chore: make test result metadata more generic (#485)

Author: CatalinSnyk

internal/presenters/presenter_ufm_test.go

@@ -55,8 +55,12 @@ func normalizeAutomationID(run map[string]interface{}) {
 	if automationDetails, ok := run["automationDetails"].(map[string]interface{}); ok {
 		if id, ok := automationDetails["id"].(string); ok {
 			parts := strings.Split(id, "/")
+			offset := 1
+			if len(parts) >= 5 {
+				offset = 2
+			}
 			if len(parts) >= 2 {
-				automationDetails["id"] = strings.Join(parts[:len(parts)-1], "/") + "/*"
+				automationDetails["id"] = strings.Join(parts[:len(parts)-offset], "/") + "/*"
 			}
 		}
 	}
@@ -67,7 +71,6 @@ func normalizeAutomationID(run map[string]interface{}) {
 func normalizeToolProperties(run map[string]interface{}) {
 	if tool, ok := run["tool"].(map[string]interface{}); ok {
 		if driver, ok := tool["driver"].(map[string]interface{}); ok {
-			delete(driver, "properties")
 			normalizeRules(driver)
 		}
 	}
@@ -429,7 +432,7 @@ func normalizeSarifForComparison(t *testing.T, sarifJSON string) map[string]inte
 		// Normalize automation ID (missing project name in actual output)
 		normalizeAutomationID(run)
 
-		// Normalize tool properties and rules (artifactsScanned missing, CVSS formatting, license wording)
+		// Normalize tool properties and rules (CVSS formatting, license wording)
 		normalizeToolProperties(run)
 
 		// Normalize result messages (license issue wording)
@@ -514,7 +517,6 @@ func Test_UfmPresenter_Sarif(t *testing.T) {
 			if !assert.JSONEq(t, string(expectedJSON), string(actualJSON),
 				"SARIF output differs. Known gaps are normalized:\n"+
 					"- Automation ID: missing project name\n"+
-					"- Tool properties: missing artifactsScanned\n"+
 					"- Suppressions: not included in original SARIF\n"+
 					"- Fix packages: using vulnerable package instead of direct dependency\n"+
 					"- Package versions: may differ based on dependency path selection\n"+

internal/presenters/templates/ufm.sarif.tmpl

@@ -9,42 +9,49 @@
 			{{- range $findingTypeIndex, $findingType := $findingTypes }}
 			{{- $issues := getIssuesFromTestResult $result $findingType }}
 			{{- $issuesSize := sub (len $issues) 1 }}
+			{{- $metadata := $result.GetMetadata }}
 			{
 				"tool": {
 					"driver" : {
 						"name" : "{{- convertTypeToDriverName (printf "%s" $findingType) }}",
 						"semanticVersion" : "{{- getRuntimeInfo "version" }}",
 						"version" : "{{- getRuntimeInfo "version" }}",
 						"informationUri" : "https://docs.snyk.io/",
-					"rules" : [
-						{{- range $index, $issue := $issues }}
-						{{- $tags := buildRuleTags $issue }}
-						{{- $cvssScore := getRuleCVSSScore $issue }}
-						{
-							"id": {{ getQuotedString $issue.GetID }},
-							"shortDescription": {
-								"text": {{ getQuotedString (buildRuleShortDescription $issue) }}
-							},
-							"fullDescription": {
-								"text": {{ getQuotedString (buildRuleFullDescription $issue) }}
-							},
-							"help": {
-								"text": "",
-								"markdown": {{ getQuotedString (buildRuleHelpMarkdown $issue $findingType) }}
-							},
-							"properties": {
-								"tags": [
-									{{- $tagsSize := sub (len $tags) 1 }}
-									{{- range $tagIndex, $tag := $tags }}
-									{{ getQuotedString (printf "%v" $tag) }}{{if lt $tagIndex $tagsSize}},{{end}}
-									{{- end }}
-								]{{if ge $cvssScore 0.0}},
-								"cvssv3_baseScore": {{ $cvssScore }},
-								"security-severity": {{ getQuotedString (printf "%.1f" $cvssScore) }}{{end}}
-							}
-						}{{if lt $index $issuesSize}},{{end}}
+						"rules" : [
+							{{- range $index, $issue := $issues }}
+							{{- $tags := buildRuleTags $issue }}
+							{{- $cvssScore := getRuleCVSSScore $issue }}
+							{
+								"id": {{ getQuotedString $issue.GetID }},
+								"shortDescription": {
+									"text": {{ getQuotedString (buildRuleShortDescription $issue) }}
+								},
+								"fullDescription": {
+									"text": {{ getQuotedString (buildRuleFullDescription $issue) }}
+								},
+								"help": {
+									"text": "",
+									"markdown": {{ getQuotedString (buildRuleHelpMarkdown $issue $findingType) }}
+								},
+								"properties": {
+									"tags": [
+										{{- $tagsSize := sub (len $tags) 1 }}
+										{{- range $tagIndex, $tag := $tags }}
+										{{ getQuotedString (printf "%v" $tag) }}{{if lt $tagIndex $tagsSize}},{{end}}
+										{{- end }}
+									]{{if ge $cvssScore 0.0}},
+									"cvssv3_baseScore": {{ $cvssScore }},
+									"security-severity": {{ getQuotedString (printf "%.1f" $cvssScore) }}{{end}}
+								}
+							}{{if lt $index $issuesSize}},{{end}}
+							{{- end }}
+						]
+						{{- $dependencyCount := index $metadata "dependency-count" }}
+						{{- if $dependencyCount }},
+						"properties": {
+							"artifactsScanned": {{ $dependencyCount }}
+						}
 						{{- end }}
-					]
 					}
 				},
 			"results": [
@@ -200,8 +207,8 @@
 				},
 				*/ -}}
 				"automationDetails": {
-					{{- $projectName := index $result.GetMetadata "project-name" }}
-					"id": "{{- getAutomationDetailsId $projectName (printf "%s" $findingType) }}"
+					{{- $projectName := index $metadata "project-name" }}
+					"id": "{{- getAutomationDetailsId (printf "%s/%d" $projectName $resultIndex) (printf "%s" $findingType) }}"
 				}
 			}{{if or (lt $findingTypeIndex $findingTypesSize) (lt $resultIndex (sub (len $.TestResults) 1))}},{{end}}{{- end}}	
 		{{- end}}

internal/presenters/testdata/ufm/multi_project.testresult.json

@@ -12,7 +12,8 @@
     "metadata": {
       "project-name": "tpwe",
       "display-target-file": "dotnet/obj/project.assets.json",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 84
     },
     "createdAt": "2025-11-13T15:29:14.585711Z",
     "testSubject": {
@@ -824,7 +825,8 @@
     "metadata": {
       "project-name": "package.json",
       "display-target-file": "ghost/package.json",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 23
     },
     "createdAt": "2025-11-13T15:29:14.491151Z",
     "testSubject": {
@@ -4388,7 +4390,8 @@
     "metadata": {
       "project-name": "golangproject",
       "display-target-file": "golang/go.mod",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 29
     },
     "createdAt": "2025-11-13T15:29:14.506347Z",
     "testSubject": {
@@ -4543,7 +4546,8 @@
     "metadata": {
       "project-name": "demo:maven-demo",
       "display-target-file": "maven/pom.xml",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 4
     },
     "createdAt": "2025-11-13T15:29:14.480432Z",
     "testSubject": {
@@ -4595,7 +4599,8 @@
     "metadata": {
       "project-name": "not-python",
       "display-target-file": "not-python/requirements.txt",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 7
     },
     "createdAt": "2025-11-13T15:29:14.440374Z",
     "testSubject": {
@@ -6413,7 +6418,8 @@
     "metadata": {
       "project-name": "python",
       "display-target-file": "python/requirements.txt",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 7
     },
     "createdAt": "2025-11-13T15:29:18.009229Z",
     "testSubject": {
@@ -8228,7 +8234,8 @@
     "metadata": {
       "project-name": "tsc",
       "display-target-file": "tsc/package.json",
-      "target-directory": "multi-project"
+      "target-directory": "multi-project",
+      "dependency-count": 23
     },
     "createdAt": "2025-11-13T15:29:19.594887Z",
     "testSubject": {

internal/presenters/testdata/ufm/testresult_cli.json

@@ -35,7 +35,8 @@
     "metadata": {
       "project-name": "snyk",
       "display-target-file": "package.json",
-      "target-directory": "test-project"
+      "target-directory": "test-project",
+      "dependency-count": 552
     },
     "createdAt": "2025-10-28T15:42:29.689452Z",
     "testSubject": {

internal/presenters/testdata/ufm/webgoat.ignore.sarif.json

@@ -9,6 +9,9 @@
           "semanticVersion": "1.1301.0",
           "version": "1.1301.0",
           "informationUri": "https://docs.snyk.io/",
+          "properties": {
+            "artifactsScanned": 163
+          },
           "rules": [
             {
               "id": "SNYK-JAVA-CHQOSLOGBACK-13169722",
@@ -6179,7 +6182,7 @@
         }
       ],
       "automationDetails": {
-        "id": "Snyk/Open Source/2025-11-12T17:36:30Z"
+        "id": "Snyk/Open Source/webgoat/2025-11-12T17:36:30Z"
       }
     }
   ]

internal/presenters/testdata/ufm/webgoat.ignore.testresult.json

@@ -13,9 +13,10 @@
       }
     },
     "metadata": {
-      "project-name": "",
+      "project-name": "webgoat",
       "display-target-file": "pom.xml",
-      "target-directory": "webgoat"
+      "target-directory": "webgoat",
+      "dependency-count": 163
     },
     "createdAt": "2025-11-12T17:39:33.615146Z",
     "testSubject": {

internal/presenters/testdata/ufm/webgoat.testresult.json

@@ -26,7 +26,8 @@
     "metadata": {
       "project-name": "org.owasp.webgoat:webgoat",
       "display-target-file": "pom.xml",
-      "target-directory": "webgoat"
+      "target-directory": "webgoat",
+      "dependency-count": 163
     },
     "createdAt": "2025-11-06T14:45:12.489805Z",
     "testSubject": {

pkg/apiclients/mocks/testapi.go

@@ -120,8 +120,8 @@ type TestResult interface {
 	GetEffectiveSummary() *FindingSummary
 	GetRawSummary() *FindingSummary
 
-	SetMetadata(key string, value string)
-	GetMetadata() map[string]string
+	SetMetadata(key string, value interface{})
+	GetMetadata() map[string]interface{}
 
 	Findings(ctx context.Context) (resultFindings []FindingData, complete bool, err error)
 }
@@ -200,7 +200,7 @@ type testResult struct {
 	findingsError    error         // Error encountered during findings fetch, if any
 	findingsOnce     sync.Once     // Ensures findings are fetched only once
 
-	metadata map[string]string
+	metadata map[string]interface{}
 
 	// Unexported reference to the parent handle to access client and orgID for fetching
 	handle *testHandle // Populated when testResult is created
@@ -246,12 +246,12 @@ func (r *testResult) GetEffectiveSummary() *FindingSummary { return r.EffectiveS
 func (r *testResult) GetRawSummary() *FindingSummary { return r.RawSummary }
 
 // SetMetadata sets the metadata for the given key.
-func (r *testResult) SetMetadata(key string, value string) {
+func (r *testResult) SetMetadata(key string, value interface{}) {
 	r.metadata[key] = value
 }
 
 // GetMetadata returns the metadata for the given key.
-func (r *testResult) GetMetadata() map[string]string {
+func (r *testResult) GetMetadata() map[string]interface{} {
 	return r.metadata
 }
 
@@ -542,7 +542,7 @@ func (h *testHandle) fetchResultStatus(ctx context.Context, testID uuid.UUID) (T
 		EffectiveSummary:  attrs.EffectiveSummary,
 		RawSummary:        attrs.RawSummary,
 		handle:            h,
-		metadata:          make(map[string]string),
+		metadata:          make(map[string]interface{}),
 	}
 
 	if attrs.State != nil {

pkg/apiclients/testapi/testapi.go

@@ -27,7 +27,7 @@ type jsonTestResult struct {
 	EffectiveSummary  *testapi.FindingSummary         `json:"effectiveSummary,omitempty"`
 	RawSummary        *testapi.FindingSummary         `json:"rawSummary,omitempty"`
 	FindingsComplete  bool                            `json:"findingsComplete"`
-	Metadata          map[string]string               `json:"metadata,omitempty"`
+	Metadata          map[string]interface{}          `json:"metadata,omitempty"`
 	// Optimized wire format: central problem store (optional, for serialization)
 	ProblemStore map[string]json.RawMessage `json:"problemStore,omitempty"`
 	ProblemRefs  map[string][]string        `json:"_problemRefs,omitempty"`
@@ -105,12 +105,12 @@ func (j *jsonTestResult) GetRawSummary() *testapi.FindingSummary {
 }
 
 // SetMetadata sets the metadata for the given key.
-func (j *jsonTestResult) SetMetadata(key string, value string) {
+func (j *jsonTestResult) SetMetadata(key string, value interface{}) {
 	j.Metadata[key] = value
 }
 
 // GetMetadata returns the metadata for the given key.
-func (j *jsonTestResult) GetMetadata() map[string]string {
+func (j *jsonTestResult) GetMetadata() map[string]interface{} {
 	return j.Metadata
 }