Enhancements for XSC analytics metrics capabilities to support applic…

…ation in Frogbot (#50)
jfrog · Apr 10, 2024 · f7cd2c5 · f7cd2c5
1 parent 35f6200
commit f7cd2c5
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 19 deletions.
diff --git a/utils/analyticsmetrics.go b/utils/analyticsmetrics.go
@@ -171,3 +171,20 @@ func (ams *AnalyticsMetricsService) CreateXscAnalyticsGeneralEventFinalizeFromAu
 		XscAnalyticsBasicGeneralEvent: basicEvent,
 	}
 }
+
+func (ams *AnalyticsMetricsService) UpdateXscAnalyticsGeneralEventFinalizeWithTotalScanDuration() {
+	totalDuration := time.Since(ams.GetStartTime())
+	ams.finalizeEvent.TotalScanDuration = totalDuration.String()
+}
+
+func (ams *AnalyticsMetricsService) UpdateXscAnalyticsGeneralEventFinalizeStatus(status xscservices.EventStatus) {
+	ams.finalizeEvent.EventStatus = status
+}
+
+func (ams *AnalyticsMetricsService) AddScanFindingsToXscAnalyticsGeneralEventFinalize(findingsAmount int) {
+	ams.finalizeEvent.TotalFindings += findingsAmount
+}
+
+func (ams *AnalyticsMetricsService) SetShouldReportEvents(shouldReportEvents bool) {
+	ams.shouldReportEvents = shouldReportEvents
+}
diff --git a/utils/results.go b/utils/results.go
@@ -69,37 +69,41 @@ func (r *Results) IsIssuesFound() bool {
 	return false
 }
 
-// Counts the total amount of findings in the provided results and updates the AnalyticsMetricsService with the amount of the new added findings
+// Counts the total number of unique findings in the provided results.
+// A unique SCA finding is identified by a unique pair of vulnerability's/violation's issueId and component id or by a result returned from one of JAS scans.
 func (r *Results) CountScanResultsFindings() int {
-	findingsCountMap := make(map[string]int)
 	var totalFindings int
+	totalFindings += getScaResultsUniqueFindingsAmount(&r.ScaResults)
 
-	// Counting ScaResults
-	for _, scaResult := range r.ScaResults {
+	if r.ExtendedScanResults != nil {
+		totalFindings += len(r.ExtendedScanResults.SastScanResults)
+		totalFindings += len(r.ExtendedScanResults.IacScanResults)
+		totalFindings += len(r.ExtendedScanResults.SecretsScanResults)
+	}
+
+	return totalFindings
+}
+
+func getScaResultsUniqueFindingsAmount(scaScanResults *[]ScaScanResult) int {
+	uniqueXrayFindings := datastructures.MakeSet[string]()
+
+	for _, scaResult := range *scaScanResults {
 		for _, xrayResult := range scaResult.XrayResults {
 			// XrayResults may contain Vulnerabilities OR Violations, but not both. Therefore, only one of them will be counted
 			for _, vulnerability := range xrayResult.Vulnerabilities {
-				findingsCountMap[vulnerability.IssueId] += len(vulnerability.Components)
+				for compId := range vulnerability.Components {
+					uniqueXrayFindings.Add(vulnerability.IssueId + compId)
+				}
 			}
 
 			for _, violation := range xrayResult.Violations {
-				findingsCountMap[violation.IssueId] += len(violation.Components)
+				for compId := range violation.Components {
+					uniqueXrayFindings.Add(violation.IssueId + compId)
+				}
 			}
 		}
 	}
-
-	for _, issueIdCount := range findingsCountMap {
-		totalFindings += issueIdCount
-	}
-
-	// Counting ExtendedScanResults
-	if r.ExtendedScanResults != nil {
-		totalFindings += len(r.ExtendedScanResults.SastScanResults)
-		totalFindings += len(r.ExtendedScanResults.IacScanResults)
-		totalFindings += len(r.ExtendedScanResults.SecretsScanResults)
-	}
-
-	return totalFindings
+	return uniqueXrayFindings.Size()
 }
 
 type ScaScanResult struct {