added average vulnEvents statistic

Author: Hubtrick-Git

controllers/statistics_controller.go

@@ -267,10 +267,32 @@ func (c *StatisticsController) GetOrgStatistics(ctx shared.Context) error {
 
 	topCVEs, err := c.statisticsRepository.GetMostCommonCVEsInOrg(org.ID, 10)
 	if err != nil {
-		return err
+		return echo.NewHTTPError(500, "could not get most common CVEs across org")
+	}
+
+	vulnEventAverages, err := c.statisticsRepository.GetWeeklyAveragePerVulnEventType(org.ID)
+	if err != nil {
+		return echo.NewHTTPError(500, "could not get weekly average for vuln events")
+	}
+
+	vulnEventAverageDistribution := dtos.AverageVulnEventsPerWeek{}
+	for _, average := range vulnEventAverages {
+		switch average.VulnEventType {
+		case dtos.EventTypeDetected:
+			vulnEventAverageDistribution.AverageDetectedEvents = average.Average
+		case dtos.EventTypeAccepted:
+			vulnEventAverageDistribution.AverageAcceptedEvents = average.Average
+		case dtos.EventTypeFalsePositive:
+			vulnEventAverageDistribution.AverageFalsePositiveEvents = average.Average
+		case dtos.EventTypeFixed:
+			vulnEventAverageDistribution.AverageFixedEvents = average.Average
+		case dtos.EventTypeReopened:
+			vulnEventAverageDistribution.AverageReopenedEvents = average.Average
+		}
 	}
 
 	orgStatistics := dtos.OrgOverview{
+		VulnEventAverage: vulnEventAverageDistribution,
 		VulnDistribution: distribution,
 		OrgStructure:     structure,
 		TopProjects:      projects,

database/repositories/statistics_repository.go

@@ -575,3 +575,29 @@ func (r *statisticsRepository) GetMostCommonCVEsInOrg(orgID uuid.UUID, limit int
 	LIMIT 10;`).Find(&topCVEs).Error
 	return topCVEs, err
 }
+
+func (r *statisticsRepository) GetWeeklyAveragePerVulnEventType(orgID uuid.UUID) ([]dtos.VulnEventAverage, error) {
+	averageByType := []dtos.VulnEventAverage{}
+	err := r.db.Raw(`
+	SELECT 
+		type, AVG(count) as weekly_average
+	FROM(
+	SELECT
+		weeks.week,
+		types.type,
+		COALESCE(counts.count, 0) AS count
+	FROM
+		(SELECT DISTINCT date_trunc('week', created_at) AS week FROM vuln_events) weeks
+		CROSS JOIN (SELECT DISTINCT type FROM vuln_events) types
+		LEFT JOIN (
+		SELECT date_trunc('week', a.created_at) AS week, a.type, COUNT(*)
+		FROM vuln_events a
+		LEFT JOIN dependency_vulns b ON a.vuln_id = b.id
+		LEFT JOIN assets c ON b.asset_id = c.id
+		LEFT JOIN projects d ON c.project_id = d.id
+		WHERE d.organization_id = ?
+		GROUP BY week, a.type
+		) counts USING (week, type)
+	) GROUP BY type;`, orgID).Find(&averageByType).Error
+	return averageByType, err
+}

dtos/statistics_dto.go

@@ -108,6 +108,19 @@ type CVEOccurrencesAcrossOrg struct {
 	TotalAmountInOrg string `json:"totalAmount" gorm:"column:total_amount"`
 }
 
+type VulnEventAverage struct {
+	VulnEventType VulnEventType `gorm:"column:type"`
+	Average       float32       `gorm:"column:weekly_average"`
+}
+
+type AverageVulnEventsPerWeek struct {
+	AverageDetectedEvents      float32 `json:"averageDetectedEvents"`
+	AverageReopenedEvents      float32 `json:"averageReopenedEvents"`
+	AverageFalsePositiveEvents float32 `json:"averageFalsePositiveEvents"`
+	AverageAcceptedEvents      float32 `json:"averageAcceptedEvents"`
+	AverageFixedEvents         float32 `json:"averageFixedEvents"`
+}
+
 type OrgOverview struct {
 	VulnDistribution VulnDistribution `json:"vulnDistribution"`
 
@@ -118,4 +131,6 @@ type OrgOverview struct {
 
 	TopComponents []ComponentUsageAcrossOrg `json:"topComponents"`
 	TopCVEs       []CVEOccurrencesAcrossOrg `json:"topCVEs"`
+
+	VulnEventAverage AverageVulnEventsPerWeek `json:"vulnEventAverage"`
 }

shared/common_interfaces.go

@@ -537,6 +537,7 @@ type StatisticsRepository interface {
 	GetMostVulnerableAssetsInOrg(orgID uuid.UUID, limit int) ([]dtos.VulnDistributionInStructure, error)
 	GetMostUsedComponentsInOrg(orgID uuid.UUID, limit int) ([]dtos.ComponentUsageAcrossOrg, error)
 	GetMostCommonCVEsInOrg(orgID uuid.UUID, limit int) ([]dtos.CVEOccurrencesAcrossOrg, error)
+	GetWeeklyAveragePerVulnEventType(orgID uuid.UUID) ([]dtos.VulnEventAverage, error)
 }
 
 type ArtifactRiskHistoryRepository interface {