refactor: update callers to use VulnScanOutput instead of tuple unpacking

- Replace tuple unpacking with single VulnScanOutput object in execute()
- Update vulnerability processing to use structured scan_success flag
- Pass VulnScanOutput to downstream functions (breaking change)
- Update test to use VulnScanOutput instead of tuple format
- Add TODO for threshold logic adaptation

Author: bluesentinelsec

entrypoint/entrypoint/orchestrator.py

@@ -36,18 +36,18 @@ def execute(args) -> int:
     set_github_actions_output('inspector_scan_results', output_config.output_inspector_scan_path)
 
     logging.info("tallying vulnerabilities")
-    succeeded, scan_result, fixed_vuln_counts = get_scan_result(args, config, output_config)
-    require_true(succeeded, "unable to tally vulnerabilities")
+    vuln_scan_result = get_scan_result(args, config, output_config)
+    require_true(vuln_scan_result.scan_success, f"unable to tally vulnerabilities: {vuln_scan_result.error_message}")
 
-    print_vuln_count_summary(scan_result)
+    print_vuln_count_summary(vuln_scan_result)
 
-    vuln_counts = fixed_vuln_counts if output_config.threshold_fixable_only else scan_result
+    vuln_counts = vuln_scan_result  # TODO: Need to adapt threshold logic
     set_env_var_if_vuln_threshold_exceeded(output_config, vuln_counts)
 
-    write_pkg_vuln_report_csv(output_config.output_inspector_scan_path_csv, scan_result)
+    write_pkg_vuln_report_csv(output_config.output_inspector_scan_path_csv, vuln_scan_result)
     set_github_actions_output('inspector_scan_results_csv', output_config.output_inspector_scan_path_csv)
 
-    pkg_vuln_markdown = write_pkg_vuln_report_markdown(output_config.output_inspector_scan_path_markdown, scan_result)
+    pkg_vuln_markdown = write_pkg_vuln_report_markdown(output_config.output_inspector_scan_path_markdown, vuln_scan_result)
     post_pkg_vuln_github_actions_step_summary(output_config, pkg_vuln_markdown)
     set_github_actions_output('inspector_scan_results_markdown', output_config.output_inspector_scan_path_markdown)
 

entrypoint/tests/test_orchestrator.py

@@ -178,11 +178,11 @@ def test_system_against_dockerfile_findings(self):
             config = ScanConfig.from_args(args)
             output_config = OutputConfig.from_args(args)
 
-            succeeded, scan_result, fixed_vuln_counts = orchestrator.get_scan_result(args, config, output_config)
-            self.assertTrue(succeeded)
+            vuln_scan_result = orchestrator.get_scan_result(args, config, output_config)
+            self.assertTrue(vuln_scan_result.scan_success)
 
-            orchestrator.write_pkg_vuln_report_csv(args.out_scan_csv, scan_result)
-            orchestrator.write_pkg_vuln_report_markdown(args.out_scan_markdown, scan_result)
+            orchestrator.write_pkg_vuln_report_csv(args.out_scan_csv, vuln_scan_result)
+            orchestrator.write_pkg_vuln_report_markdown(args.out_scan_markdown, vuln_scan_result)
             dockerfile.write_dockerfile_report_csv(args.out_scan, args.out_dockerfile_scan_csv)
             dockerfile.write_dockerfile_report_md(args.out_scan, args.out_dockerfile_scan_md)