Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: added misconfiguration field for html.tpl #1444

Merged
merged 3 commits into from
Dec 20, 2021
Merged

feat: added misconfiguration field for html.tpl #1444

merged 3 commits into from
Dec 20, 2021

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Dec 8, 2021
edited

Trivi there is only tables of vulnerabilities for the html.tpl config.
For example.:

➜ ls
Dockerfile
➜  trivy config .

2021-12-09T10:45:09.460+0600	INFO	Detected config files: 1

Dockerfile (dockerfile)
=======================
Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

+---------------------------+------------+-----------+----------+------------------------------------------+
|           TYPE            | MISCONF ID |   CHECK   | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+-----------+----------+------------------------------------------+
| Dockerfile Security Check |   DS002    | root user |   HIGH   | Specify at least 1 USER                  |
|                           |            |           |          | command in Dockerfile with               |
|                           |            |           |          | non-root user as argument                |
|                           |            |           |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+-----------+----------+------------------------------------------+
➜  trivy config --format=template --template='@contrib/html.tpl' .

Trivy now generates valid html with no misconfigurations:
misconf-old

I added new tables for report misconfiguration:
misconf-new

@knqyf263
Copy link
Collaborator

knqyf263 commented Dec 9, 2021

Can we add description? Otherwise, it is hard to understand where the problem is in the config file.

@DmitriyLewen
Copy link
Contributor Author

DmitriyLewen commented Dec 9, 2021
edited

Hello @knqyf263
I changed the description, can You look at this?

@knqyf263
Copy link
Collaborator

knqyf263 commented Dec 9, 2021
edited

Where did you change...? I didn't see it. I meant description or message should be displayed in the HTML table.

@DmitriyLewen
Copy link
Contributor Author

Sorry, I didn't understand You the first time. "Message" added to HTML table.

@knqyf263
Copy link
Collaborator

@DmitriyLewen Thanks for the update! Is it ready for review? It is still a draft.

@DmitriyLewen DmitriyLewen marked this pull request as ready for review December 13, 2021 09:48
@DmitriyLewen
Copy link
Contributor Author

@knqyf263 , yes, review this, please

@knqyf263 knqyf263 merged commit d5269da into aquasecurity:main Dec 20, 2021
@owenrumney owenrumney mentioned this pull request Dec 22, 2021
Merged
liamg pushed a commit that referenced this pull request Jun 7, 2022
@DmitriyLewen
feat: added misconfiguration field for html.tpl (#1444)
b77f1a3 
* feat: added misconfiguration field for html.tpl

* feat: added message field for html.tpl

* fix: fixed integration test error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@DmitriyLewen @knqyf263