{% if opengrep_data %}
{% set findings = opengrep_data.results %} {# ----- Quick rollups ----- #} {% set sev_counts = {'critical':0,'high':0,'medium':0,'low':0,'info':0,'unknown':0} %} {% set file_counts = {} %} {% set rule_ids = {} %} {% for f in findings %} {% set path = f.path | default('') %} {% set _ = file_counts.__setitem__(path, (file_counts.get(path, 0) + 1)) %} {% set rid = f.check_id | default('') %} {% if rid %} {% set _ = rule_ids.__setitem__(rid, True) %} {% endif %} {% set sev = (f.extra.severity | default('unknown')) | lower %} {% if sev == 'warning' %} {% set _ = sev_counts.__setitem__('medium', sev_counts['medium'] + 1) %} {% elif sev == 'error' %} {% set _ = sev_counts.__setitem__('high', sev_counts['high'] + 1) %} {% elif sev in sev_counts %} {% set _ = sev_counts.__setitem__(sev, sev_counts[sev] + 1) %} {% else %} {% set _ = sev_counts.__setitem__('unknown', sev_counts['unknown'] + 1) %} {% endif %} {% endfor %}

OpenGrep — SAST Findings

{% if findings %}
Total: {{ findings|length }} Files: {{ file_counts|length }} Rules: {{ rule_ids|length }} Critical: {{ sev_counts.critical }} High | Error: {{ sev_counts.high }} Medium | Warning: {{ sev_counts.medium }} Low: {{ sev_counts.low }} Info: {{ sev_counts.info }} Unknown: {{ sev_counts.unknown }}
{% endif %}
{% if findings %}
{# Optional: quick “top offenders” blurb #} {% set top_files = file_counts.items() | list | sort(attribute=1, reverse=True) %} {% if top_files and top_files|length > 0 %}

Heaviest files: {% for kv in top_files[:3] %} {{ kv[0] | e }} ({{ kv[1] }}){% if not loop.last %}, {% endif %} {% endfor %}

{% endif %}
{% for finding in findings %} {% set path = finding.path | default('') %} {% set line = (finding.start.line if finding.start is defined and finding.start and finding.start.line is defined else '') %} {% set rid = finding.check_id | default('') %} {% set msg = (finding.extra.message if finding.extra is defined and finding.extra and finding.extra.message is defined else '') %} {% set sev_raw = (finding.extra.severity if finding.extra is defined and finding.extra and finding.extra.severity is defined else 'Unknown') %} {% set sev = sev_raw | lower %} {% set sev_chip = 'chip--bad' if sev in ['critical','high'] else ('chip--neutral' if sev == 'medium' else ('chip--ok' if sev in ['low','info'] else '')) %} {% set extra = finding.extra if finding.extra is defined else {} %} {% set metadata = extra.metadata if extra.metadata is defined else {} %} {% set lines = extra.lines if extra.lines is defined else '' %} {% set cwe = metadata.cwe if metadata.cwe is defined else [] %} {% set owasp = metadata.owasp if metadata.owasp is defined else [] %} {% set references = metadata.references if metadata.references is defined else [] %} {% set source = metadata.source if metadata.source is defined else '' %} {% set shortlink = metadata.shortlink if metadata.shortlink is defined else '' %} {% set vulnerability_class = metadata.vulnerability_class if metadata.vulnerability_class is defined else [] %} {% set confidence = metadata.confidence if metadata.confidence is defined else '' %} {% set likelihood = metadata.likelihood if metadata.likelihood is defined else '' %} {% set impact = metadata.impact if metadata.impact is defined else '' %} {% set fingerprints = finding.fingerprints if finding.fingerprints is defined else {} %} {% set fingerprint_list = [] %} {% if fingerprints.rule %}{% set _ = fingerprint_list.append(('rule', fingerprints.rule)) %}{% endif %} {% if fingerprints.ctx %}{% set _ = fingerprint_list.append(('ctx', fingerprints.ctx)) %}{% endif %} {% if fingerprints.exact %}{% set _ = fingerprint_list.append(('exact', fingerprints.exact)) %}{% endif %} {% set default_fp = '' %} {# Default to ctx fingerprint if available, otherwise first available #} {% if fingerprints.ctx %} {% set default_fp = fingerprints.ctx %} {% elif fingerprint_list|length > 0 %} {% set default_fp = fingerprint_list[0][1] %} {% endif %} 0 %}data-fingerprints='{{ fingerprint_list|map(attribute=1)|list|tojson }}'{% endif %}> {% endfor %}
File Line Rule / Check ID Message Severity Waiver
{{ path | e }} {{ line | e }} {{ rid | e }} {{ msg | e }} {{ sev_raw | default('Unknown') | e }} {% if fingerprint_list|length > 0 %}
{% else %} — {% endif %}
{% if lines %}

Code Context

{{ lines | e }}
{% endif %} {% if msg %}

Description

{{ msg | e }}

{% endif %}

Details

{% if rid %}
Rule ID:
{{ rid | e }}
{% endif %} {% if path %}
File:
{{ path | e }}
{% endif %} {% if line %}
Line:
{{ line | e }}
{% endif %} {% if confidence %}
Confidence:
{{ confidence | e }}
{% endif %} {% if likelihood %}
Likelihood:
{{ likelihood | e }}
{% endif %} {% if impact %}
Impact:
{{ impact | e }}
{% endif %}
{% if cwe or owasp or vulnerability_class %}

Classifications

{% if cwe %}
CWE:
{% for c in cwe %} {{ c | e }} {% endfor %}
{% endif %} {% if owasp %}
OWASP:
{% for o in owasp %} {{ o | e }} {% endfor %}
{% endif %} {% if vulnerability_class %}
Vulnerability Class:
{% for vc in vulnerability_class %} {{ vc | e }} {% endfor %}
{% endif %}
{% endif %} {% if references or source or shortlink %}

References

{% if source %}
Source:
{{ source | e }}
{% endif %} {% if shortlink %}
Shortlink:
{{ shortlink | e }}
{% endif %} {% if references %}
References:
{% endif %}
{% endif %} {% if fingerprints %}

Fingerprints

{% if fingerprints.rule %}
Rule Fingerprint:
{{ fingerprints.rule | e }}
{% endif %} {% if fingerprints.exact %}
Exact Fingerprint:
{{ fingerprints.exact | e }}
{% endif %} {% if fingerprints.ctx %}
Context Fingerprint:
{{ fingerprints.ctx | e }}
{% endif %}

Fingerprint Types:
RULE: Rule-based identifier derived from rule ID and normalized code structure. Stable across file moves and commits.
EXACT: Location-bound identifier derived from rule ID, file content hash, and byte span. Binds tightly to a specific file revision.
CTX: Contextual identifier derived from rule ID, relative file path, and redacted context window. Remains valid through small edits.

{% endif %}
{% else %}
No SAST findings..
{% endif %}
{% endif %}