From 458d526de3c1cd991bbba26756eb2288f2103691 Mon Sep 17 00:00:00 2001 From: Mike Urbanski Date: Mon, 11 Mar 2024 14:34:12 -0500 Subject: [PATCH] feat(general): add policy name and guidelines to CSV output (#6082) * add policy name and guidelines to CSV output * fix fields for types * change CSV header to match platform * fix tests for CSV header --- checkov/common/output/csv.py | 8 +++++++- tests/common/output/test_bom_report.py | 2 +- tests/common/runner_registry/test_runner_registry.py | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/checkov/common/output/csv.py b/checkov/common/output/csv.py index 2f85730d8b5..5ab899a0b2d 100644 --- a/checkov/common/output/csv.py +++ b/checkov/common/output/csv.py @@ -39,7 +39,7 @@ FILE_NAME_CONTAINER_IMAGES = f"{date_now}_container_images.csv" FILE_NAME_IAC = f"{date_now}_iac.csv" -HEADER_IAC = ["Resource", "Path", "Git Org", "Git Repository", "Misconfigurations", "Severity"] +HEADER_IAC = ["Resource", "Path", "Git Org", "Git Repository", "Misconfigurations", "Severity", "Policy title", "Guideline"] CTA_NO_API_KEY = "SCA, image and runtime findings are only available with a Prisma Cloud subscription." @@ -115,11 +115,15 @@ def add_iac_resources(self, resource: Record | ExtraResource, git_org: str, git_ misconfig = None severity = None + check_name = None + guideline = None if isinstance(resource, Record) and resource.check_result["result"] == CheckResult.FAILED: # only failed resources should be added with their misconfiguration misconfig = resource.check_id if resource.severity is not None: severity = resource.severity.name + check_name = resource.check_name + guideline = resource.guideline elif resource_id in self.iac_resource_cache: # IaC resources shouldn't be added multiple times, if they don't have any misconfiguration return @@ -131,6 +135,8 @@ def add_iac_resources(self, resource: Record | ExtraResource, git_org: str, git_ "Git Repository": git_repository, "Misconfigurations": misconfig, "Severity": severity, + "Policy title": check_name, + "Guideline": guideline } if isinstance(resource, Record) and resource.details: diff --git a/tests/common/output/test_bom_report.py b/tests/common/output/test_bom_report.py index 19ddb44d5c6..42f4c1b7797 100644 --- a/tests/common/output/test_bom_report.py +++ b/tests/common/output/test_bom_report.py @@ -41,7 +41,7 @@ def test_iac_csv_output(self, tmp_path: Path): with open(iac_file_path) as file: content = file.readlines() header = content[:1][0] - assert 'Resource,Path,Git Org,Git Repository,Misconfigurations,Severity\n' == header + assert 'Resource,Path,Git Org,Git Repository,Misconfigurations,Severity,Policy title,Guideline\n' == header rows = content[1:] assert 'aws_s3_bucket' in rows[0] diff --git a/tests/common/runner_registry/test_runner_registry.py b/tests/common/runner_registry/test_runner_registry.py index 3830e36517e..b1789a10c15 100644 --- a/tests/common/runner_registry/test_runner_registry.py +++ b/tests/common/runner_registry/test_runner_registry.py @@ -167,7 +167,7 @@ def test_compact_csv_output(self): with open(iac_file_path) as file: content = file.readlines() header = content[:1][0] - self.assertEqual('Resource,Path,Git Org,Git Repository,Misconfigurations,Severity\n', header) + self.assertEqual('Resource,Path,Git Org,Git Repository,Misconfigurations,Severity,Policy title,Guideline\n', header) rows = content[1:] self.assertIn('aws_s3_bucket', rows[0]) oss_file_path = re.search("Persisting SBOM to (.*oss_packages.csv)", output).group(1)