heimdall2 icon indicating copy to clipboard operation
heimdall2 copied to clipboard

Published 20 hours ago verified publisher icon mitre

Request for converter from Grype to HDF

Open woodsonmiles opened this issue 3 years ago • 2 comments
trafficstars

Grype is an open source vulnerability scanner from Anchore for container images similar to Trivy. Grype produces a JSON output.

I've attached an example of a Grype json output created with the command Docker run anchore/grype:latest postgres -o json postgres.zip

woodsonmiles avatar Mar 09 '22 20:03 woodsonmiles

Hi @woodsonmiles - Grype seems like a nice piece of software. We can add it to our backlog; however, PRs are welcome if the work needs to be expedited.

Please reach out at amann[at]mitre.org and we can set up a meeting.

Amndeep7 avatar Mar 16 '22 22:03 Amndeep7

Reposting notes from our meeting: https://github.com/mitre/saf/wiki/How-to-recommend-development-of-a-mapper - overarching steps for a mapper

https://saf.mitre.org/#/normalize - SAF page on the naturalization process, has the schema

https://heimdall-lite.mitre.org/ - our deployment of the Heimdall frontend (you can test by uploading here until you get into good enough shape to have a deploy preview running and/or if you wanna test against the latest Heimdall deployment)

https://github.com/mitre/heimdall2/blob/master/libs/inspecjs/src/generated_parsers/v_1_0/exec-json.ts - commented typescript types for the schema

https://github.com/mitre/saf/tree/main/src/commands/convert - the SAF CLI location where you’ll write the integration – please make sure to write a test as well

https://github.com/mitre/heimdall2/blob/master/apps/frontend/src/store/report_intake.ts - the location within Heimdall where you’ll write the fingerprinting

https://github.com/mitre/heimdall2/tree/master/libs/hdf-converters/src - HDF Converters which is where you’ll write the mapper itself – please make sure to write a test as well; you’ll be able to find plenty of examples if you look at the other mappers, the tests, and the sample jsons

https://github.com/mitre/heimdall2/pull/2551 - an example to showcase how the test automation works for linting, etc. and the Netlify deploy preview which will spin up an instance of the Heimdall frontend that will include the changes to HDF Converters as well as the fingerprinting

woodsonmiles avatar Mar 30 '22 21:03 woodsonmiles