Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SBOM Mapper #5986

Merged
merged 79 commits into from
Aug 19, 2024
Merged
Show file tree
Hide file tree
Changes from 61 commits
Commits
Show all changes
79 commits
Select commit Hold shift + click to select a range
e1649dd
Initial dump
charleshu-8 Jul 10, 2024
c5f5178
Merge branch 'master' into sbomMapper
charleshu-8 Jul 16, 2024
a32c643
Linting
charleshu-8 Jul 16, 2024
739c654
Linting
charleshu-8 Jul 16, 2024
86a3a38
Linting
charleshu-8 Jul 16, 2024
71d778a
Change in license handling
charleshu-8 Jul 16, 2024
9c6b85e
Passthrough implementation
charleshu-8 Jul 18, 2024
0569126
Finished intermediary object generation
charleshu-8 Jul 22, 2024
452eec6
Linting
charleshu-8 Jul 22, 2024
f5732a7
Merge branch 'master' into sbomMapper
charleshu-8 Jul 22, 2024
ab79f27
Linting
charleshu-8 Jul 22, 2024
d08b9f2
Logical density change
charleshu-8 Jul 22, 2024
5045bb7
Mapping progress; component flattening
charleshu-8 Jul 22, 2024
f1a7460
Linting
charleshu-8 Jul 22, 2024
3370eb3
Quick typing fix
charleshu-8 Jul 23, 2024
2d0604b
Mapping progress
charleshu-8 Jul 24, 2024
5f8bb76
Formatting overhaul; additional tags; results section
charleshu-8 Jul 24, 2024
12da117
VEX ingestion; various mapping adjustments
charleshu-8 Jul 25, 2024
73b1f48
Test fix
charleshu-8 Jul 25, 2024
f7ea434
VEX ingestion fix
charleshu-8 Jul 25, 2024
26b5aac
Clean up
charleshu-8 Jul 25, 2024
7b9201c
Test fix
charleshu-8 Jul 25, 2024
0fd592b
Merge branch 'master' into sbomMapper
charleshu-8 Jul 26, 2024
7aa8322
VEX support
charleshu-8 Jul 26, 2024
6ec7c71
Merge branch 'sbomMapper' of https://github.com/mitre/heimdall2 into …
charleshu-8 Jul 26, 2024
57a6c8a
Refactoring
charleshu-8 Jul 29, 2024
fd8a14f
Merge branch 'master' into sbomMapper
charleshu-8 Jul 30, 2024
ec42b2f
Component field filtering and vulnerability ID appending
charleshu-8 Jul 30, 2024
043ca2b
VEX alignment changes
charleshu-8 Jul 30, 2024
633b637
Impact aggregation change
charleshu-8 Jul 31, 2024
f1b873b
SBOM support visibility; auto cleaning control Description
charleshu-8 Jul 31, 2024
e605a88
Various styling changes
charleshu-8 Jul 31, 2024
62b3b35
Testing update
charleshu-8 Jul 31, 2024
23b7ba8
Linting
charleshu-8 Jul 31, 2024
609872b
Move porfile desc to summary
charleshu-8 Aug 2, 2024
35e2be8
Merge branch 'master' into sbomMapper
charleshu-8 Aug 2, 2024
08d7c74
Added conditional to control title genreation
charleshu-8 Aug 2, 2024
ea2506e
Merge branch 'sbomMapper' of https://github.com/mitre/heimdall2 into …
charleshu-8 Aug 2, 2024
d9fc3f3
Merge branch 'master' into sbomMapper
charleshu-8 Aug 5, 2024
2d0bf1a
Merge branch 'master' into sbomMapper
charleshu-8 Aug 6, 2024
d6ce91c
Merge branch 'master' into sbomMapper
charleshu-8 Aug 7, 2024
0e14fe7
Review changes
charleshu-8 Aug 7, 2024
7a557e9
Merge branch 'master' into sbomMapper
charleshu-8 Aug 7, 2024
a219581
Adding CycloneDX types
charleshu-8 Aug 7, 2024
a3bbaeb
CWE tag fix
charleshu-8 Aug 8, 2024
9c4677e
Linting
charleshu-8 Aug 8, 2024
2c581f6
Typing
charleshu-8 Aug 8, 2024
7fd52f7
Linting
charleshu-8 Aug 8, 2024
02912cc
Linting
charleshu-8 Aug 8, 2024
603d6cb
Linting
charleshu-8 Aug 8, 2024
17b3426
Linting
charleshu-8 Aug 8, 2024
516ef25
Fixing typing errors
charleshu-8 Aug 8, 2024
a9a4007
Review changes
charleshu-8 Aug 9, 2024
ec9c5e6
Tag changes
charleshu-8 Aug 12, 2024
ef3f64e
Ref refactor
charleshu-8 Aug 12, 2024
4df5a0d
Typing refactor, component hierarchy refactor
charleshu-8 Aug 12, 2024
cd74818
Typing fixes
charleshu-8 Aug 13, 2024
39480e3
Continued typing edits
charleshu-8 Aug 13, 2024
86604cd
Message refactor
charleshu-8 Aug 13, 2024
5bec252
Tags & description field changes
charleshu-8 Aug 13, 2024
eee78e4
Merge branch 'master' into sbomMapper
charleshu-8 Aug 13, 2024
8487233
Generic testing
charleshu-8 Aug 14, 2024
6808709
Refactoring
charleshu-8 Aug 15, 2024
368fb48
Merge branch 'master' into sbomMapper
charleshu-8 Aug 15, 2024
f68d4dc
Typing refactor
charleshu-8 Aug 15, 2024
d4cc79a
Eugene changes
charleshu-8 Aug 16, 2024
a5dad39
Descriptions field fix
charleshu-8 Aug 16, 2024
b2b3a60
Merge branch 'master' into sbomMapper
charleshu-8 Aug 16, 2024
c86b727
Quick review change
charleshu-8 Aug 16, 2024
448ef99
Merge branch 'sbomMapper' of https://github.com/mitre/heimdall2 into …
charleshu-8 Aug 16, 2024
94f4879
Add string headers
charleshu-8 Aug 16, 2024
148d438
Added additional tests
charleshu-8 Aug 19, 2024
e2fd282
Merge branch 'master' into sbomMapper
charleshu-8 Aug 19, 2024
d3a799b
Lint ignore
charleshu-8 Aug 19, 2024
9aaceb2
Linting
charleshu-8 Aug 19, 2024
5ded685
Linting :(
charleshu-8 Aug 19, 2024
77fc324
Linting rules change
charleshu-8 Aug 19, 2024
41e4eff
Linting rules exception for unused vars prefixed with _
charleshu-8 Aug 19, 2024
b8c7abd
Merge branch 'master' into sbomMapper
charleshu-8 Aug 19, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
<li>AWS Security Finding Format (ASFF)</li>
<li>Burp Suite</li>
<li>Checklist</li>
<li>CycloneDX Software Bill of Materials (SBOM)</li>
<li>DBProtect</li>
<li>Fortify</li>
<li>Golang Security Checker (gosec)</li>
Expand Down
3 changes: 3 additions & 0 deletions apps/frontend/src/store/report_intake.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import {
BurpSuiteMapper,
ChecklistResults,
ConveyorResults as ConveyorResultsMapper,
CycloneDXSBOMResults,
DBProtectMapper,
fingerprint,
FortifyMapper,
Expand Down Expand Up @@ -275,6 +276,8 @@ export class InspecIntake extends VuexModule {
return new ChecklistResults(convertOptions.data).toHdf();
case INPUT_TYPES.GOSEC:
return new GosecMapper(convertOptions.data).toHdf();
case INPUT_TYPES.CYCLONEDX_SBOM:
return new CycloneDXSBOMResults(convertOptions.data).toHdf();
case INPUT_TYPES.TRUFFLEHOG:
return new TrufflehogResults(convertOptions.data).toHdf();
default:
Expand Down
44 changes: 23 additions & 21 deletions libs/hdf-converters/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,32 +5,34 @@
OHDF Converters supplies several methods to convert various types of security tool data to and from the OHDF standard. OHDF Converters can be used in a variety of tools, and is currently well integrated with Heimdall itself, and the [SAF CLI](https://github.com/mitre/saf).

## Supported Formats

1. [**asff-mapper**] - AWS Security Finding Format JSON file, Prowler-derived AWS Security Finding Format results from concatenated JSON blobs, and Trivy-derived AWS Security Finding Format results from concatenated JSON blobs
2. [**aws-config-mapper**] - AWS Config
3. [**burpsuite-mapper**] - BurpSuite Pro XML file
4. [**caat-mapper**] - Compliance Assessment and Audit Tracking (CAAT) file
5. [**checklist-mapper**] - Checlist Mapper format
6. [**conveyor-mapper**] - Conveyor JSON file
7. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format
8. [**fortify-mapper**] - Fortify results FVDL file
9. [**gosec-mapper**] - gosec results JSON file
10. [**ionchannel-mapper**] - SBOM data from Ion Channel
11. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
12. [**msft-secure-mapper**] - Microsoft Secure Score results file
13. [**nessus-mapper**] - Nessus XML results file
14. [**netsparker-mapper**] - Netsparker XML results file
15. [**nikto-mapper**] - Nikto results JSON file
16. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
17. [**sarif-mapper**] - SARIF JSON file
18. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
19. [**snyk-mapper**] - Snyk results JSON file
20. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
21. [**splunk-mapper**] - Splunk instance
22. [**trufflehog-mapper**] - Trufflehog results json file
23. [**twistlock-mapper**] - Twistlock CLI output file
24. [**veracode-mapper**] - Veracode Scan Results XML file
25. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
26. [**zap-mapper**] - OWASP ZAP results JSON
7. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file
8. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format
9. [**fortify-mapper**] - Fortify results FVDL file
10. [**gosec-mapper**] - gosec results JSON file
11. [**ionchannel-mapper**] - SBOM data from Ion Channel
12. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
13. [**msft-secure-mapper**] - Microsoft Secure Score results file
14. [**nessus-mapper**] - Nessus XML results file
15. [**netsparker-mapper**] - Netsparker XML results file
16. [**nikto-mapper**] - Nikto results JSON file
17. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
18. [**sarif-mapper**] - SARIF JSON file
19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
20. [**snyk-mapper**] - Snyk results JSON file
21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
22. [**splunk-mapper**] - Splunk instance
23. [**trufflehog-mapper**] - Trufflehog results json file
24. [**twistlock-mapper**] - Twistlock CLI output file
25. [**veracode-mapper**] - Veracode Scan Results XML file
26. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
27. [**zap-mapper**] - OWASP ZAP results JSON

### NOTICE

Expand All @@ -48,4 +50,4 @@ This software was produced for the U. S. Government under Contract Number HHSM-5

No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.

For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.
1 change: 1 addition & 0 deletions libs/hdf-converters/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ export * from './src/netsparker-mapper';
export * from './src/nikto-mapper';
export * from './src/prisma-mapper';
export * from './src/sarif-mapper';
export * from './src/cyclonedx-sbom-mapper';
export * from './src/scoutsuite-mapper';
export * from './src/snyk-mapper';
export * from './src/sonarqube-mapper';
Expand Down
1 change: 1 addition & 0 deletions libs/hdf-converters/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
},
"dependencies": {
"@aws-sdk/client-config-service": "^3.95.0",
"@cyclonedx/cyclonedx-library": "^6.11.0",
"@e965/xlsx": "^0.20.0",
"@mdi/js": "^7.0.96",
"@microsoft/microsoft-graph-types": "^2.40.0",
Expand Down
Loading
Loading