-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpost_comment.py
77 lines (61 loc) · 2.97 KB
/
post_comment.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import os
from github import Github
import json
# Define emoji for each severity level
severity_emoji = {
"HIGH": "🔴",
"MED": "🟠",
"LOW": "🟡",
"UNDEF": "⚪"
}
# Access the GITHUB_TOKEN environment variable
github_token = os.getenv('GITHUB_TOKEN')
if not github_token:
raise Exception('GITHUB_TOKEN is not set or empty')
# Initialize the GitHub client with the token
g = Github(github_token)
# Get the repository and pull request objects
repo = g.get_repo(os.getenv('GITHUB_REPOSITORY'))
pr_number = int(os.getenv('GITHUB_REF').split('/')[-2])
pr = repo.get_pull(pr_number)
# Read the Bandit report
with open('report.json', 'r') as file:
report_data = json.load(file)
# Start formatting the comment
comment = "## 🛡️ Bandit Scan Results Summary\n\n"
# Prepare a summary of findings
severity_counts = {"HIGH": 0, "MEDIUM": 0, "LOW": 0, "UNDEFINED": 0}
for result in report_data.get('results', []):
severity_counts[result['issue_severity']] += 1
comment += f"We found **{severity_counts['HIGH']} High**, **{severity_counts['MEDIUM']} Medium**, and **{severity_counts['LOW']} Low** severity issues. \n\n"
# Add detailed findings header
comment += "### Detailed Findings\n---\n"
# Add table header
comment += "| Severity | Issue | File | Line | Confidence | More Info | Test ID |\n"
comment += "| -------- | ----- | ---- | ---- | ---------- | --------- | ------- |\n"
# Iterate through the results and add table rows
for result in report_data.get('results', []):
severity = result['issue_severity']
issue_text = result['issue_text']
filename = result['filename']
line_number = result['line_range'][0]
confidence = result['issue_confidence']
more_info_url = result['more_info']
test_id = result['test_id']
# Add row to the comment with the new columns
comment += f"| {severity_emoji.get(severity, '⚪')} {severity} | {issue_text} | {filename} | {line_number} | {confidence} | [More Info]({more_info_url}) | {test_id} |\n"
comment += "\n---\n"
# Add collapsible section for recommendations
comment += "<details>\n<summary>:sparkles: About this Report</summary>\n\n"
comment += "This report was generated by the [official Bandit GitHub Action](#link-to-action) to ensure our codebase stays secure.\n"
comment += "</details>\n\n"
comment += "<details>\n<summary>:closed_book: What is Bandit?</summary>\n\n"
comment += "Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the [Bandit documentation](https://bandit.readthedocs.io/).\n"
comment += "</details>\n\n"
comment += "<details>\n<summary>:busts_in_silhouette: Community Support</summary>\n\n"
comment += "Got questions or need help with Bandit Action?\n"
comment += "- Join our community on the [Discord server](https://discord.gg/D3RTpU9zEj).\n"
comment += "- Share tips, get advice, and collaborate on security best practices.\n"
comment += "</details>\n"
# Post the comment
pr.create_issue_comment(comment)