kanshan/TensorRT-LLMs
1
0
Fork 0
mirror of https://github.com/NVIDIA/TensorRT-LLM.git synced 2026-02-05 02:31:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
d9aef94431
TensorRT-LLMs/jenkins/scripts/submit_vulnerability_report.py
yuanjingx87 f42a6cbae0
[None][infra] Add source code pulse scan to PLC nightly pipeline (#10961) 
Signed-off-by: Yuanjing Xue <197832395+yuanjingx87@users.noreply.github.com>
2026-01-30 11:06:48 -08:00

61 lines
2.0 KiB
Python
Raw Blame History

import argparse
import json
import os
from pathlib import Path
import requests
# slack workflow setting can be edited at https://slack.com/shortcuts/Ft0AAER075L3/a314cf6f4a81543cc37b75702c5d10f1
SLACK_WEBHOOK_URL = os.environ.get("TRTLLM_PLC_WEBHOOK")
# this json file will be generated from pulse in pipeline scanning
INPUT_FILE = "./nspect_scan_report.json"
parser = argparse.ArgumentParser()
parser.add_argument("--build-url", required=True, help="Jenkins build URL")
args = parser.parse_args()
# Throw error if not set
if not SLACK_WEBHOOK_URL:
raise EnvironmentError("Error: Environment variable 'TRTLLM_PLC_WEBHOOK' is not set!")
# Read file
raw_input = Path(INPUT_FILE).read_text()
vulnerabilities = json.loads(raw_input)
def safe(value, default="N/A"):
return value if value else default
# Build attachment text
message_lines = ["* TensorRT LLM Source Code Vulnerability Scan Report*\n"]
severity_rank = {"Critical": 4, "High": 3, "Medium": 2, "Low": 1}
for v in vulnerabilities:
sev = v.get("Severity", "Low")
if severity_rank.get(sev, 0) <= 2:
continue
shortTermVersion = safe(v.get("Upgrade-Guidance", {}).get("Short-Term"))
longTermVersion = safe(v.get("Upgrade-Guidance", {}).get("Long-Term"))
lines = [
f"🔴 *{safe(v.get('Severity'))}* — *{safe(v.get('Package Name'))}* `{safe(v.get('Package Version'))}`",
f"• *CVE:* {safe(v.get('Related Vuln'))} | *BDSA:* {safe(v.get('CVE ID'))}",
f"• *Score:* {safe(v.get('Score'))}",
f"• *Status:* {safe(v.get('Status'))}",
f"• *Published:* {safe(v.get('Vulnerability Published Date'))}",
f"• *Upgrade:* `{shortTermVersion}` → `{longTermVersion}`",
"" * 40, # separator line
]
message_lines.extend(lines)
message_text = "\n".join(message_lines)
payload = {"report": message_text, "pipelineUrl": args.build_url}
print(payload)
# Send to Slack
resp = requests.post(SLACK_WEBHOOK_URL, json=payload, timeout=60)
resp.raise_for_status()
Reference in New Issue View Git Blame Copy Permalink