From 47e6cda78333c2b9029e0b4d470cace37b402716 Mon Sep 17 00:00:00 2001
From: Fede Barcelona <fede_rico_94@hotmail.com>
Date: Mon, 29 Jul 2024 12:30:52 +0200
Subject: [PATCH] feat: order packages by vulnerability

---
 src/summary.ts | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/summary.ts b/src/summary.ts
index e3c805f..56765fa 100644
--- a/src/summary.ts
+++ b/src/summary.ts
@@ -37,6 +37,7 @@ function addVulnTableToSummary(data: Report) {
   ]);
 }
 
+
 function addVulnsByLayerTableToSummary(data: Report) {
   if (!data.result.layers) {
     return
@@ -53,17 +54,31 @@ function addVulnsByLayerTableToSummary(data: Report) {
 
   data.result.layers.forEach((layer, index) => {
     core.summary.addCodeBlock(`LAYER ${index} - ${layer.command.replace(new RegExp('\$', 'g'), "&#36;").replace(new RegExp('\&', 'g'), '&amp;')}`);
-
     if (!layer.digest) {
       return;
     }
+
     let packagesWithVulns = (packagesPerLayer[layer.digest] ?? [])
       .filter(pkg => pkg.vulns);
-
     if (packagesWithVulns.length == 0) {
       return;
     }
 
+    let orderedPackagesBySeverity = packagesWithVulns.sort((a, b) => {
+      const getSeverityCount = (pkg: Package, severity: string) =>
+        pkg.vulns?.filter((vul: any) => vul.severity.value === severity).length || 0;
+
+      const severities = ['Critical', 'High', 'Medium', 'Low', 'Negligible'];
+      for (const severity of severities) {
+        const countA = getSeverityCount(a, severity);
+        const countB = getSeverityCount(b, severity);
+        if (countA !== countB) {
+          return countB - countA;
+        }
+      }
+      return 0;
+    })
+
     core.summary.addTable([
       [
         { data: 'Package', header: true },
@@ -77,7 +92,7 @@ function addVulnsByLayerTableToSummary(data: Report) {
         { data: '⚪ Negligible', header: true },
         { data: 'Exploit', header: true },
       ],
-      ...packagesWithVulns.map(layerPackage => {
+      ...orderedPackagesBySeverity.map(layerPackage => {
         let criticalVulns = layerPackage.vulns?.filter(vuln => vuln.severity.value.toLowerCase() == 'critical').length ?? 0;
         let highVulns = layerPackage.vulns?.filter(vuln => vuln.severity.value.toLowerCase() == 'high').length ?? 0;
         let mediumVulns = layerPackage.vulns?.filter(vuln => vuln.severity.value.toLowerCase() == 'medium').length ?? 0;