add nil verification to vulnerabilities post processing and fix some vulnerabilities typos

cli/cmd/exportresults.go

@@ -674,7 +674,7 @@ func (e *Exporter) ExportResults(ctx context.Context, res *results.Results, fame
 
 	if config.Vulnerabilities.Enabled {
 		if err := e.ExportVulResult(ctx, res, famerr); err != nil {
-			errors = appendExportError("vulnerabilties", err, errors)
+			errors = appendExportError("vulnerabilities", err, errors)
 		}
 	}
 

runtime_scan/pkg/orchestrator/scanresultprocessor/processor.go

@@ -69,7 +69,7 @@ func (srp *ScanResultProcessor) Reconcile(ctx context.Context, event ScanResultR
 	// Process each of the successfully scanned (state DONE and no errors) families into findings.
 	if statusCompletedWithNoErrors(scanResult.Status.Vulnerabilities) {
 		if err := srp.reconcileResultVulnerabilitiesToFindings(ctx, scanResult); err != nil {
-			return newFailedToReconcileTypeError(err, "vulnerabilties")
+			return newFailedToReconcileTypeError(err, "vulnerabilities")
 		}
 	}
 

runtime_scan/pkg/orchestrator/scanresultprocessor/vulnerabilities.go

@@ -24,7 +24,7 @@ import (
 	"github.com/openclarity/vmclarity/shared/pkg/findingkey"
 )
 
-// nolint:cyclop
+// nolint:cyclop,gocognit
 func (srp *ScanResultProcessor) reconcileResultVulnerabilitiesToFindings(ctx context.Context, scanResult models.TargetScanResult) error {
 	completedTime := scanResult.Status.General.LastTransitionTime
 
@@ -57,53 +57,55 @@ func (srp *ScanResultProcessor) reconcileResultVulnerabilitiesToFindings(ctx con
 		existingMap[key] = *finding.Id
 	}
 
-	srp.logger.Infof("Found %d existing vulnerabilties findings for this scan", len(existingMap))
-	srp.logger.Debugf("Existing vulnerabilties map: %v", existingMap)
-
-	// Create new findings for all the found vulnerabilties
-	for _, vuln := range *scanResult.Vulnerabilities.Vulnerabilities {
-		vulFindingInfo := models.VulnerabilityFindingInfo{
-			VulnerabilityName: vuln.VulnerabilityName,
-			Description:       vuln.Description,
-			Severity:          vuln.Severity,
-			Links:             vuln.Links,
-			Distro:            vuln.Distro,
-			Cvss:              vuln.Cvss,
-			Package:           vuln.Package,
-			Fix:               vuln.Fix,
-			LayerId:           vuln.LayerId,
-			Path:              vuln.Path,
-		}
-
-		findingInfo := models.Finding_FindingInfo{}
-		err = findingInfo.FromVulnerabilityFindingInfo(vulFindingInfo)
-		if err != nil {
-			return fmt.Errorf("unable to convert VulnerabilityFindingInfo into FindingInfo: %w", err)
-		}
+	srp.logger.Infof("Found %d existing vulnerabilities findings for this scan", len(existingMap))
+	srp.logger.Debugf("Existing vulnerabilities map: %v", existingMap)
+
+	if scanResult.Vulnerabilities != nil && scanResult.Vulnerabilities.Vulnerabilities != nil {
+		// Create new findings for all the found vulnerabilities
+		for _, vuln := range *scanResult.Vulnerabilities.Vulnerabilities {
+			vulFindingInfo := models.VulnerabilityFindingInfo{
+				VulnerabilityName: vuln.VulnerabilityName,
+				Description:       vuln.Description,
+				Severity:          vuln.Severity,
+				Links:             vuln.Links,
+				Distro:            vuln.Distro,
+				Cvss:              vuln.Cvss,
+				Package:           vuln.Package,
+				Fix:               vuln.Fix,
+				LayerId:           vuln.LayerId,
+				Path:              vuln.Path,
+			}
 
-		finding := models.Finding{
-			Scan:        scanResult.Scan,
-			Asset:       scanResult.Target,
-			FoundOn:     scanResult.Status.General.LastTransitionTime,
-			FindingInfo: &findingInfo,
-		}
+			findingInfo := models.Finding_FindingInfo{}
+			err = findingInfo.FromVulnerabilityFindingInfo(vulFindingInfo)
+			if err != nil {
+				return fmt.Errorf("unable to convert VulnerabilityFindingInfo into FindingInfo: %w", err)
+			}
 
-		// Set InvalidatedOn time to the FoundOn time of the oldest
-		// finding, found after this scan result.
-		if newerFound {
-			finding.InvalidatedOn = &newerTime
-		}
+			finding := models.Finding{
+				Scan:        scanResult.Scan,
+				Asset:       scanResult.Target,
+				FoundOn:     scanResult.Status.General.LastTransitionTime,
+				FindingInfo: &findingInfo,
+			}
 
-		key := findingkey.GenerateVulnerabilityKey(vulFindingInfo)
-		if id, ok := existingMap[key]; ok {
-			err = srp.client.PatchFinding(ctx, id, finding)
-			if err != nil {
-				return fmt.Errorf("failed to create finding: %w", err)
+			// Set InvalidatedOn time to the FoundOn time of the oldest
+			// finding, found after this scan result.
+			if newerFound {
+				finding.InvalidatedOn = &newerTime
 			}
-		} else {
-			_, err = srp.client.PostFinding(ctx, finding)
-			if err != nil {
-				return fmt.Errorf("failed to create finding: %w", err)
+
+			key := findingkey.GenerateVulnerabilityKey(vulFindingInfo)
+			if id, ok := existingMap[key]; ok {
+				err = srp.client.PatchFinding(ctx, id, finding)
+				if err != nil {
+					return fmt.Errorf("failed to create finding: %w", err)
+				}
+			} else {
+				_, err = srp.client.PostFinding(ctx, finding)
+				if err != nil {
+					return fmt.Errorf("failed to create finding: %w", err)
+				}
 			}
 		}
 	}