functions/ConvertFrom-JFrogToCodeDx.ps1

<#
.SYNOPSIS
Converts a JFrog XRay JSON report to a Code Dx report for importing results.
 
.DESCRIPTION
Used to convert a JFrog XRay JSON report file to a Code Dx XML format so it can be imported.
  
.EXAMPLE
ConvertFrom-JFrogToCodeDX [scan_file_to_process] [output_directory]
#>

    
Function ConvertFrom-JFrogToCodeDx
{
    [cmdletbinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$SourceScanFilepath,
        [Parameter(Mandatory=$true)]
        [string]$OutputDir
    )
    
    #Setup variables
    $CDate = Get-Date -format "yyyy-MM-dd-HHmmss"
    $OutputFilePath = $OutputDir.Trim("""") + "\JF2CDX-" + $CDate + ".xml"
    
    # Enable for Debugging
    #
    #$SourceScanFilepath = "JFrog.json"
    #$OutputFilePath = "C:\Users\aacuna\Documents\repos\powershell\Code Dx\JF2CDX-" + $CDate + ".xml"
    
    $SourceScanFile = $SourceScanFilepath.Trim("""")
    $ToolName = "JFrog"
    $NativeIDName = "JFrog ID"
    $NativeID
    $cwe
    $description
    $locationFile
    $locationLine
    $reportDate

    #Setup Code Dx output doc
    [xml]$doc = New-Object System.Xml.XmlDocument
    $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null)
    $updateXML= $doc.AppendChild($dec)
    $reportComment = "JFrog to Code Dx - Generated $CDate"
    $updateXML= $doc.AppendChild($doc.CreateComment($reportComment))
    $root = $doc.CreateNode("element","report",$null)
    
    #read source file and create custom PSO
    $SourceScanData = Get-Content -Raw -Encoding UTF8 -Path $SourceScanFile | ConvertFrom-Json

    #pull report date attributes and reformat for Code Dx file
    $reportDate = $CDate.Substring(0,10)

    #Set Root attributes
    $root.SetAttribute("date",$reportDate)
    $root.SetAttribute("tool",$ToolName)

    #create findings Element
    $fds = $doc.CreateNode("element","findings",$null)

    #Get parent array of results
    $Results = $SourceScanData.data

    $Results | ForEach-Object{

            #Create Code Dx elements
            $fd = $doc.CreateNode("element","finding",$null)
            $id = $doc.CreateNode("element","native-id",$null)
            $cwe = $doc.CreateNode("element","cwe",$null)
            $desc = $doc.CreateNode("element","description",$null)
            $tl = $doc.CreateNode("element","tool",$null)
            $loc = $doc.CreateNode("element","location",$null)
            $md = $doc.CreateNode("element","metadata",$null)

            #Set finding "fd" attributes
            $fd.SetAttribute("severity", $_.severity.ToLower())
            $fd.SetAttribute("type","Component Analysis")
            #$fd.SetAttribute("status", "new")

            #Set Native ID attributes
            $id.SetAttribute("name",$NativeIDName)
            $id.SetAttribute("value", $_.id)

            #Set CWE attributes
            $cwe.SetAttribute("id","937")

            #Set Tool attributes
            $tl.SetAttribute("name",$ToolName)
            $tl.SetAttribute("category","Security")
            $tl.SetAttribute("code", "Vulnerable Component")

            #Split Component information to get group, name, and version info
            $arrComp = $_.source_comp_id.Split(":")
            $compGroup = $arrComp[1].Substring(2)
            $compArtifactName = $arrComp[2]
            $compVersion = $arrComp[3]

            #build location node and attributes
            $loc.SetAttribute("type","logical")
            $loc.SetAttribute("path", $_.component)

            #Add Component Name element to Metadata
            $e = $doc.CreateNode("element","value",$null)
            $e.SetAttribute("key","Component Name")
            $e.InnerText = $compArtifactName
            $updateXML= $md.AppendChild($e)

            #Add Component Version element to Metadata
            $e = $doc.CreateNode("element","value",$null)
            $e.SetAttribute("key","Component Version")
            $e.InnerText = $compVersion
            $updateXML= $md.AppendChild($e)

            #Add Component Group element to Metadata
            $e = $doc.CreateNode("element","value",$null)
            $e.SetAttribute("key","Component Group ID")
            $e.InnerText = $compGroup
            $updateXML= $md.AppendChild($e)

            #collect Vulnerable Versions List
            $arrVVersion = $_.component_versions.vulnerable_versions
            $VersionList = $null
            $arrVVersion | ForEach-Object {
                If($VersionList.length -gt 0){
                    $VersionList = $VersionList + " , " + $_ 
                }
                Else{
                    $VersionList = $_
                }
            }

            #Add Vulnerable Version List element to Metadata
            $e = $doc.CreateNode("element","value",$null)
            $e.SetAttribute("key","Vulnerable Versions")
            $e.InnerText = $VersionList
            $updateXML= $md.AppendChild($e)

            #collect Fixed Versions List
            $arrVVersion = $_.component_versions.fixed_versions
            $VersionList = $null
            $arrVVersion | ForEach-Object {
                If($VersionList.length -gt 0){
                    $VersionList = $VersionList + " , " + $_ 
                }
                Else{
                    $VersionList = $_
                }
            }

            #Add Fixed Version List element to Metadata
            $e = $doc.CreateNode("element","value",$null)
            $e.SetAttribute("key","Fixed Versions")
            $e.InnerText = $VersionList
            $updateXML= $md.AppendChild($e)

            #Build Description info
            $resDesc = "Summary: " + $_.summary + "`n`nDescription: " + $_.component_versions.more_details.description

            #Set description attributes
            $desc.SetAttribute("format", "plain-text")
            $desc.InnerText = $resDesc

            #Capture CVEs node
            $arrCVEs = $_.component_versions.more_details.cves

            <#
            #Build CVE List Nodes
            $cves = $doc.CreateNode("element","cves",$null)
            $cves | ForEach-Object{
                $cve = $doc.CreateNode("element","cve",$null)
                $cveArr = $_."Vulnerability Name".split("-")
                $cve.SetAttribute("sequence-number",$cveArr[2])
                $cve.SetAttribute("year",$cveArr[1])
                $updateXML= $cves.AppendChild($cve)
                $updateXML= $fd.AppendChild($cves)
                }
            #>


            #append remaining children to finding
            $updateXML= $fd.AppendChild($id)
            $updateXML= $fd.AppendChild($cwe)
            $updateXML= $fd.AppendChild($tl)
            $updateXML= $fd.AppendChild($loc)
            $updateXML= $fd.AppendChild($desc)
            $updateXML= $fd.AppendChild($md)

            #append finding to findings
            $updateXML= $fds.AppendChild($fd)
    }


    $updateXML= $root.AppendChild($fds)
    $updateXML= $doc.AppendChild($root) | Out-Null
    Write-Host "Outputing file to: $OutputFilePath"
    $doc.Save($OutputFilePath)
}