Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: include file location in table output (#1199) #1275

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

jneate
Copy link
Contributor

@jneate jneate commented May 6, 2023

This could hopefully resolve #1199

I wasn't 100% sure which types to exclude so I started with Apk,Deb&Rpm - placed the boolean flag into a map in case they need to be driven by config in the future.

Regarding the tests, I just thought it'd be nice to have a non-distro package in the output so added a 3rd match in models_helpers and updated the other output snapshots. I didn't think there was any gain adding a 4th package which is why the CreateRow test just recycles the values from other objects instead of being created from the helper.

Attached some example output below from various runs.

Scanning: openjdk:17.0.1-jdk-oracle
image

Scanning: quay.io/cilium/hubble-ui-backend:v0.10.0
image

Scanning Directory:
image

Scanning Directory:
image

@spiffcs spiffcs self-assigned this Jul 11, 2023
@spiffcs spiffcs added the blocked Progress is being stopped by something label Aug 9, 2023
@spiffcs
Copy link
Contributor

spiffcs commented Aug 9, 2023

This one is also going to go in (or at least have this as an option) after we get the UI for grype updated with the new https://github.com/anchore/clio library

@tgerla
Copy link
Contributor

tgerla commented Aug 17, 2023

Hi @jneate, thanks for this. In an effort to keep the table view as concise as possible, we are thinking it might make sense to create a "table-locations.tmpl" template that includes the locations of the vulnerability. What do you think about that, instead of changing the default table view?

@kzantow
Copy link
Contributor

kzantow commented Sep 11, 2023

Although it's not exactly the same as the table output, a couple options to fairly easily get the location are:

  1. a template (based on https://github.com/anchore/grype/blob/main/templates/table.tmpl, but modified)
    or
  2. grype explain --id <vulnerability-id>
    Would either of these suffice to get the location information you're looking for easily?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Progress is being stopped by something
Projects
Status: Stalled
Development

Successfully merging this pull request may close these issues.

Share which file is vulnerable when reporting an intra-file vulnerability in the default table output
4 participants