diff --git a/deepfence_worker/tasks/reports/data.go b/deepfence_worker/tasks/reports/data.go
index 9f54c12f21..e014e0ade4 100644
--- a/deepfence_worker/tasks/reports/data.go
+++ b/deepfence_worker/tasks/reports/data.go
@@ -41,8 +41,9 @@ type ScanData[T any] struct {
}
type NodeWiseData[T any] struct {
- SeverityCount map[string]map[string]int32
- ScanData map[string]ScanData[T]
+ SeverityCount map[string]map[string]int32
+ ScanData map[string]ScanData[T]
+ OverallSeverityCounts map[string]int32
}
func searchScansFilter(params sdkUtils.ReportParams) rptSearch.SearchScanReq {
@@ -119,6 +120,14 @@ func scanResultFilter(levelKey string, levelValues []string, masked []bool) repo
return filter
}
+func CalculateOverallSeverityCounts[T any](nodeData *NodeWiseData[T], severityCountsList ...map[string]int32) {
+ for _, severityCounts := range severityCountsList {
+ for severity, count := range severityCounts {
+ nodeData.OverallSeverityCounts[severity] += count
+ }
+ }
+}
+
func getVulnerabilityData(ctx context.Context, params sdkUtils.ReportParams) (*Info[model.Vulnerability], error) {
if params.Filters.MostExploitableReport {
@@ -151,11 +160,14 @@ func getVulnerabilityData(ctx context.Context, params sdkUtils.ReportParams) (*I
params.Filters.SeverityOrCheckType, params.Filters.AdvancedReportFilters.Masked)
nodeWiseData := NodeWiseData[model.Vulnerability]{
- SeverityCount: make(map[string]map[string]int32),
- ScanData: make(map[string]ScanData[model.Vulnerability]),
+ SeverityCount: make(map[string]map[string]int32),
+ ScanData: make(map[string]ScanData[model.Vulnerability]),
+ OverallSeverityCounts: make(map[string]int32),
}
for _, s := range scans {
+ CalculateOverallSeverityCounts(&nodeWiseData, s.SeverityCounts)
+
result, common, err := rptScans.GetScanResults[model.Vulnerability](
ctx, sdkUtils.NEO4JVulnerabilityScan, s.ScanID, severityFilter, model.FetchWindow{})
if err != nil {
@@ -200,13 +212,15 @@ func getMostExploitableVulnData(ctx context.Context, params sdkUtils.ReportParam
start time.Time = time.Now()
)
nodeWiseData := NodeWiseData[model.Vulnerability]{
- SeverityCount: make(map[string]map[string]int32),
- ScanData: make(map[string]ScanData[model.Vulnerability]),
+ SeverityCount: make(map[string]map[string]int32),
+ ScanData: make(map[string]ScanData[model.Vulnerability]),
+ OverallSeverityCounts: make(map[string]int32),
}
nodeKey := "most_exploitable_vulnerabilities"
nodeWiseData.SeverityCount[nodeKey] = make(map[string]int32)
nodeWiseData.ScanData[nodeKey] = ScanData[model.Vulnerability]{ScanResults: entries}
sevMap := nodeWiseData.SeverityCount[nodeKey]
+ CalculateOverallSeverityCounts(&nodeWiseData, nodeWiseData.SeverityCount[nodeKey])
for _, entry := range entries {
count, present := sevMap[entry.CveSeverity]
if !present {
@@ -258,11 +272,12 @@ func getSecretData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mod
params.Filters.SeverityOrCheckType, params.Filters.AdvancedReportFilters.Masked)
nodeWiseData := NodeWiseData[model.Secret]{
- SeverityCount: make(map[string]map[string]int32),
- ScanData: make(map[string]ScanData[model.Secret]),
+ SeverityCount: make(map[string]map[string]int32),
+ ScanData: make(map[string]ScanData[model.Secret]),
+ OverallSeverityCounts: make(map[string]int32),
}
-
for _, s := range scans {
+ CalculateOverallSeverityCounts(&nodeWiseData, s.SeverityCounts)
result, common, err := rptScans.GetScanResults[model.Secret](
ctx, sdkUtils.NEO4JSecretScan, s.ScanID, severityFilter, model.FetchWindow{})
if err != nil {
@@ -319,11 +334,12 @@ func getMalwareData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mo
params.Filters.SeverityOrCheckType, params.Filters.AdvancedReportFilters.Masked)
nodeWiseData := NodeWiseData[model.Malware]{
- SeverityCount: make(map[string]map[string]int32),
- ScanData: make(map[string]ScanData[model.Malware]),
+ SeverityCount: make(map[string]map[string]int32),
+ ScanData: make(map[string]ScanData[model.Malware]),
+ OverallSeverityCounts: make(map[string]int32),
}
-
for _, s := range scans {
+ CalculateOverallSeverityCounts(&nodeWiseData, s.SeverityCounts)
result, common, err := rptScans.GetScanResults[model.Malware](
ctx, sdkUtils.NEO4JMalwareScan, s.ScanID, severityFilter, model.FetchWindow{})
if err != nil {
@@ -380,11 +396,12 @@ func getComplianceData(ctx context.Context, params sdkUtils.ReportParams) (*Info
params.Filters.SeverityOrCheckType, params.Filters.AdvancedReportFilters.Masked)
nodeWiseData := NodeWiseData[model.Compliance]{
- SeverityCount: make(map[string]map[string]int32),
- ScanData: make(map[string]ScanData[model.Compliance]),
+ SeverityCount: make(map[string]map[string]int32),
+ ScanData: make(map[string]ScanData[model.Compliance]),
+ OverallSeverityCounts: make(map[string]int32),
}
-
for _, s := range scans {
+ CalculateOverallSeverityCounts(&nodeWiseData, s.SeverityCounts)
result, common, err := rptScans.GetScanResults[model.Compliance](
ctx, sdkUtils.NEO4JComplianceScan, s.ScanID, severityFilter, model.FetchWindow{})
if err != nil {
@@ -442,11 +459,13 @@ func getCloudComplianceData(ctx context.Context, params sdkUtils.ReportParams) (
params.Filters.SeverityOrCheckType, params.Filters.AdvancedReportFilters.Masked)
nodeWiseData := NodeWiseData[model.CloudCompliance]{
- SeverityCount: make(map[string]map[string]int32),
- ScanData: make(map[string]ScanData[model.CloudCompliance]),
+ SeverityCount: make(map[string]map[string]int32),
+ ScanData: make(map[string]ScanData[model.CloudCompliance]),
+ OverallSeverityCounts: make(map[string]int32),
}
for _, s := range scans {
+ CalculateOverallSeverityCounts(&nodeWiseData, s.SeverityCounts)
result, common, err := rptScans.GetScanResults[model.CloudCompliance](
ctx, sdkUtils.NEO4JCloudComplianceScan, s.ScanID, severityFilter, model.FetchWindow{})
if err != nil {
diff --git a/deepfence_worker/tasks/reports/templates/base.gohtml b/deepfence_worker/tasks/reports/templates/base.gohtml
index 53b4898886..7e0f890840 100644
--- a/deepfence_worker/tasks/reports/templates/base.gohtml
+++ b/deepfence_worker/tasks/reports/templates/base.gohtml
@@ -256,6 +256,7 @@
}
+
@@ -265,6 +266,7 @@
{{ $scan_types := list "vulnerability" "secret" "malware" }}
{{ if mustHas .ScanType $scan_types }}
{{ template "summary-table" . }}
+ {{ template "piechart" . }}
{{ end }}
{{ if eq .ScanType "compliance" }}
diff --git a/deepfence_worker/tasks/reports/templates/piechart.gohtml b/deepfence_worker/tasks/reports/templates/piechart.gohtml
new file mode 100644
index 0000000000..82c2c67cb8
--- /dev/null
+++ b/deepfence_worker/tasks/reports/templates/piechart.gohtml
@@ -0,0 +1,75 @@
+{{ define "piechart" }}
+Overall Summary:
+
+{{ if .NodeWiseData.OverallSeverityCounts }}
+
+
+
+
+
+
+{{ end }}
+{{ end }}
diff --git a/deepfence_worker/tasks/reports/templates/vulnerabilities_nodes_table.gohtml b/deepfence_worker/tasks/reports/templates/vulnerabilities_nodes_table.gohtml
index ac9446602e..54c5a39af5 100644
--- a/deepfence_worker/tasks/reports/templates/vulnerabilities_nodes_table.gohtml
+++ b/deepfence_worker/tasks/reports/templates/vulnerabilities_nodes_table.gohtml
@@ -20,11 +20,11 @@
{{ range $i, $v := $value.ScanResults }}
| {{ add1 $i }} |
- {{ $v.Cve_id }} |
- {{ $v.Cve_caused_by_package }} |
- {{ $v.Cve_severity }} |
- {{ trunc 80 $v.Cve_description }} |
- {{ $v.CveID }} |
+ {{ $v.CveCausedByPackage }} |
+ {{ $v.CveSeverity }} |
+ {{ trunc 80 $v.CveDescription }} |
+ 
|