Use description as title

pkg/run.go

@@ -29,15 +29,6 @@ func Run(c *cli.Context) (err error) {
 	}
 	log.Logger.Debugf("cache dir:  %s", utils.CacheDir())
 
-	args := c.Args()
-	filePath := c.String("input")
-	if filePath == "" && len(args) == 0 {
-		log.Logger.Info(`trivy" requires at least 1 argument or --input option.`)
-		cli.ShowAppHelpAndExit(c, 1)
-	}
-
-	utils.Quiet = c.Bool("quiet")
-
 	clean := c.Bool("clean")
 	if clean {
 		log.Logger.Info("Cleaning caches...")
@@ -47,7 +38,18 @@ func Run(c *cli.Context) (err error) {
 		if err = os.RemoveAll(utils.CacheDir()); err != nil {
 			return xerrors.New("failed to remove cache")
 		}
+		return nil
 	}
+
+	args := c.Args()
+	filePath := c.String("input")
+	if filePath == "" && len(args) == 0 {
+		log.Logger.Info(`trivy" requires at least 1 argument or --input option.`)
+		cli.ShowAppHelpAndExit(c, 1)
+	}
+
+	utils.Quiet = c.Bool("quiet")
+
 	o := c.String("output")
 	output := os.Stdout
 	if o != "" {

pkg/scanner/scan.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 	"sort"
+	"strings"
 
 	"github.com/knqyf263/trivy/pkg/log"
 
@@ -148,6 +149,13 @@ func getDetail(vulnID string) (vulnerability.Severity, string) {
 	}
 	severity := getSeverity(details)
 	title := getTitle(details)
+	if title == "" {
+		title = getDescription(details)
+	}
+	splittedTitle := strings.Split(title, " ")
+	if len(splittedTitle) >= 12 {
+		title = strings.Join(splittedTitle[:12], " ") + "..."
+	}
 	return severity, title
 }
 
@@ -183,6 +191,19 @@ func getTitle(details map[string]vulnerability.Vulnerability) string {
 	return ""
 }
 
+func getDescription(details map[string]vulnerability.Vulnerability) string {
+	for _, source := range sources {
+		d, ok := details[source]
+		if !ok {
+			continue
+		}
+		if d.Description != "" {
+			return d.Description
+		}
+	}
+	return ""
+}
+
 func scoreToSeverity(score float64) vulnerability.Severity {
 	if score >= 9.0 {
 		return vulnerability.SeverityCritical

pkg/vulnsrc/nvd/nvd.go

@@ -18,9 +18,7 @@ import (
 )
 
 const (
-	nvdDir       = "nvd"
-	rootBucket   = "NVD"
-	nestedBucket = "dummy"
+	nvdDir = "nvd"
 )
 
 func Update(dir string, updatedFiles map[string]struct{}) error {
@@ -36,9 +34,9 @@ func Update(dir string, updatedFiles map[string]struct{}) error {
 
 	bar := utils.PbStartNew(len(targets))
 	defer bar.Finish()
-	var items []vulnerability.Item
+	var items []Item
 	err = utils.FileWalk(rootDir, targets, func(r io.Reader, _ string) error {
-		item := vulnerability.Item{}
+		item := Item{}
 		if err := json.NewDecoder(r).Decode(&item); err != nil {
 			return xerrors.Errorf("failed to decode NVD JSON: %w", err)
 		}
@@ -57,20 +55,33 @@ func Update(dir string, updatedFiles map[string]struct{}) error {
 	return nil
 }
 
-func save(items []vulnerability.Item) error {
+func save(items []Item) error {
 	log.Logger.Debug("NVD batch update")
 	err := vulnerability.BatchUpdate(func(b *bolt.Bucket) error {
 		for _, item := range items {
 			cveID := item.Cve.Meta.ID
 			severity, _ := vulnerability.NewSeverity(item.Impact.BaseMetricV2.Severity)
 			severityV3, _ := vulnerability.NewSeverity(item.Impact.BaseMetricV3.CvssV3.BaseSeverity)
+
+			var references []string
+			for _, ref := range item.Cve.References.ReferenceDataList {
+				references = append(references, ref.URL)
+			}
+
+			var description string
+			for _, d := range item.Cve.Description.DescriptionDataList {
+				if d.Value != "" {
+					description = d.Value
+					break
+				}
+			}
+
 			vuln := vulnerability.Vulnerability{
-				Severity:   severity,
-				SeverityV3: severityV3,
-				// TODO
-				References:  []string{},
+				Severity:    severity,
+				SeverityV3:  severityV3,
+				References:  references,
 				Title:       "",
-				Description: "",
+				Description: description,
 			}
 
 			if err := db.Put(b, cveID, vulnerability.Nvd, vuln); err != nil {

pkg/vulnsrc/nvd/types.go

@@ -0,0 +1,55 @@
+package nvd
+
+type NVD struct {
+	CVEItems []Item `json:"CVE_Items"`
+}
+
+type Item struct {
+	Cve    Cve
+	Impact Impact
+}
+
+type Cve struct {
+	Meta        Meta `json:"CVE_data_meta"`
+	References  References
+	Description Description
+}
+
+type Meta struct {
+	ID string
+}
+
+type Impact struct {
+	BaseMetricV2 BaseMetricV2
+	BaseMetricV3 BaseMetricV3
+}
+
+type BaseMetricV2 struct {
+	Severity string
+}
+
+type BaseMetricV3 struct {
+	CvssV3 CvssV3
+}
+
+type CvssV3 struct {
+	BaseSeverity string
+}
+
+type References struct {
+	ReferenceDataList []ReferenceData `json:"reference_data"`
+}
+type ReferenceData struct {
+	Name      string
+	Refsource string
+	URL       string
+}
+
+type Description struct {
+	DescriptionDataList []DescriptionData `json:"description_data"`
+}
+
+type DescriptionData struct {
+	Lang  string
+	Value string
+}

pkg/vulnsrc/vulnerability/types.go

@@ -65,37 +65,3 @@ func (s Severity) String() string {
 type LastUpdated struct {
 	Date time.Time
 }
-
-type NVD struct {
-	CVEItems []Item `json:"CVE_Items"`
-}
-
-type Item struct {
-	Cve    Cve
-	Impact Impact
-}
-
-type Cve struct {
-	Meta Meta `json:"CVE_data_meta"`
-}
-
-type Meta struct {
-	ID string
-}
-
-type Impact struct {
-	BaseMetricV2 BaseMetricV2
-	BaseMetricV3 BaseMetricV3
-}
-
-type BaseMetricV2 struct {
-	Severity string
-}
-
-type BaseMetricV3 struct {
-	CvssV3 CvssV3
-}
-
-type CvssV3 struct {
-	BaseSeverity string
-}

pkg/vulnsrc/vulnsrc.go

@@ -1,6 +1,8 @@
 package vulnsrc
 
 import (
+	"path/filepath"
+
 	"github.com/knqyf263/trivy/pkg/git"
 	"github.com/knqyf263/trivy/pkg/log"
 	"github.com/knqyf263/trivy/pkg/utils"
@@ -11,7 +13,6 @@ import (
 	"github.com/knqyf263/trivy/pkg/vulnsrc/redhat"
 	"github.com/knqyf263/trivy/pkg/vulnsrc/ubuntu"
 	"golang.org/x/xerrors"
-	"path/filepath"
 )
 
 const (