Skip to content

CLI-357 Add output formatting#261

Open
georgii-borovinskikh-sonarsource wants to merge 1 commit into
masterfrom
gb/sca-output-formatting
Open

CLI-357 Add output formatting#261
georgii-borovinskikh-sonarsource wants to merge 1 commit into
masterfrom
gb/sca-output-formatting

Conversation

@georgii-borovinskikh-sonarsource
Copy link
Copy Markdown
Contributor

@georgii-borovinskikh-sonarsource georgii-borovinskikh-sonarsource commented May 11, 2026

No description provided.

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown

hashicorp-vault-sonar-prod Bot commented May 11, 2026
edited by atlassian Bot
Loading

CLI-357

@georgii-borovinskikh-sonarsource georgii-borovinskikh-sonarsource force-pushed the gb/sca-runner branch 2 times, most recently from b6c234d to d032005 Compare May 12, 2026 08:25
@georgii-borovinskikh-sonarsource georgii-borovinskikh-sonarsource force-pushed the gb/sca-output-formatting branch 3 times, most recently from 4446bf6 to 2970d21 Compare May 12, 2026 14:35
Base automatically changed from gb/sca-runner to master May 13, 2026 10:22
@georgii-borovinskikh-sonarsource georgii-borovinskikh-sonarsource force-pushed the gb/sca-output-formatting branch 3 times, most recently from bc55986 to 6387c36 Compare May 15, 2026 08:46
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 15, 2026
edited
Loading

Quality Gate Passed Quality Gate passed

Issues
0 New issues
1 Accepted issue
0 New dependency risks

Measures
0 Security Hotspots
81.2% Coverage on New Code
0.0% Duplication on New Code

🛠️ Remediation Agent ready

  • Fix automatically
    Creates a separate PR with fixes for eligible issues

See analysis details on SonarQube Cloud

@georgii-borovinskikh-sonarsource georgii-borovinskikh-sonarsource marked this pull request as ready for review May 15, 2026 12:40
@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 15, 2026
edited
Loading

Summary

This PR adds output formatting for dependency risk analysis results. It introduces two output formats (JSON and table) and a new --status-filter option to show either all risks or only unresolved ones.

What changed:

  • Added --status-filter CLI option (defaults to 'open') with choices: 'all' or 'open'
  • Created formatters for JSON output and human-readable table output
  • Implemented filtering logic to separate resolved risks (SAFE, FIXED, ACCEPT) from unresolved ones
  • Results are now properly displayed based on the selected format and filter

What reviewers should know

Start with:

  1. src/cli/commands/analyze/dependency-risks.ts — main entry point showing how formatters and filters integrate
  2. src/cli/commands/analyze/dependency-risk-helpers/analysis-response.ts — filtering and sorting logic (small, foundational)
  3. src/cli/commands/analyze/dependency-risk-helpers/format-dependency-risks-table.ts — the largest change; implements complex table layout with issue chains, severity coloring, and summary stats

Key decisions to review:

  • Status filter defaults to 'open' (hiding resolved issues). This is a good UX choice but worth confirming it matches product intent.
  • Table formatter includes sophisticated handling of transitive dependency chains, excluded version codes, and severity ordering. The logic is data-heavy; tests are extensive (835 lines) so focus review on logic clarity rather than test coverage.
  • JSON format is minimal (projects, releases, parsed files, errors only); filtering is applied but response structure stays flat.

Gotchas:

  • The applyStatusFilter function modifies the releases array but preserves the full response object — unfiltered data is still accessible elsewhere (e.g., summary line counts total dependencies before filter is applied).
  • Table formatter uses internal state (releaseByPurl map) to link transitive chains; this is implementation detail but matters if the data shape ever changes.
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@damien-urruty-sonarsource damien-urruty-sonarsource Awaiting requested review from damien-urruty-sonarsource

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@georgii-borovinskikh-sonarsource