Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Json output change array name #16

Closed
hijak opened this issue May 17, 2019 · 4 comments · Fixed by #33
Closed

Json output change array name #16

hijak opened this issue May 17, 2019 · 4 comments · Fixed by #33

Comments

@hijak
Copy link

hijak commented May 17, 2019

Hi

Having the image as the array name in the json output makes it difficult for me to automate html from the json output using something like mustache

can we have the image key (and maybe some more kewl infos) seperate to the vunerablities array?
@knqyf263
Copy link
Collaborator

@hijak Thank you for the report. I know that problem. What format is easy to use? Let me know a sample of JSON.

@hijak
Copy link
Author

hijak commented May 20, 2019
edited
Loading

Hi

Thanks for getting back to me something like the following layout would be useful to me at least

{
  "Image": "image/name",
  "OSversion": "alpine 3.8.2",
  "applicationType": "symfony", <--- not sure if this is possible but i see you can do app depenancy scanning
  "Vulnerabilities": [
    {
      "VulnerabilityID": "",
      "PkgName": "",
      "InstalledVersion": "",
      "FixedVersion": "",
      "Title": "",
      "Description": "",
      "Severity": "",
      "References": []
    }]
}

@knqyf263
Copy link
Collaborator

@hijak Thanks for suggesting the format. There may be multiple lock files. So, it needs to be an array or map.
How about the following format?

[
  {
    "Target": "image/name (alpine 3.8.2)",
    "Vulnerabilities": [
      {
        "VulnerabilityID": "",
        "PkgName": "",
        "InstalledVersion": "",
        "FixedVersion": "",
        "Title": "",
        "Description": "",
        "Severity": "",
        "References": []
      }
    ]
  },
  {
    "Target": "/app/Gemfile.lock",
    "Vulnerabilities": [
      {
        "VulnerabilityID": "",
        "PkgName": "",
        "InstalledVersion": "",
        "FixedVersion": "",
        "Title": "",
        "Description": "",
        "Severity": "",
        "References": []
      }
    ]
  }
]

@hijak
Copy link
Author

hijak commented May 20, 2019

ah yes this is cool as long as im able to predict the name of the array with the list of vuns inside it im happy

@knqyf263 knqyf263 mentioned this issue May 20, 2019
Merged
yashvardhan-kukreja pushed a commit to yashvardhan-kukreja/trivy that referenced this issue Aug 12, 2020
@simar7 @yashvardhan-kukreja
# This is a combination of 17 commits.
103fde2 
parent 4b57c0d
author Simarpreet Singh <simar@linux.com> 1594135002 -0700
committer Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 1597228077 +0530
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEo6kc/h77LUwnQeM/dxKAODWqo7oFAl8zxC0ACgkQdxKAODWq
 o7pG3g//VIXCQt6z8dhORimZEAXLbwI7WuUYxkkGGKceuhCWwEs7HVJLkNBiIml1
 6gDnc8sMkG7FqFGAi5RHvdez9vqWZRxaoWgJ2J39u/sTow3QEwvzIAdjG7+4LHOs
 7mgg82qQp5Vb0UVudEitc3bqukoO61B0pszC3S8wacq3uWfq5IPRvVePBA0SD9+W
 jykmLzVp5NGeKRnOCuJw9HkRP9+lKfCJwb4K8xbTjJjuWUDj9k6oRV1XKNQcyWCi
 KzEEV1snKne8dsUYPf9dN6FuJFi6c+a4L7vX96dlKLKJDQD0y1qQHhdBSNwqP7Wj
 RHL/WuMt3Yx6sZe30dPA3I7Tj2zizodjRs+Qst1Jfyjv/5e4Ap2gqmf39pse4O8n
 Ct4UA+5zTsulyT/5aUa/gIYFUH+luznCqiYoQtQ7TgELtcVOcgGfJciq+kPp6NWP
 GS2IcBH/XSOkQ4nRQrbQ/vutItYNUcE2Oe0xLerTih3+Sx+SKufSecLoSqOTgJdG
 TEqU6UkZB3mV3Y5j9MYmvF2Yvq+Ll2tw5FzxLA6kg+eTa1ochn/xwi11/kDQYqf3
 CkH8Z4/ZgHx5xHwLkLxMleaiQP3EbyxaEBZYgzrOzp8rnT4HU+FeSUrkqlcyBrRN
 HSFMQlKXq+o/yfgVVh51LyGSFlHncVm1Jv6UirsGj7NAvso+BqA=
 =QhX4
 -----END PGP SIGNATURE-----

# This is a combination of 6 commits.
# This is the 1st commit message:

db: Update trivy-db to include CVSS score info (aquasecurity#530)

* mod: Update trivy-db to include CVSS score info

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Update go.mod

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Update trivy-db to latest

Signed-off-by: Simarpreet Singh <simar@linux.com>
# This is the commit message aquasecurity#2:

Adding contrib/junit.tpl to docker image (aquasecurity#554)


# This is the commit message aquasecurity#3:

Fixing `Error retrieving template from path` when --format is not template but template is provided (aquasecurity#556)


# This is the commit message aquasecurity#4:

added: display last db update whenever trivy server is started in trivy client/server setup

# This is the commit message aquasecurity#5:

Added: entry for prometheus/client_golang package

# This is the commit message aquasecurity#6:

Added: prometheus metrics endpoint support for Last DB Update and Last DB Update Attempt metric

# This is the commit message aquasecurity#7:

Added: entry for prometheus/client_golang package

# This is the commit message aquasecurity#8:

Added: prometheus metrics endpoint support for Last DB Update and Last DB Update Attempt metric

# This is the commit message aquasecurity#9:

Refactored: Shifted the GaugeVec global var to config.go . Removed unnecessarily repeated vars. Added nil check for GaugeVec

# This is the commit message aquasecurity#10:

Added: Nil GaugeVec Fail check

# This is the commit message aquasecurity#11:

Added: nil check for metrics registry

# This is the commit message aquasecurity#12:

Modified: tests with respect to nil metrics registry

# This is the commit message aquasecurity#13:

Merge with master

# This is the commit message aquasecurity#14:

Merge branch 'master' into issue-aquasecurity#346

# This is the commit message aquasecurity#15:

Resolved merge conflicts

# This is the commit message aquasecurity#16:

Resolved merge conflicts

# This is the commit message aquasecurity#17:

feat(vulnerability): add CWE-ID (aquasecurity#561)

* chore(mod): update dependency

* test(vulnerability): add CweIDs
liamg pushed a commit that referenced this issue Jun 7, 2022
@tomoyamachi @knqyf263
add yarn.lock parser (#16)
51df70c 
* add yarn.lock parser

* skip analyze package files in dependency folder
liamg pushed a commit that referenced this issue Jun 7, 2022
@tomoyamachi @knqyf263
add yarn.lock parser (#16)
a1530cd 
* add yarn.lock parser

* skip analyze package files in dependency folder
josedonizetti referenced this issue in josedonizetti/trivy Jun 24, 2022
Merge pull request #16 from aquasecurity/liamg-more-aws
8635675 
AWS structs + rules
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update JSON schema aquasecurity/trivy
2 participants
@knqyf263 @hijak