-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include file location of each vulnerability #621
Comments
|
@freedom-isnotanarchy is this still an issue or an architecture concern you want to bring up? I think we need a bit more clarity on Edit: Re-read the comment and I understand now that the source path in the data model is different here: We definitely agree that the target should probably be upgraded to always be an object. |
Note: possible solution here is to parse the command line positional args and include them in the config object so that we have a consistent location that the template can refer to for these names/args. |
Re-reading this, I believe the ask is to include a view that has the location included for each vulnerability. For example, if I scan This has been requested multiple times over the years, and we should probably implement a flag or other option specifically for including the file where vulnerabilities were found. There is an existing PR, which has a directly related change that may be coerced into a solution: #1275 |
One point that came up on a community call would be to have a pivot table concept as an output. So if you wanted to orient the table by CVE, or vuln ID, or location, or package name, you could. The ergonomics on this on the CLI/config have not really been thought through though, but for a rough example:
(I'm not a fan of this example but gets the point across) |
What would you like to be added:
The name of the file that grype ingested, is stored in a variable JSON location. See output from
grype -o json
Why is this needed:
The grype CLI takes 1 and only file argument ...
Comparing the data model output for SAMPLE.docker.save and SAMPLE.war , shows different places:
as contrasted with this location ...
Additional context:
(1) It would be helpful to be able to use a constant location, in the golang template file. Perhaps something like this:
"{{.Source.FileGivenToGrype}}"
(2) In lieu of (1) above ... can we include the Sprig OS template ?
That way, Environment variables can be passed down by some wrapper shell script, and rendered upon execution of grype.
Maybe like this (I'm not sure what syntax will actually work):
The text was updated successfully, but these errors were encountered: