You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
I'm trying to write a template that uses the grype example csv template but with 2 extra columns of CVSSv3, CVSSv2.
To get the values out I'm first looking at .Vulnerability.Cvss.Metrics.BaseScore when it exists for the vulnerability, if not use the Vulnerability.RelatedVulnerabilities but I'm given an error:
1 error occurred:
* unable to write result: unable to encode result: unable to execute supplied template: template: test.template:18:28: executing "test.template" at <.Vulnerability.RelatedVulnerabilities>: can't evaluate field RelatedVulnerabilities in type models.Vulnerability
What you expected to happen:
Output to look like: CVE-2020-36518: V3: 7.5 V2: 5
How to reproduce it (as minimally and precisely as possible): test.template:
{{- range .Matches}}
{{ $v2Score := "" }}
{{ $v3Score := "" }}
{{- $vulnID := .Vulnerability.ID}}
{{- if (gt (len .Vulnerability.Cvss) 0) }}
{{- range .Vulnerability.Cvss }}
{{- if and (eq .type "Primary") (ge (float64 .Version) 3.0) }}
{{ $v3Score = .Metrics.BaseScore }}
{{- end}}
{{- if and (eq .type "Primary") (lt (float64 .Version) 3.0) }}
{{ $v2Score = .Metrics.BaseScore }}
{{- end}}
{{- end }}
{{$vulnID}}: V3: {{$v3Score}} V2: {{$v2Score}}
{{else}}
{{- range .Vulnerability.RelatedVulnerabilities}}
{{- range .cvss}}
{{- if and (eq .type "Primary") (ge (float64 .Version) 3.0) }}
{{ $v3Score = .Metrics.BaseScore }}
{{- end}}
{{- if and (eq .type "Primary") (lt (float64 .Version) 3.0) }}
{{ $v2Score = .Metrics.BaseScore }}
{{- end}}
{{- end}}
{{$vulnID}}: V3: {{$v3Score}} V2: {{$v2Score}}
{{- end}}
{{- end }}
{{- end}}
What happened:
I'm trying to write a template that uses the grype example csv template but with 2 extra columns of CVSSv3, CVSSv2.
To get the values out I'm first looking at .Vulnerability.Cvss.Metrics.BaseScore when it exists for the vulnerability, if not use the Vulnerability.RelatedVulnerabilities but I'm given an error:
What you expected to happen:
Output to look like:
CVE-2020-36518: V3: 7.5 V2: 5
How to reproduce it (as minimally and precisely as possible):
test.template:
grype --output template --template test.template --scope all-layers alpine:3.14.10
Anything else we need to know?:
It's very difficult to get a CVSS score for a vulnerability for reporting purposes.
Environment:
grype version
:cat /etc/os-release
or similar):"Ubuntu 22.04.3 LTS"
The text was updated successfully, but these errors were encountered: