Sign upLogin

secureCodeBox/secureCodeBox

View on GitHub
Star
scanners/trivy/parser/parser.js

Summary

Maintainability
C
7 hrs
Test Coverage
B
87%

Function convertTrivyK8sFindingToSCBFinding has 43 lines of code (exceeds 25 allowed). Consider refactoring.
Open

function convertTrivyK8sFindingToSCBFinding(trivyK8sFinding, clusterName, namespace, kind, k8sName, target, clazz, type, categoryName) {
  let references = trivyK8sFinding.PrimaryURL ? [{type: "URL", value: trivyK8sFinding.PrimaryURL}] : [];

  const url_references = getUrlReferences(trivyK8sFinding.References).filter(ref => ref.value !== trivyK8sFinding.PrimaryURL);
  references = references.concat(url_references);
Severity: Minor
Found in scanners/trivy/parser/parser.js - About 1 hr to fix

    Function parseImageScanResults has 39 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

    function parseImageScanResults(imageScanResults) {
  // check if imageScanResults.Results is an array and non empty
  if (!Array.isArray(imageScanResults.Results) || imageScanResults.Results.length === 0) {
    return [];
  }
    Severity: Minor
    Found in scanners/trivy/parser/parser.js - About 1 hr to fix

      Function convertTrivyK8sFindingToSCBFinding has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
      Open

      function convertTrivyK8sFindingToSCBFinding(trivyK8sFinding, clusterName, namespace, kind, k8sName, target, clazz, type, categoryName) {
  let references = trivyK8sFinding.PrimaryURL ? [{type: "URL", value: trivyK8sFinding.PrimaryURL}] : [];

  const url_references = getUrlReferences(trivyK8sFinding.References).filter(ref => ref.value !== trivyK8sFinding.PrimaryURL);
  references = references.concat(url_references);
      Severity: Minor
      Found in scanners/trivy/parser/parser.js - About 1 hr to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Function convertTrivyK8sFindingToSCBFinding has 9 arguments (exceeds 4 allowed). Consider refactoring.
      Open

      function convertTrivyK8sFindingToSCBFinding(trivyK8sFinding, clusterName, namespace, kind, k8sName, target, clazz, type, categoryName) {
      Severity: Major
      Found in scanners/trivy/parser/parser.js - About 1 hr to fix

        Function parseK8sScanResultResource has 27 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

        function parseK8sScanResultResource(clusterName, resourceItem, reject) {
  let findings = [];

  const {Namespace: namespace, Kind: kind, Name: name, Results} = resourceItem;
  const results = Results || [];
        Severity: Minor
        Found in scanners/trivy/parser/parser.js - About 1 hr to fix

          Function parse has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
          Open

          async function parse(fileContent) {
  // The first scan always contains the image id a similar format to: "bkimminich/juice-shop:v10.2.0 (alpine 3.11.5)"

  let scanResults = fileContent;
  if (typeof fileContent === "string") {
          Severity: Minor
          Found in scanners/trivy/parser/parser.js - About 35 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Function getCategory has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
          Open

          function getCategory(target) {
    let category = "Image Vulnerability";
    if (target.endsWith("package-lock.json") || target == "Node.js") {
      category = "NPM Package Vulnerability";
    } else if (target.endsWith("Gemfile.lock")) {
          Severity: Minor
          Found in scanners/trivy/parser/parser.js - About 25 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          There are no issues that match your filters.

          Category
          Status