Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add table option for output-format vulnerabilities in console #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 19, 2022
Merged

Add table option for output-format vulnerabilities in console #135

merged 6 commits into from
Sep 19, 2022

Conversation

@ken-chou-glia
Copy link
Contributor

@ken-chou-glia ken-chou-glia commented Dec 4, 2021

…running scan in blocking mode

Signed-off-by: Ken Chou [email protected]

Add show-grype-output option to show vulnerabilities in console when …
09f5a46 
…running scan in blocking mode

Signed-off-by: Ken Chou <[email protected]>
JAORMX
JAORMX approved these changes Apr 22, 2022
View reviewed changes
Copy link

@JAORMX JAORMX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be very useful! I'm currently struggling with this.

@JAORMX JAORMX mentioned this pull request Apr 22, 2022
Closed
@JAORMX
Copy link

JAORMX commented Apr 22, 2022

This would close #168

kzantow
kzantow reviewed Apr 22, 2022
View reviewed changes
index.js Outdated

if (failBuild === true) {
if (showGrypeOutput) {
core.info(cmdOutput);
Copy link
Contributor

@kzantow kzantow Apr 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't believe this is going to give a table-view output but only dumping the SARIF JSON, no?

@kzantow
Copy link
Contributor

kzantow commented Apr 22, 2022

This is a great idea -- however, I think we could probably do this without a config parameter to just always dump the table view to the console, WDYT?

@JAORMX
Copy link

JAORMX commented Apr 22, 2022

This is a great idea -- however, I think we could probably do this without a config parameter to just always dump the table view to the console, WDYT?

to be honest, that behavior would be a nice default to have.

@JAORMX
Copy link

JAORMX commented Apr 25, 2022

@kzantow is this a change that would need to go into grype itself or is it something that needs to happen in this action?

@jonasagx
Copy link

jonasagx commented May 25, 2022

@ken-chou-finn thank for your work on this PR. On @JAORMX's latest question: grype currently prints the table and then errors out, like in the example below:

$ grype ubuntu:20.04 --fail-on medium                                                                                                                                                              
NAME          INSTALLED                 FIXED-IN            TYPE  VULNERABILITY   SEVERITY
coreutils     8.30-3ubuntu2                                 deb   CVE-2016-2781   Low
e2fsprogs     1.45.5-2ubuntu1                               deb   CVE-2022-1304   Medium
[other vulns removed for brevity of this snippet]
1 error occurred:
	* discovered vulnerabilities at or above the severity threshold

We just need to make use of the table output, so no need to change grype, just this action. I am happy to help with this PR and get the feature delivered.

@JAORMX
Copy link

JAORMX commented May 25, 2022

@jonasagx that would be great!

@spiffcs spiffcs assigned spiffcs and jonasagx and unassigned spiffcs May 25, 2022
@spiffcs spiffcs assigned spiffcs and unassigned jonasagx Jun 28, 2022
@spiffcs spiffcs linked an issue Jul 18, 2022 that may be closed by this pull request
Can't see findings in console? #168
Closed
@spiffcs
update build; update dependencies;
93ebfcf 
Signed-off-by: Christopher Phillips <[email protected]>
@kzantow kzantow mentioned this pull request Sep 12, 2022
Merged
@kzantow
Copy link
Contributor

kzantow commented Sep 12, 2022

Sorry this has taken a while to get back to -- I think we may want to combine this with #187 by allowing users to specify a format parameter, which could be table.

One question: is there any situation a user wants to get both a table output printed and an output file of some sort?

@kzantow kzantow changed the title Add show-grype-output option to show vulnerabilities in console when … Add table option for output-format vulnerabilities in console Sep 19, 2022
@kzantow kzantow merged commit d5aa5b6 into anchore:main Sep 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow left review comments

@spiffcs spiffcs spiffcs approved these changes

+1 more reviewer

@JAORMX JAORMX JAORMX approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@spiffcs spiffcs

Labels

None yet

Projects

OSS
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Can't see findings in console?

5 participants

@ken-chou-glia @JAORMX @kzantow @jonasagx @spiffcs