New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Matches should be sorted by package name for template output #696
Comments
Just confirmed the initial comments here: Lines 15 to 26 in 67eacff
Sorted call happens here in grype/grype/presenter/models/document.go Lines 23 to 38 in 67eacff
I don't think I'll keep digging down the sprig path, but I'll see if we can get more composability here rather than have |
PR linked here: |
Wow, many thanks @spiffcs, really appreciated! |
Issue
When using a custom output template
-o template -t my.tmpl
the data available in.Matches
is sorted in a non-intuitive order, different from the default (-o table
) output.Currently it seems to be sorted alphabetically by the Vulnerability ID (i.e. CVE-1, CVE-2, GHSA-a, GHSZ-b) which doesn't seem particularly useful and means that multiple vulns for the same package are not necessarily grouped together.
What I expected
I expected them to come out ordered by
Package.Name
(a.k.a.Artifact.Name
) the same order used by the default table output (which sorts the rows by the first column which isPackage.Name
).I investigated various of the sprig functions to see if I could do the sorting myself in the template, but couldn't find a way to sort
Matches
by a specific sub-key before passing it into therange
.Environment
grype version
: 0.34.6cat /etc/os-release
or similar): official docker imageRepro
Use a custom template which adds extra columns such as package type (yes it's horrible to use
printf
with fixed padding but I can't find a way to do tabulation in a custom template, c.f. rejected proposal golang/go#45752)Output: (not grouped very helpfully - even harder to read in cases with more vulns)
What would be more readable instead:
The text was updated successfully, but these errors were encountered: