feat(general): add policy name and guidelines to CSV output (#6082)

* add policy name and guidelines to CSV output * fix fields for types * change CSV header to match platform * fix tests for CSV header
bridgecrewio · Mar 11, 2024 · 458d526 · 458d526
1 parent c5a2625
commit 458d526
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/checkov/common/output/csv.py b/checkov/common/output/csv.py
@@ -39,7 +39,7 @@
 FILE_NAME_CONTAINER_IMAGES = f"{date_now}_container_images.csv"
 
 FILE_NAME_IAC = f"{date_now}_iac.csv"
-HEADER_IAC = ["Resource", "Path", "Git Org", "Git Repository", "Misconfigurations", "Severity"]
+HEADER_IAC = ["Resource", "Path", "Git Org", "Git Repository", "Misconfigurations", "Severity", "Policy title", "Guideline"]
 
 CTA_NO_API_KEY = "SCA, image and runtime findings are only available with a Prisma Cloud subscription."
 
@@ -115,11 +115,15 @@ def add_iac_resources(self, resource: Record | ExtraResource, git_org: str, git_
 
         misconfig = None
         severity = None
+        check_name = None
+        guideline = None
         if isinstance(resource, Record) and resource.check_result["result"] == CheckResult.FAILED:
             # only failed resources should be added with their misconfiguration
             misconfig = resource.check_id
             if resource.severity is not None:
                 severity = resource.severity.name
+            check_name = resource.check_name
+            guideline = resource.guideline
         elif resource_id in self.iac_resource_cache:
             # IaC resources shouldn't be added multiple times, if they don't have any misconfiguration
             return
@@ -131,6 +135,8 @@ def add_iac_resources(self, resource: Record | ExtraResource, git_org: str, git_
             "Git Repository": git_repository,
             "Misconfigurations": misconfig,
             "Severity": severity,
+            "Policy title": check_name,
+            "Guideline": guideline
         }
 
         if isinstance(resource, Record) and resource.details:

diff --git a/tests/common/output/test_bom_report.py b/tests/common/output/test_bom_report.py
@@ -41,7 +41,7 @@ def test_iac_csv_output(self, tmp_path: Path):
         with open(iac_file_path) as file:
             content = file.readlines()
             header = content[:1][0]
-            assert 'Resource,Path,Git Org,Git Repository,Misconfigurations,Severity\n' == header
+            assert 'Resource,Path,Git Org,Git Repository,Misconfigurations,Severity,Policy title,Guideline\n' == header
             rows = content[1:]
             assert 'aws_s3_bucket' in rows[0]
 

diff --git a/tests/common/runner_registry/test_runner_registry.py b/tests/common/runner_registry/test_runner_registry.py
@@ -167,7 +167,7 @@ def test_compact_csv_output(self):
         with open(iac_file_path) as file:
             content = file.readlines()
             header = content[:1][0]
-            self.assertEqual('Resource,Path,Git Org,Git Repository,Misconfigurations,Severity\n', header)
+            self.assertEqual('Resource,Path,Git Org,Git Repository,Misconfigurations,Severity,Policy title,Guideline\n', header)
             rows = content[1:]
             self.assertIn('aws_s3_bucket', rows[0])
         oss_file_path = re.search("Persisting SBOM to (.*oss_packages.csv)", output).group(1)