Merge branch 'master' into master

Author: dominiklendle

cmd/whitesourceExecuteScan.go

@@ -767,6 +767,7 @@ func collectVulnsAndLibsForProject(
 	if err != nil {
 		errorsOccurred = append(errorsOccurred, fmt.Sprint(err))
 	}
+	log.Entry().Infof("Current influx data : minor_vulnerabilities = %v / major_vulnerabilities = %v / vulnerabilities = %v", influx.whitesource_data.fields.minor_vulnerabilities, influx.whitesource_data.fields.major_vulnerabilities, influx.whitesource_data.fields.vulnerabilities)
 
 	// collect all libraries detected in all related projects and errors
 	libraries, err := sys.GetProjectHierarchy(project.Token, true)
@@ -897,9 +898,11 @@ func checkProjectSecurityViolations(config *ScanOptions, cvssSeverityLimit float
 	}
 
 	severeVulnerabilities, nonSevereVulnerabilities := ws.CountSecurityVulnerabilities(&alerts, cvssSeverityLimit)
-	influx.whitesource_data.fields.minor_vulnerabilities = nonSevereVulnerabilities
-	influx.whitesource_data.fields.major_vulnerabilities = severeVulnerabilities
-	influx.whitesource_data.fields.vulnerabilities = nonSevereVulnerabilities + severeVulnerabilities
+	influx.whitesource_data.fields.minor_vulnerabilities += nonSevereVulnerabilities
+	influx.whitesource_data.fields.major_vulnerabilities += severeVulnerabilities
+	influx.whitesource_data.fields.vulnerabilities += (nonSevereVulnerabilities + severeVulnerabilities)
+	log.Entry().Infof("Current influx data : minor_vulnerabilities = %v / major_vulnerabilities = %v / vulnerabilities = %v", influx.whitesource_data.fields.minor_vulnerabilities, influx.whitesource_data.fields.major_vulnerabilities, influx.whitesource_data.fields.vulnerabilities)
+
 	if nonSevereVulnerabilities > 0 {
 		log.Entry().Warnf("WARNING: %v Open Source Software Security vulnerabilities with "+
 			"CVSS score below threshold %.1f detected in project %s.", nonSevereVulnerabilities,
@@ -910,11 +913,11 @@ func checkProjectSecurityViolations(config *ScanOptions, cvssSeverityLimit float
 	}
 	// https://github.com/SAP/jenkins-library/blob/master/vars/whitesourceExecuteScan.groovy#L558
 	if severeVulnerabilities > 0 {
+		log.Entry().Infof("%v Open Source Software Security vulnerabilities with CVSS score greater or equal to %.1f detected in project %s", severeVulnerabilities, cvssSeverityLimit, project.Name)
 		if config.FailOnSevereVulnerabilities {
 			log.SetErrorCategory(log.ErrorCompliance)
 			return severeVulnerabilities, alerts, assessedAlerts, fmt.Errorf("%v Open Source Software Security vulnerabilities with CVSS score greater or equal to %.1f detected in project %s", severeVulnerabilities, cvssSeverityLimit, project.Name)
 		}
-		log.Entry().Infof("%v Open Source Software Security vulnerabilities with CVSS score greater or equal to %.1f detected in project %s", severeVulnerabilities, cvssSeverityLimit, project.Name)
 		log.Entry().Info("Step will only create data but not fail due to setting failOnSevereVulnerabilities: false")
 		return severeVulnerabilities, alerts, assessedAlerts, nil
 	}

cmd/whitesourceExecuteScan_test.go

@@ -729,6 +729,9 @@ func TestCheckProjectSecurityViolations(t *testing.T) {
 		assert.Equal(t, 0, severeVulnerabilities)
 		assert.Equal(t, 0, len(alerts))
 		assert.Equal(t, 0, len(assessedAlerts))
+		assert.Equal(t, 0, influx.whitesource_data.fields.minor_vulnerabilities)
+		assert.Equal(t, 0, influx.whitesource_data.fields.major_vulnerabilities)
+		assert.Equal(t, 0, influx.whitesource_data.fields.vulnerabilities)
 	})
 
 	t.Run("error - some vulnerabilities", func(t *testing.T) {
@@ -744,6 +747,9 @@ func TestCheckProjectSecurityViolations(t *testing.T) {
 		assert.Equal(t, 1, severeVulnerabilities)
 		assert.Equal(t, 2, len(alerts))
 		assert.Equal(t, 0, len(assessedAlerts))
+		assert.Equal(t, 1, influx.whitesource_data.fields.minor_vulnerabilities)
+		assert.Equal(t, 1, influx.whitesource_data.fields.major_vulnerabilities)
+		assert.Equal(t, 2, influx.whitesource_data.fields.vulnerabilities)
 	})
 
 	t.Run("success - assessed vulnerabilities", func(t *testing.T) {
@@ -759,6 +765,9 @@ func TestCheckProjectSecurityViolations(t *testing.T) {
 		assert.Equal(t, 0, severeVulnerabilities)
 		assert.Equal(t, 0, len(alerts))
 		assert.Equal(t, 2, len(assessedAlerts))
+		assert.Equal(t, 0, influx.whitesource_data.fields.minor_vulnerabilities)
+		assert.Equal(t, 0, influx.whitesource_data.fields.major_vulnerabilities)
+		assert.Equal(t, 0, influx.whitesource_data.fields.vulnerabilities)
 	})
 
 	t.Run("error - WhiteSource failure", func(t *testing.T) {