-
-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use vdr bom as basis for jinja reports #189
Use vdr bom as basis for jinja reports #189
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
depscan/lib/utils.py
Outdated
with open(vdr_file, "r", encoding="utf-8") as f: | ||
bom = json.load(f) | ||
else: | ||
bom = None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@heubeck Here you could fall back to loading the bom_file - just add the same thing you have for vdr_file in the else block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great idea, thx. will do that
depscan/lib/utils.py
Outdated
with open(template_file, "r", encoding="utf-8") as tmpl_file: | ||
template = tmpl_file.read() | ||
jinja_env = Environment(autoescape=False) | ||
jinja_tmpl = jinja_env.from_string(template) | ||
report_result = jinja_tmpl.render( | ||
vulnerabilities=json_report, | ||
metadata=bom['metadata'] if bom else None, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@heubeck I suggest doing this using the dictionary get method (e.g. bom.get('metadata', None)
) and check for bom separately (or load the data from bom_file). If you think using the bom_file as a fallback seems reasonable, you'd definitely want to do this as the regular bom file will not include the vulnerabilities key.
report_result = jinja_tmpl.render(
metadata=bom.get('metadata', None),
vulnerabilities=bom.get('vulnerabilities', None),
components=bom.get('components', None),
... and so on
a054567
to
a3bf21b
Compare
Signed-off-by: Florian Heubeck <heubeck@mediamarktsaturn.com>
a3bf21b
to
cf73c25
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic!
That's effectively a breaking change, but the adoption of that feature might be quite low so far.