refactor: replace get_scan_result tuple return with structured VulnScanOutput

- Change get_scan_result() to return VulnScanOutput instead of complex tuple
- Consolidate vulnerability counts into structured output object
- Add specific error messages for different failure scenarios
- Include total vulnerability count and breakdown by severity
- Add test to verify VulnScanOutput return type

Author: bluesentinelsec

entrypoint/entrypoint/orchestrator.py

@@ -272,18 +272,24 @@ def invoke_inspector_scan(src_sbom, dst_scan):
     )
 
 
-def get_scan_result(args, config, output_config) -> tuple[bool, exporter.InspectorScanResult, fixed_vulns.FixedVulns]:
+def get_scan_result(args, config, output_config):
     scan_result = exporter.InspectorScanResult(vulnerabilities=[pkg_vuln.Vulnerability()])
     fixed_vulns_counts = fixed_vulns.FixedVulns(criticals=0, highs=0, mediums=0, lows=0, others=0)
 
     succeeded, fixed_vulns_counts = get_fixed_vuln_counts(
         output_config.output_inspector_scan_path)
     if succeeded is False:
-        return False, scan_result, fixed_vulns_counts
+        return VulnScanOutput(
+            scan_success=False,
+            error_message="unable to get fixed vulnerability counts"
+        )
 
     succeeded, criticals, highs, mediums, lows, others = get_vuln_counts(output_config.output_inspector_scan_path)
     if succeeded is False:
-        return False, scan_result, fixed_vulns_counts
+        return VulnScanOutput(
+            scan_success=False,
+            error_message="unable to get vulnerability counts"
+        )
 
     try:
         with open(output_config.output_inspector_scan_path, "r") as f:
@@ -292,7 +298,10 @@ def get_scan_result(args, config, output_config) -> tuple[bool, exporter.Inspect
 
     except Exception as e:
         logging.error(e)
-        return False, scan_result, fixed_vulns_counts
+        return VulnScanOutput(
+            scan_success=False,
+            error_message=f"unable to parse scan results: {str(e)}"
+        )
 
     if output_config.show_only_fixable_vulns:
         for vuln in vulns:
@@ -310,7 +319,16 @@ def get_scan_result(args, config, output_config) -> tuple[bool, exporter.Inspect
         others=str(others)
     )
 
-    return succeeded, scan_result, fixed_vulns_counts
+    return VulnScanOutput(
+        scan_success=True,
+        scan_results_file_path=output_config.output_inspector_scan_path,
+        total_vulnerabilities=len(vulns),
+        critical_count=criticals,
+        high_count=highs,
+        medium_count=mediums,
+        low_count=lows,
+        other_count=others
+    )
 
 
 def set_github_actions_output(key, value):

entrypoint/tests/test_orchestrator.py

@@ -375,6 +375,23 @@ def test_invoke_inspector_scan_returns_vuln_scan_output_type(self):
             self.assertIsInstance(result, VulnScanOutput)
             self.assertFalse(result.scan_success)  # Should fail with return code 1
 
+    def test_get_scan_result_returns_vuln_scan_output_type(self):
+        """Verify get_scan_result returns VulnScanOutput instead of tuple"""
+        from unittest.mock import patch, MagicMock
+        from entrypoint.data_model import ScanConfig, OutputConfig, ArtifactType, VulnScanOutput
+        
+        # Create test configs
+        config = ScanConfig(artifact_type=ArtifactType.REPOSITORY, artifact_path="./test")
+        output_config = OutputConfig(output_inspector_scan_path="/tmp/test_scan.json")
+        
+        # Mock file operations to avoid needing real files
+        with patch('entrypoint.orchestrator.get_fixed_vuln_counts', return_value=(False, None)), \
+             patch('entrypoint.orchestrator.get_vuln_counts', return_value=(False, 0, 0, 0, 0, 0)):
+            
+            result = orchestrator.get_scan_result(None, config, output_config)
+            self.assertIsInstance(result, VulnScanOutput)
+            self.assertFalse(result.scan_success)  # Should fail when get_fixed_vuln_counts fails
+
 
 if __name__ == "__main__":
     unittest.main()