }]
- b:=[ s |
- # code below converts 2 dimension array like [[row1, row2, ... row5], ....]
- group_size := 10 #it's 5 but every row is represented by 2 items
- num_chunks := ceil(count(rows) / group_size) - 1
- indices := { b | b := numbers.range(0, num_chunks)[_] * group_size }
- fields := [array.slice(rows, i, i + group_size) | i := indices[_]][_]
-
- # builds markdown section based on slice
-
- s := [
- {
- "type": "section",
- "fields": fields
- }
- ]
- ]
- a := array.concat(s1, flat_array(b))
-}
-render_sections(rows, caption) = [] { #do not render section if provided collection is empty
- count(rows) < 3
-}
-
-vln_list = l {
- vlnrb := [r |
- result := input.results[i]
- is_critical_or_high_vuln(result.severity) # add only critical and high vulns
- avd_id := result.avd_id
- startswith(avd_id , "CVE") # add only `CVE-xxx` vulns
- severity := severity_as_string(result.severity)
- is_new := is_new_vuln(with_default(result, "is_new", false))
-
- r := [
- {"type": "mrkdwn", "text": avd_id},
- {"type": "mrkdwn", "text": sprintf("%s/%s", [severity, is_new])},
- ]
- ]
-
- caption := "*List of Critical/High CVEs:*"
-
- headers := [
- {"type": "mrkdwn", "text": "*ID*"},
- {"type": "mrkdwn", "text": "*Severity / New Finding*"}
- ]
- rows := array.concat(headers, flat_array(vlnrb))
-
- # split rows and wrap slices with markdown section
- l := render_sections(rows, caption)
-}
-
####################################### results #######################################
title = sprintf("%s repository scan report", [input.repository_name]) # title is string
@@ -87,6 +28,7 @@ title = sprintf("%s repository scan report", [input.repository_name]) # title is
result = res {
header1 := [{"type":"section","text":{"type":"mrkdwn","text":sprintf("Triggered by: %s", [triggered_by_as_string(with_default(input, "triggered_by", "")),])}},
{"type":"section","text":{"type":"mrkdwn","text":sprintf("Repository name: %s", [input.repository_name])}},
+ {"type":"section","text":{"type":"mrkdwn","text":sprintf("*URL:* %s", [with_default(input, "url", "")])}}
{"type": "section","text": {"type": "mrkdwn","text": "*Vulnerabilities summary:*"}},
{"type": "section","fields": severity_stats("vulnerability")},
{"type": "section","text": {"type": "mrkdwn","text": "*Misconfiguration summary:*"}},
@@ -102,7 +44,6 @@ result = res {
res := flat_array([
header1,
- vln_list,
header2
])
}