-
Notifications
You must be signed in to change notification settings - Fork 531
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SARIF report output #304
Comments
Hi @jeff-cook, interesting. Is the idea that this repo would contain a folder of templates? These templates wouldn't be able to ship with the Grype binary, since templates are just text files, of course, but I suppose they could serve as a helpful reference from within the repo. Is that what you had in mind? |
Yes, often I have found tools that support a template option to have examples using commonly widely used formats. SARIF is defiantly going in that direction. JUnit XML is another example. |
Okay, got it — thanks! This makes sense. I'm not sure what the priority of this will be — but, we'll also happily accept PRs for this, too. |
SARIF support would also mean it can feed back into the security tab of GitHub itself FYI |
There is a preference towards adding formats via go code (in the form of presenters) rather than templates. That being said, I think there are probably plenty of cases where adding simple templates is straightforward as long as there is a good mechanism in place to use them easily. We could keep a set of these templates in the repo with a set of snapshot tests for each (like we do with our presenters) and use the https://golang.org/pkg/embed/ package to embed the templates as assets and reference them by name (like we do with the presenters). At least having this mechanism implemented will probably be a good idea (even if it's under leveraged). |
From refinement:
|
What would you like to be added:
I see https://github.com/anchore/scan-action supports a SARIF report.
However, instead of using the
grype --template
option, it creates it in the code.Is there any plan to create a template for use by grype?
Why is this needed:
Being able to create a SARIF report no mater how you use grype.
Additional context:
The text was updated successfully, but these errors were encountered: