@@ -74,23 +74,23 @@ def get_findings(self, scan_file, test):
7474
7575 def _parse_report (self , test , report ):
7676 findings = []
77-
77+
7878 # Extract metadata
7979 metadata = report .get ("metadata" , {})
8080 report_name = metadata .get ("name" , "" )
8181 namespace = metadata .get ("namespace" , "" )
82-
82+
8383 # Extract scope information
8484 scope = report .get ("scope" , {})
8585 scope_kind = scope .get ("kind" , "" )
8686 scope_name = scope .get ("name" , "" )
87-
87+
8888 # Create service identifier from scope and metadata
8989 service_name = f"{ namespace } { scope_kind } { scope_name } if namespace else f"{ scope_kind } { scope_name }
90-
90+
9191 # Extract results
9292 results = report .get ("results" , [])
93-
93+
9494 for result in results :
9595 if not isinstance (result , dict ):
9696 continue
@@ -110,23 +110,20 @@ def _create_finding_from_result(self, test, result, service_name, report_name):
110110 result_status = result .get ("result" , "" )
111111 severity = result .get ("severity" , "info" ).lower ()
112112 source = result .get ("source" , "" )
113-
113+
114114 # Extract properties
115115 properties = result .get ("properties" , {})
116116 pkg_name = properties .get ("pkgName" , "" )
117117 installed_version = properties .get ("installedVersion" , "" )
118118 fixed_version = properties .get ("fixedVersion" , "" )
119119 primary_url = properties .get ("primaryURL" , "" )
120-
120+
121121 # Convert severity to DefectDojo format
122122 severity_normalized = OPENREPORTS_SEVERITIES .get (severity , "Info" )
123-
123+
124124 # Create title
125- if policy .startswith ("CVE-" ):
126- title = f"{ policy } { pkg_name }
127- else :
128- title = f"{ policy } { message }
129-
125+ title = f"{ policy } { pkg_name } if policy .startswith ("CVE-" ) else f"{ policy } { message }
126+
130127 # Create description
131128 description = DESCRIPTION_TEMPLATE .format (
132129 message = message ,
@@ -139,25 +136,24 @@ def _create_finding_from_result(self, test, result, service_name, report_name):
139136 fixed_version = fixed_version ,
140137 primary_url = primary_url ,
141138 )
142-
139+
143140 # Determine if fix is available
144141 fix_available = bool (fixed_version and fixed_version .strip ())
145-
142+
146143 # Set mitigation based on fixed version
147144 mitigation = f"Upgrade to version: { fixed_version } if fixed_version else ""
148-
145+
149146 # Set references
150- references = primary_url if primary_url else ""
151-
147+ references = primary_url or ""
148+
152149 # Determine active status based on result
153- active = result_status not in [ "skip" , "pass" ]
154- verified = result_status in [ "fail" , "warn" ]
155-
150+ active = result_status not in { "skip" , "pass" }
151+ verified = result_status in { "fail" , "warn" }
152+
156153 # Create tags
157154 tags = [category , source ]
158155 if scope_kind := service_name .split ("/" )[1 ] if "/" in service_name else "" :
159156 tags .append (scope_kind )
160-
161157 finding = Finding (
162158 test = test ,
163159 title = title ,
@@ -175,13 +171,13 @@ def _create_finding_from_result(self, test, result, service_name, report_name):
175171 fix_available = fix_available ,
176172 tags = tags ,
177173 )
178-
174+
179175 # Add vulnerability ID if it's a CVE
180176 if policy .startswith ("CVE-" ):
181177 finding .unsaved_vulnerability_ids = [policy ]
182-
183- return finding
184-
178+ else :
179+ return finding
180+
185181 except KeyError as exc :
186182 logger .warning ("Failed to parse OpenReports result due to missing key: %r" , exc )
187183 return None
0 commit comments