From 7fa3e5bab8cf6f709d96a4074530784c784c1c85 Mon Sep 17 00:00:00 2001
From: Malte Kraus <mkraus@qwiet.ai>
Date: Wed, 16 Apr 2025 16:12:13 +0200
Subject: [PATCH] include security issues in exports and such

---
 shiftleft-utils/common.py        | 4 ++--
 shiftleft-utils/convert2sarif.py | 2 +-
 shiftleft-utils/export.py        | 2 +-
 shiftleft-utils/stats.py         | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/shiftleft-utils/common.py b/shiftleft-utils/common.py
index 806a7b2..72a580a 100644
--- a/shiftleft-utils/common.py
+++ b/shiftleft-utils/common.py
@@ -52,13 +52,13 @@
 def get_findings_counts_url(org_id, app_name, version, branch=None):
     version_suffix = f"&version={version}" if version else ""
     branch_suffix = f"&tags=branch={branch}" if branch else ""
-    return f"https://{config.SHIFTLEFT_API_HOST}/api/v4/orgs/{org_id}/apps/{app_name}/findings?per_page=249&type=oss_vuln&type=package&type=container&type=secret&type=vuln&type=extscan&include_dataflows=false&only_counts=true{version_suffix}{branch_suffix}"
+    return f"https://{config.SHIFTLEFT_API_HOST}/api/v4/orgs/{org_id}/apps/{app_name}/findings?per_page=249&type=oss_vuln&type=package&type=container&type=secret&type=vuln&type=extscan&type=security_issue&include_dataflows=false&only_counts=true{version_suffix}{branch_suffix}"
 
 
 def get_findings_url(org_id, app_name, version, branch=None):
     version_suffix = f"&version={version}" if version else ""
     branch_suffix = f"&tags=branch={branch}" if branch else ""
-    return f"https://{config.SHIFTLEFT_API_HOST}/api/v4/orgs/{org_id}/apps/{app_name}/findings?per_page=249&type=oss_vuln&type=package&type=container&type=secret&type=vuln&type=extscan&include_dataflows=true{version_suffix}{branch_suffix}"
+    return f"https://{config.SHIFTLEFT_API_HOST}/api/v4/orgs/{org_id}/apps/{app_name}/findings?per_page=249&type=oss_vuln&type=package&type=container&type=secret&type=vuln&type=extscan&type=security_issue&include_dataflows=true{version_suffix}{branch_suffix}"
 
 
 def get_all_apps(org_id):
diff --git a/shiftleft-utils/convert2sarif.py b/shiftleft-utils/convert2sarif.py
index 6d1b90d..8ca222d 100644
--- a/shiftleft-utils/convert2sarif.py
+++ b/shiftleft-utils/convert2sarif.py
@@ -276,7 +276,7 @@ def extract_from_file(
                     location = {}
                     codeflows = []
                     vuln_type = vuln.get("type")
-                    if vuln_type not in ("extscan", "vuln", "secret", "oss_vuln"):
+                    if vuln_type not in ("extscan", "vuln", "secret", "oss_vuln", "security_issue"):
                         continue
                     details = vuln.get("details", {})
                     file_locations = details.get("file_locations", [])
diff --git a/shiftleft-utils/export.py b/shiftleft-utils/export.py
index cd63370..4cc2c69 100644
--- a/shiftleft-utils/export.py
+++ b/shiftleft-utils/export.py
@@ -140,7 +140,7 @@ def export_csv(app_list, findings, report_file):
                             reachability,
                         ]
                     )
-                elif afinding.get("type") in ("vuln"):
+                elif afinding.get("type") in ("vuln", "security_issue"):
                     for loc in files_loc_list:
                         reportwriter.writerow(
                             [
diff --git a/shiftleft-utils/stats.py b/shiftleft-utils/stats.py
index 3b584ae..d8c87b5 100644
--- a/shiftleft-utils/stats.py
+++ b/shiftleft-utils/stats.py
@@ -95,7 +95,7 @@ def process_app(
             vuln_counts = [
                 c
                 for c in counts
-                if c["finding_type"] in ["vuln", "secret", "oss_vuln", "container"]
+                if c["finding_type"] in ["vuln", "secret", "oss_vuln", "container", "security_issue"]
                 and c["key"]
                 in [
                     "severity",