This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch sbom_report_updates in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 4b807219ad471f9c5b3e45cf187699d1c6192157 Author: Alastair McFarlane <[email protected]> AuthorDate: Thu Dec 11 14:28:53 2025 +0000 Fix some wording and add a hyperlink to vulnerability details --- atr/get/sbom.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/atr/get/sbom.py b/atr/get/sbom.py index ce75a5a..3e0d8bb 100644 --- a/atr/get/sbom.py +++ b/atr/get/sbom.py @@ -194,10 +194,12 @@ def _vulnerability_component_details(block: htm.Block, component: results.OSVCom for vuln in component.vulnerabilities: vuln_id = vuln.get("id", "Unknown") vuln_summary = vuln.get("summary", "No summary available") + vuln_refs = [r for r in vuln.get("references", []) if r.get("type", "") == "WEB"] + vuln_primary_ref = vuln_refs[0] if len(vuln_refs) > 0 else "" vuln_modified = vuln.get("modified", "Unknown") vuln_severity = _extract_vulnerability_severity(vuln) - vuln_header = [htm.strong(".me-2")[vuln_id]] + vuln_header = [htm.a(href=vuln_primary_ref.get('url', ''), target="_blank")[htm.strong(".me-2")[vuln_id]]] if vuln_severity != "Unknown": vuln_header.append(htm.span(".badge.bg-warning.text-dark")[vuln_severity]) @@ -261,8 +263,8 @@ def _vulnerability_scan_results(block: htm.Block, task: sql.Task) -> None: if not components: block.p["No vulnerabilities found."] if ignored_count > 0: - component_word = "component" if (ignored_count == 1) else "components" - block.p[f"{ignored_count} {component_word} were ignored due to missing PURL or version information."] + component_word = "component was" if (ignored_count == 1) else "components were" + block.p[f"{ignored_count} {component_word} ignored due to missing PURL or version information."] return block.p[f"Found vulnerabilities in {len(components)} components:"] @@ -271,8 +273,8 @@ def _vulnerability_scan_results(block: htm.Block, task: sql.Task) -> None: _vulnerability_component_details(block, component) if ignored_count > 0: - component_word = "component" if (ignored_count == 1) else "components" - block.p[f"{ignored_count} {component_word} were ignored due to missing PURL or version information."] + component_word = "component was" if (ignored_count == 1) else "components were" + block.p[f"{ignored_count} {component_word} ignored due to missing PURL or version information."] def _vulnerability_scan_section( --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
