progress

Author: northdpole

components/filters/severity/go.mod

@@ -2,7 +2,7 @@ module github.com/smithy-security/smithy/components/filters/severity
 
 go 1.23.7
 
-require github.com/smithy-security/smithy/sdk v0.0.7-alpha.0.20250407140010-7c059b0c7b96
+require github.com/smithy-security/smithy/sdk v0.0.11-alpha
 
 require (
 	ariga.io/atlas v0.29.0 // indirect

components/filters/severity/go.sum

@@ -132,8 +132,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smithy-security/pkg/env v0.0.1 h1:uwLTMLdNN/dv3x4zat75JahEBQDpdBeldjEE8El4OiM=
 github.com/smithy-security/pkg/env v0.0.1/go.mod h1:VIJfDqeAbQQcmohaXcZI6grjeJC9Y8CmqR4ITpdngZE=
-github.com/smithy-security/smithy/sdk v0.0.7-alpha.0.20250407140010-7c059b0c7b96 h1:kkJvlXKGsp1S/5k4KyqWzEefmuUYYtD0e8Hs5YH8fVM=
-github.com/smithy-security/smithy/sdk v0.0.7-alpha.0.20250407140010-7c059b0c7b96/go.mod h1:76LY9UVqLYfc7+a1++rOHkCvvMXAU4zfWw5/TtHbeOI=
+github.com/smithy-security/smithy/sdk v0.0.11-alpha h1:ukPP/nBAbLlvJ0KFA7i4/9+lXV2Lwl6W5sFaEX8LwxU=
+github.com/smithy-security/smithy/sdk v0.0.11-alpha/go.mod h1:76LY9UVqLYfc7+a1++rOHkCvvMXAU4zfWw5/TtHbeOI=
 github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/sqlc-dev/sqlc v1.27.0 h1:wWc+401GLh0whLa30WmDkkl11lMBZuqvDvgu5OsaDiQ=

components/filters/severity/main.go

@@ -11,9 +11,13 @@ import (
 
 	"github.com/smithy-security/smithy/sdk/component"
 	vf "github.com/smithy-security/smithy/sdk/component/vulnerability-finding"
+	ocsffindinginfo "github.com/smithy-security/smithy/sdk/gen/ocsf_ext/finding_info/v1"
 	v1 "github.com/smithy-security/smithy/sdk/gen/ocsf_schema/v1"
+	"google.golang.org/protobuf/encoding/protojson"
 )
 
+const providerName = "severity-filter"
+
 type SeverityFilter struct {
 	minimumSeverity v1.VulnerabilityFinding_SeverityId
 }
@@ -39,7 +43,19 @@ func (s SeverityFilter) Filter(ctx context.Context, findings []*vf.Vulnerability
 	findings_filtered := 0
 	for _, f := range findings {
 		if f.Finding.SeverityId >= s.minimumSeverity {
-			f.Finding.Enrichments = append(f.Finding.Enrichments, &v1.Enrichment{})
+			enrichment := ocsffindinginfo.Enrichment{
+				EnrichmentType: ocsffindinginfo.Enrichment_ENRICHMENT_TYPE_FILTER,
+				Enrichment:     &ocsffindinginfo.Enrichment_Filter{},
+			}
+			toBytes, err := protojson.Marshal(&enrichment)
+			if err != nil {
+				return nil, false, fmt.Errorf("failed to marshal enrichment %v err: %w", enrichment, err)
+			}
+			f.Finding.Enrichments = append(f.Finding.Enrichments, &v1.Enrichment{
+				Name:     "Severity Filter",
+				Provider: &providerName,
+				Value:    string(toBytes),
+			})
 			findings_filtered++
 		}
 	}

components/filters/severity/vendor/github.com/smithy-security/smithy/sdk/component/scanner.go

@@ -123,7 +123,7 @@ github.com/shopspring/decimal
 # github.com/smithy-security/pkg/env v0.0.1
 ## explicit; go 1.23.2
 github.com/smithy-security/pkg/env
-# github.com/smithy-security/smithy/sdk v0.0.7-alpha.0.20250407140010-7c059b0c7b96
+# github.com/smithy-security/smithy/sdk v0.0.11-alpha
 ## explicit; go 1.23.2
 github.com/smithy-security/smithy/sdk
 github.com/smithy-security/smithy/sdk/component
@@ -139,6 +139,7 @@ github.com/smithy-security/smithy/sdk/component/store/remote/postgresql/sqlc/mig
 github.com/smithy-security/smithy/sdk/component/uuid
 github.com/smithy-security/smithy/sdk/component/vulnerability-finding
 github.com/smithy-security/smithy/sdk/gen/findings_service/v1
+github.com/smithy-security/smithy/sdk/gen/ocsf_ext/finding_info/v1
 github.com/smithy-security/smithy/sdk/gen/ocsf_schema/v1
 # github.com/spf13/cast v1.3.1
 ## explicit