From ba2c38ac9db285acdbd5963d6e8e87b5ca327ea5 Mon Sep 17 00:00:00 2001 From: burnettk Date: Thu, 15 Aug 2024 11:46:59 -0400 Subject: [PATCH] jsonschema validation --- .../aws_scan_findings_to_sarif.py | 13 +++++++++++++ wait-for-ecr-scan-and-get-sarif/requirements.txt | 1 + 2 files changed, 14 insertions(+) diff --git a/wait-for-ecr-scan-and-get-sarif/aws_scan_findings_to_sarif.py b/wait-for-ecr-scan-and-get-sarif/aws_scan_findings_to_sarif.py index 4e83115..f9807c0 100644 --- a/wait-for-ecr-scan-and-get-sarif/aws_scan_findings_to_sarif.py +++ b/wait-for-ecr-scan-and-get-sarif/aws_scan_findings_to_sarif.py @@ -1,5 +1,6 @@ import json import argparse +import jsonschema def convert_to_sarif(ecr_response): @@ -152,6 +153,12 @@ def convert_to_sarif(ecr_response): def main(): + + def load_sarif_schema(schema_path): + with open(schema_path, "r") as f: + return json.load(f) + + parser = argparse.ArgumentParser( description="Convert ECR scan findings to SARIF format." ) @@ -161,13 +168,19 @@ def main(): help="The input JSON file with ECR scan findings.", ) parser.add_argument("--output_file", required=True, help="The output SARIF file.") + SCHEMA_FILE_PATH = "./wait-for-ecr-scan-and-get-sarif/sarif-schema-2.1.0.json" args = parser.parse_args() + sarif_schema = load_sarif_schema(SCHEMA_FILE_PATH) + with open(args.input_file, "r") as f: ecr_response = json.load(f) sarif_report = convert_to_sarif(ecr_response) + + validate_sarif(sarif_report, sarif_schema) + with open(args.output_file, "w") as f: json.dump(sarif_report, f, indent=2) diff --git a/wait-for-ecr-scan-and-get-sarif/requirements.txt b/wait-for-ecr-scan-and-get-sarif/requirements.txt index e69de29..d89304b 100644 --- a/wait-for-ecr-scan-and-get-sarif/requirements.txt +++ b/wait-for-ecr-scan-and-get-sarif/requirements.txt @@ -0,0 +1 @@ +jsonschema