mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
Use a stable SARIF identifier (#1230)
This commit is contained in:
Simon Engledew
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
{{- $rules := makeRuleMap }}
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
@@ -14,42 +15,39 @@
|
||||
{{- range $result := . }}
|
||||
{{- $vulnerabilityType := .Type }}
|
||||
{{- range .Vulnerabilities -}}
|
||||
{{- if $t_first -}}
|
||||
{{- $t_first = false -}}
|
||||
{{ else -}}
|
||||
,
|
||||
{{- end }}
|
||||
{
|
||||
"id": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
|
||||
"name": "{{ toSarifRuleName $vulnerabilityType }}",
|
||||
"shortDescription": {
|
||||
"text": {{ printf "%v Package: %v" .VulnerabilityID .PkgName | printf "%q" }}
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": {{ endWithPeriod (escapeString .Title) | printf "%q" }}
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "{{ toSarifErrorLevel .Vulnerability.Severity }}"
|
||||
}
|
||||
{{- with $help_uri := .PrimaryURL -}}
|
||||
,
|
||||
{{ $help_uri | printf "\"helpUri\": %q," -}}
|
||||
{{- else -}}
|
||||
,
|
||||
{{- end }}
|
||||
"help": {
|
||||
"text": {{ printf "Vulnerability %v\nSeverity: %v\nPackage: %v\nInstalled Version: %v\nFixed Version: %v\nLink: [%v](%v)" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}},
|
||||
"markdown": {{ printf "**Vulnerability %v**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|%v|%v|%v|%v|[%v](%v)|\n" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}}
|
||||
},
|
||||
"properties": {
|
||||
"tags": [
|
||||
"vulnerability",
|
||||
"{{ .Vulnerability.Severity }}",
|
||||
{{ .PkgName | printf "%q" }}
|
||||
],
|
||||
"precision": "very-high"
|
||||
}
|
||||
}
|
||||
{{- if indexRule $rules .VulnerabilityID -}}
|
||||
{{- if $t_first -}}
|
||||
{{- $t_first = false -}}
|
||||
{{ else -}}
|
||||
,
|
||||
{{- end }}
|
||||
{
|
||||
"id": {{ .VulnerabilityID | toJson }},
|
||||
"name": "{{ toSarifRuleName $vulnerabilityType }}",
|
||||
"shortDescription": {
|
||||
"text": {{ .VulnerabilityID | toJson }}
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": {{ endWithPeriod (escapeString .Title) | printf "%q" }}
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "{{ toSarifErrorLevel .Vulnerability.Severity }}"
|
||||
}
|
||||
{{- with $help_uri := .PrimaryURL -}}
|
||||
,
|
||||
{{ $help_uri | printf "\"helpUri\": %q," -}}
|
||||
{{- else -}}
|
||||
,
|
||||
{{- end }}
|
||||
"properties": {
|
||||
"tags": [
|
||||
"vulnerability",
|
||||
"{{ .Vulnerability.Severity }}"
|
||||
],
|
||||
"precision": "very-high"
|
||||
}
|
||||
}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
]
|
||||
@@ -66,8 +64,8 @@
|
||||
,
|
||||
{{- end }}
|
||||
{
|
||||
"ruleId": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
|
||||
"ruleIndex": {{ $index }},
|
||||
"ruleId": {{ .VulnerabilityID | toJson }},
|
||||
"ruleIndex": {{ index $rules .VulnerabilityID }},
|
||||
"level": "{{ toSarifErrorLevel $vulnerability.Vulnerability.Severity }}",
|
||||
"message": {
|
||||
"text": {{ endWithPeriod (escapeString $vulnerability.Description) | printf "%q" }}
|
||||
|
||||
Reference in New Issue
Block a user