Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: include file location in table output (#1199) #1275

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: include file location in table output (#1199) #1275

wants to merge 5 commits into from
+391 −49

Conversation

jneate
Copy link
Contributor

@jneate jneate commented May 6, 2023

This could hopefully resolve #1199

I wasn't 100% sure which types to exclude so I started with Apk,Deb&Rpm - placed the boolean flag into a map in case they need to be driven by config in the future.

Regarding the tests, I just thought it'd be nice to have a non-distro package in the output so added a 3rd match in models_helpers and updated the other output snapshots. I didn't think there was any gain adding a 4th package which is why the CreateRow test just recycles the values from other objects instead of being created from the helper.

Attached some example output below from various runs.

Scanning: openjdk:17.0.1-jdk-oracle
image

Scanning: quay.io/cilium/hubble-ui-backend:v0.10.0
image

Scanning Directory:
image

Scanning Directory:
image

@jneate jneate mentioned this pull request May 31, 2023
Open
@spiffcs spiffcs self-assigned this Jul 11, 2023
@spiffcs spiffcs added the blocked Progress is being stopped by something label Aug 9, 2023
@spiffcs
Copy link
Contributor

spiffcs commented Aug 9, 2023
edited
Loading

This one is also going to go in (or at least have this as an option) after we get the UI for grype updated with the new https://github.com/anchore/clio library

@tgerla
Copy link
Contributor

tgerla commented Aug 17, 2023

Hi @jneate, thanks for this. In an effort to keep the table view as concise as possible, we are thinking it might make sense to create a "table-locations.tmpl" template that includes the locations of the vulnerability. What do you think about that, instead of changing the default table view?

@kzantow
Copy link
Contributor

kzantow commented Sep 11, 2023

Although it's not exactly the same as the table output, a couple options to fairly easily get the location are:

  1. a template (based on https://github.com/anchore/grype/blob/main/templates/table.tmpl, but modified)
    or
  2. grype explain --id <vulnerability-id>
    Would either of these suffice to get the location information you're looking for easily?

@spiffcs spiffcs assigned kzantow and unassigned spiffcs Feb 14, 2024
@kzantow kzantow mentioned this pull request Mar 11, 2024
Open
@kzantow kzantow mentioned this pull request Nov 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kzantow kzantow

Labels
blocked Progress is being stopped by something
Projects
OSS
Status: Stalled
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Share which file is vulnerable when reporting an intra-file vulnerability in the default table output
4 participants
@jneate @spiffcs @tgerla @kzantow