-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return results based on severity #197
Comments
I'm not sure we want to add this functionality as there are many ways to filter output. It's probably better suited to the templating feature. Would you consider using a template an acceptable way to accomplish this? For example if I create this template
It will only print High findings in CSV format bress@anchore ➜ grype grype debian:latest -o template -t high.tmpl
✔ Vulnerability DB [no update available]
New version of grype is available: 0.48.0 (currently running: 0.46.0)
✔ Parsed image
✔ Cataloged packages [96 packages]
✔ Scanned image [80 vulnerabilities]
"NAME","VERSION","ID","SEVERITY"
"perl-base","5.32.1-4+deb11u2","CVE-2020-16156","High"
"libgcrypt20","1.8.7-6","CVE-2021-33560","High"
"e2fsprogs","1.46.2-2","CVE-2022-1304","High"
"libcom-err2","1.46.2-2","CVE-2022-1304","High"
"libext2fs2","1.46.2-2","CVE-2022-1304","High"
"libss2","1.46.2-2","CVE-2022-1304","High"
"logsave","1.46.2-2","CVE-2022-1304","High"
"libssl1.1","1.1.1n-0+deb11u3","CVE-2022-2097","High"
"libtinfo6","6.2+20201114-2","CVE-2022-29458","High"
"ncurses-base","6.2+20201114-2","CVE-2022-29458","High"
"ncurses-bin","6.2+20201114-2","CVE-2022-29458","High" |
(1) Thank you. |
This is what you're looking for
I'm going to consider this an issue to document this in the README now. It could also be valuable to create a directory of example templates for the various possible outputs. |
It would be great if there could be an example of how to format the filtered output like the original. Like that little table it currently prints. |
Would it be possible to add this as a |
We could add a
This would allow for more flexibility for the severity options, but also for future filter conditions as well.
|
Were talking about this in discourse! Come add your thoughts here: |
What would you like to be added:
When conducting vulnerability scan with grype, I would like to filter on severity so grype only returns results that meet a certain criticality threshold. e.g. give me all of my high vulns
Why is this needed:
--severity flag in grype that returns cve's based on severity
Additional context:
The text was updated successfully, but these errors were encountered: