diff --git a/.github/workflows/test_ecr_scan.yml b/.github/workflows/test_ecr_scan.yml index 0a94931..41e9f58 100644 --- a/.github/workflows/test_ecr_scan.yml +++ b/.github/workflows/test_ecr_scan.yml @@ -33,11 +33,17 @@ jobs: run: | pip install -r wait-for-ecr-scan-and-get-sarif/requirements.txt + # - name: Run the Python script to convert ECR scan to SARIF + # shell: bash + # run: | + # python wait-for-ecr-scan-and-get-sarif/pylib/aws_scan_findings_to_sarif.py \ + # --input_file wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-ubuntu.json \ + # --output_file report.sarif - name: Run the Python script to convert ECR scan to SARIF shell: bash run: | python wait-for-ecr-scan-and-get-sarif/pylib/aws_scan_findings_to_sarif.py \ - --input_file wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-ubuntu.json \ + --input_file wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json \ --output_file report.sarif - name: Upload SARIF report as artifact diff --git a/wait-for-ecr-scan-and-get-sarif/test_aws_scan_findings_to_sarif.py b/wait-for-ecr-scan-and-get-sarif/test_aws_scan_findings_to_sarif.py index e4c847e..56c5747 100644 --- a/wait-for-ecr-scan-and-get-sarif/test_aws_scan_findings_to_sarif.py +++ b/wait-for-ecr-scan-and-get-sarif/test_aws_scan_findings_to_sarif.py @@ -36,3 +36,19 @@ def test_convert_to_sarif_enhanced_ecr_scan(): sarif_report = convert_to_sarif(ecr_response) assert sarif_report == expected_response + + +def test_convert_to_sarif_when_no_findings(): + base_dir = os.path.dirname(os.path.abspath(__file__)) + sample_file_path = os.path.join(base_dir, "tests/ecr-scan-result-no-findings.json") + with open(sample_file_path, "r") as f: + ecr_response = json.load(f) + + expected_output_file_path = os.path.join( + base_dir, "tests/ecr-scan-result-no-findings-expected-sarif.json" + ) + with open(expected_output_file_path, "r") as f: + expected_response = json.load(f) + + sarif_report = convert_to_sarif(ecr_response) + assert sarif_report == expected_response diff --git a/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings-expected-sarif.json b/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings-expected-sarif.json new file mode 100644 index 0000000..885abd2 --- /dev/null +++ b/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings-expected-sarif.json @@ -0,0 +1,24 @@ +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "name": "Amazon ECR Image Scanning", + "informationUri": "https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html", + "rules": [] + } + }, + "results": [], + "properties": { + "imageID": "sha256:60f5317ec034730f044117f4661e61e6b35faeac4f7b853d0f048282a2201afc", + "imageName": "infr/testcloud2202", + "repoDigests": [ + "infr/testcloud2202@sha256:60f5317ec034730f044117f4661e61e6b35faeac4f7b853d0f048282a2201afc" + ], + "repoTags": [] + } + } + ] +} \ No newline at end of file diff --git a/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json b/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json new file mode 100644 index 0000000..2280e3b --- /dev/null +++ b/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json @@ -0,0 +1,14 @@ +{ + "imageScanFindings": { + "findings": [] + }, + "registryId": "772215651096", + "repositoryName": "infr/testcloud2202", + "imageId": { + "imageDigest": "sha256:60f5317ec034730f044117f4661e61e6b35faeac4f7b853d0f048282a2201afc" + }, + "imageScanStatus": { + "status": "ACTIVE", + "description": "Continuous scan is selected for image." + } +}