mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
4d721e1410
* sarif: Tweak format for GitHub UI
Signed-off-by: Simarpreet Singh <simar@linux.com>
* sarif: Make sarif easier to use with a default template
This will help us use Trivy in places like GitHub Actions where
we cannot specify a template as input.
$ trivy image --format=sarif alpine:3.10.1
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Revert "sarif: Make sarif easier to use with a default template"
This reverts commit 5b5d1c8f7d.
* .dockerignore: Add un-needed large directories
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Dockerfile: Add sarif template.
This will let users run and save the output through the docker image
Example:
```
docker run --rm -it -v $(pwd):/tmp aquasec/trivy:latest image -f template --template "@contrib/sarif.tpl" --output="/tmp/sarif.test" alpine:3.10.2
```
Signed-off-by: Simarpreet Singh <simar@linux.com>
81 lines
2.8 KiB
Smarty
81 lines
2.8 KiB
Smarty
{
|
|
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
|
|
"version": "2.1.0",
|
|
"runs": [
|
|
{
|
|
"tool": {
|
|
"driver": {
|
|
"name": "Trivy",
|
|
"fullName": "Trivy Vulnerability Scanner",
|
|
"rules": [
|
|
{{- $t_first := true }}
|
|
{{- range . }}
|
|
{{- range .Vulnerabilities -}}
|
|
{{- if $t_first -}}
|
|
{{- $t_first = false -}}
|
|
{{ else -}}
|
|
,
|
|
{{- end }}
|
|
{
|
|
"id": "[{{ .Vulnerability.Severity }}] {{ .VulnerabilityID }}",
|
|
"name": "dockerfile_scan",
|
|
"shortDescription": {
|
|
"text": "{{ .VulnerabilityID }} Package: {{ .PkgName }}"
|
|
},
|
|
"fullDescription": {
|
|
"text": "{{ endWithPeriod .Title }}"
|
|
},
|
|
"help": {
|
|
"text": "Vulnerability {{ .VulnerabilityID }}\nSeverity: {{ .Vulnerability.Severity }}\nPackage: {{ .PkgName }}\nInstalled Version: {{ .InstalledVersion }}\nFixed Version: {{ .FixedVersion }}\nLink: [{{ .VulnerabilityID }}](https://nvd.nist.gov/vuln/detail/{{ .VulnerabilityID | toLower }})",
|
|
"markdown": "**Vulnerability {{ .VulnerabilityID }}**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|{{ .Vulnerability.Severity }}|{{ .PkgName }}|{{ .InstalledVersion }}|{{ .FixedVersion }}|[{{ .VulnerabilityID }}](https://nvd.nist.gov/vuln/detail/{{ .VulnerabilityID | toLower }})|\n"
|
|
},
|
|
"properties": {
|
|
"tags": [
|
|
"vulnerability",
|
|
"{{ .Vulnerability.Severity }}",
|
|
"{{ .PkgName }}"
|
|
],
|
|
"precision": "very-high"
|
|
}
|
|
}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
]
|
|
}
|
|
},
|
|
"results": [
|
|
{{- $t_first := true }}
|
|
{{- range . }}
|
|
{{- range $index, $vulnerability := .Vulnerabilities -}}
|
|
{{- if $t_first -}}
|
|
{{- $t_first = false -}}
|
|
{{ else -}}
|
|
,
|
|
{{- end }}
|
|
{
|
|
"ruleId": "[{{ $vulnerability.Vulnerability.Severity }}] {{ $vulnerability.VulnerabilityID }}",
|
|
"ruleIndex": {{ $index }},
|
|
"level": "error",
|
|
"message": {
|
|
"text": {{ endWithPeriod $vulnerability.Description | printf "%q" }}
|
|
},
|
|
"locations": [{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "Dockerfile"
|
|
},
|
|
"region": {
|
|
"startLine": 1,
|
|
"startColumn": 1,
|
|
"endColumn": 1
|
|
}
|
|
}
|
|
}]
|
|
}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
],
|
|
"columnKind": "utf16CodeUnits"
|
|
}
|
|
]
|
|
} |