Added event logging when adding or removing a scanner to/from a vulnerability

Author: patrick.rissmann@l3montree.com

internal/core/assetversion/asset_version_service.go

@@ -259,9 +259,13 @@ func (s *service) handleScanResult(userID string, scannerID string, assetVersion
 				foundByScannerAndExisting[i].ScannerIDs = foundByScannerAndExisting[i].ScannerIDs + " " + scannerID
 			}
 		}
+		err = s.dependencyVulnService.MakeAddedScannerEvent(tx, foundByScannerAndExisting, userID)
+		if err != nil {
+			slog.Error("error when trying to add events for adding scanner to vulnerability")
+			return err
+		}
 
-		err := s.dependencyVulnRepository.SaveBatch(tx, foundByScannerAndExisting)
-
+		err = s.dependencyVulnRepository.SaveBatch(tx, foundByScannerAndExisting)
 		if err != nil {
 			slog.Error("error when trying to update vulnerabilities")
 			return err
@@ -285,6 +289,12 @@ func (s *service) handleScanResult(userID string, scannerID string, assetVersion
 			return err
 		}
 
+		err := s.dependencyVulnService.MakeRemoveScannerEvent(tx, vulnerabilitiesToUpdate, userID)
+		if err != nil {
+			slog.Error("error when trying to add events for removing scanner from vulnerability")
+			return err
+		}
+
 		return s.dependencyVulnService.UserFixedDependencyVulns(tx, userID, vulnerabilitiesToFix, *assetVersion, asset, true)
 	}); err != nil {
 		slog.Error("could not save dependencyVulns", "err", err)

internal/core/common_interfaces.go

@@ -183,6 +183,8 @@ type DependencyVulnService interface {
 	RecalculateRawRiskAssessment(tx DB, responsible string, dependencyVulns []models.DependencyVuln, justification string, asset models.Asset) error
 	UserFixedDependencyVulns(tx DB, userID string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset, doRiskManagement bool) error
 	UserDetectedDependencyVulns(tx DB, userID string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset, doRiskManagement bool) error
+	MakeAddedScannerEvent(tx DB, vulnerabilities []models.DependencyVuln, userID string) error
+	MakeRemoveScannerEvent(tx DB, vulnerabilities []models.DependencyVuln, userID string) error
 	UpdateDependencyVulnState(tx DB, assetID uuid.UUID, userID string, dependencyVuln *models.DependencyVuln, statusType string, justification string, assetVersionName string) (models.VulnEvent, error)
 	CreateIssuesForVulns(asset models.Asset, vulnList []models.DependencyVuln) error
 	ShouldCreateIssue(assetVersion models.AssetVersion) bool

internal/core/dependency_vuln/dependency_vuln_service.go

@@ -153,6 +153,28 @@ func (s *service) RecalculateAllRawRiskAssessments() error {
 
 }
 
+func (s *service) MakeAddedScannerEvent(tx core.DB, vulnerabilities []models.DependencyVuln, userID string) error {
+	events := make([]models.VulnEvent, len(vulnerabilities))
+	for i := range vulnerabilities {
+		ev := models.NewAddedScannerEvent(vulnerabilities[i].CalculateHash(), userID)
+		ev.Apply(&vulnerabilities[i])
+		events[i] = ev
+	}
+	return s.vulnEventRepository.SaveBatch(tx, events)
+
+}
+
+func (s *service) MakeRemoveScannerEvent(tx core.DB, vulnerabilities []models.DependencyVuln, userID string) error {
+	events := make([]models.VulnEvent, len(vulnerabilities))
+	for i := range vulnerabilities {
+		ev := models.NewRemovedScannerEvent(vulnerabilities[i].CalculateHash(), userID)
+		ev.Apply(&vulnerabilities[i])
+		events[i] = ev
+	}
+	return s.vulnEventRepository.SaveBatch(tx, events)
+
+}
+
 func (s *service) RecalculateRawRiskAssessment(tx core.DB, userID string, dependencyVulns []models.DependencyVuln, justification string, asset models.Asset) error {
 	if len(dependencyVulns) == 0 {
 		return nil
@@ -270,6 +292,7 @@ func (s *service) updateDependencyVulnState(tx core.DB, userID string, dependenc
 	case models.EventTypeComment:
 		ev = models.NewCommentEvent(dependencyVuln.CalculateHash(), userID, justification)
 	}
+	//Found by toher scanner
 
 	err := s.dependencyVulnRepository.ApplyAndSave(tx, dependencyVuln, &ev)
 	return ev, err