mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
Fix errors in SARIF format (#801)
* Fix errors in SARIF format * Fix one golden file for integration tests * Fix golden file * Fix golden again :> * Update sarif.tpl * Update alpine-310.sarif.golden
This commit is contained in:
Damien Carol
@@ -1,12 +1,14 @@
|
||||
{
|
||||
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
|
||||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
"driver": {
|
||||
"name": "Trivy",
|
||||
"informationUri": "https://github.com/aquasecurity/trivy",
|
||||
"fullName": "Trivy Vulnerability Scanner",
|
||||
"version": "v0.15.0",
|
||||
"rules": [
|
||||
{{- $t_first := true }}
|
||||
{{- range . }}
|
||||
@@ -25,6 +27,7 @@
|
||||
"fullDescription": {
|
||||
"text": {{ endWithPeriod (escapeString .Title) | printf "%q" }}
|
||||
},
|
||||
"helpUri": "{{ .PrimaryURL }}",
|
||||
"help": {
|
||||
"text": {{ printf "Vulnerability %v\nSeverity: %v\nPackage: %v\nInstalled Version: %v\nFixed Version: %v\nLink: [%v](%v)" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}},
|
||||
"markdown": {{ printf "**Vulnerability %v**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|%v|%v|%v|%v|[%v](%v)|\n" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}}
|
||||
@@ -78,4 +81,4 @@
|
||||
"columnKind": "utf16CodeUnits"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
14
integration/testdata/alpine-310.sarif.golden
vendored
14
integration/testdata/alpine-310.sarif.golden
vendored
@@ -1,12 +1,14 @@
|
||||
{
|
||||
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
|
||||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
"driver": {
|
||||
"name": "Trivy",
|
||||
"informationUri": "https://github.com/aquasecurity/trivy",
|
||||
"fullName": "Trivy Vulnerability Scanner",
|
||||
"version": "v0.15.0",
|
||||
"rules": [
|
||||
{
|
||||
"id": "[MEDIUM] CVE-2019-1549",
|
||||
@@ -17,6 +19,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: information disclosure in fork()."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1549",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1549\nSeverity: MEDIUM\nPackage: libcrypto1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r0\nLink: [CVE-2019-1549](https://avd.aquasec.com/nvd/cve-2019-1549)",
|
||||
"markdown": "**Vulnerability CVE-2019-1549**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|MEDIUM|libcrypto1.1|1.1.1c-r0|1.1.1d-r0|[CVE-2019-1549](https://avd.aquasec.com/nvd/cve-2019-1549)|\n"
|
||||
@@ -39,6 +42,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1551",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1551\nSeverity: MEDIUM\nPackage: libcrypto1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r2\nLink: [CVE-2019-1551](https://avd.aquasec.com/nvd/cve-2019-1551)",
|
||||
"markdown": "**Vulnerability CVE-2019-1551**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|MEDIUM|libcrypto1.1|1.1.1c-r0|1.1.1d-r2|[CVE-2019-1551](https://avd.aquasec.com/nvd/cve-2019-1551)|\n"
|
||||
@@ -61,6 +65,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1563",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1563\nSeverity: MEDIUM\nPackage: libcrypto1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r0\nLink: [CVE-2019-1563](https://avd.aquasec.com/nvd/cve-2019-1563)",
|
||||
"markdown": "**Vulnerability CVE-2019-1563**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|MEDIUM|libcrypto1.1|1.1.1c-r0|1.1.1d-r0|[CVE-2019-1563](https://avd.aquasec.com/nvd/cve-2019-1563)|\n"
|
||||
@@ -83,6 +88,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: side-channel weak encryption vulnerability."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1547",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1547\nSeverity: LOW\nPackage: libcrypto1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r0\nLink: [CVE-2019-1547](https://avd.aquasec.com/nvd/cve-2019-1547)",
|
||||
"markdown": "**Vulnerability CVE-2019-1547**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|LOW|libcrypto1.1|1.1.1c-r0|1.1.1d-r0|[CVE-2019-1547](https://avd.aquasec.com/nvd/cve-2019-1547)|\n"
|
||||
@@ -105,6 +111,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: information disclosure in fork()."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1549",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1549\nSeverity: MEDIUM\nPackage: libssl1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r0\nLink: [CVE-2019-1549](https://avd.aquasec.com/nvd/cve-2019-1549)",
|
||||
"markdown": "**Vulnerability CVE-2019-1549**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|MEDIUM|libssl1.1|1.1.1c-r0|1.1.1d-r0|[CVE-2019-1549](https://avd.aquasec.com/nvd/cve-2019-1549)|\n"
|
||||
@@ -127,6 +134,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1551",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1551\nSeverity: MEDIUM\nPackage: libssl1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r2\nLink: [CVE-2019-1551](https://avd.aquasec.com/nvd/cve-2019-1551)",
|
||||
"markdown": "**Vulnerability CVE-2019-1551**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|MEDIUM|libssl1.1|1.1.1c-r0|1.1.1d-r2|[CVE-2019-1551](https://avd.aquasec.com/nvd/cve-2019-1551)|\n"
|
||||
@@ -149,6 +157,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1563",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1563\nSeverity: MEDIUM\nPackage: libssl1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r0\nLink: [CVE-2019-1563](https://avd.aquasec.com/nvd/cve-2019-1563)",
|
||||
"markdown": "**Vulnerability CVE-2019-1563**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|MEDIUM|libssl1.1|1.1.1c-r0|1.1.1d-r0|[CVE-2019-1563](https://avd.aquasec.com/nvd/cve-2019-1563)|\n"
|
||||
@@ -171,6 +180,7 @@
|
||||
"fullDescription": {
|
||||
"text": "openssl: side-channel weak encryption vulnerability."
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2019-1547",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2019-1547\nSeverity: LOW\nPackage: libssl1.1\nInstalled Version: 1.1.1c-r0\nFixed Version: 1.1.1d-r0\nLink: [CVE-2019-1547](https://avd.aquasec.com/nvd/cve-2019-1547)",
|
||||
"markdown": "**Vulnerability CVE-2019-1547**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|LOW|libssl1.1|1.1.1c-r0|1.1.1d-r0|[CVE-2019-1547](https://avd.aquasec.com/nvd/cve-2019-1547)|\n"
|
||||
@@ -350,4 +360,4 @@
|
||||
"columnKind": "utf16CodeUnits"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user