grype icon indicating copy to clipboard operation
grype copied to clipboard

Published 20 hours ago verified publisher icon anchore

Add the total types of vulnerabilities in Grype output

Open B3ns44d opened this issue 2 years ago • 2 comments

What would you like to be added:

The output would be greatly improved if we could include the total number of vulnerabilities in each category.

Something like this:

 ✔ Vulnerability DB        [updated]
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [16 packages]
 ✔ Scanned image           [5 vulnerabilities]
 ✔ Total: 5 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 4, CRITICAL: 1) <---- THIS

Why is this needed:

This facilitates identifying the different categories of vulnerabilities.

B3ns44d avatar Aug 15 '22 08:08 B3ns44d

Hi, this can be achieved this way :point_right: https://github.com/opt-nc/grype-contribs/issues/8#issuecomment-1201896328 :crossed_fingers: hopefully you'll find this helpful :smile_cat:

adriens avatar Aug 15 '22 09:08 adriens

Thanks for the trick @adriens, nonetheless, it would also be great if it's built-in in Grype cli.

B3ns44d avatar Aug 15 '22 11:08 B3ns44d

apologies should have assigned the PR

spiffcs avatar Oct 06 '22 17:10 spiffcs

Regarding Printing Summary: You ask, what is Twistlock / PrismaCloud 's' default CLI behaviour ? To print this:

Vulnerabilities found for image MY_IMAGE: total - 114, critical - 1, high - 6, medium - 57, low - 50
[PRISMACLOUD] Found 1 relevant files
[PRISMACLOUD] Found 114 vulnerabilities in 1 images

gh-greg avatar Oct 28 '22 04:10 gh-greg

Hi, this can be achieved this way 👉 opt-nc/grype-contribs#8 (comment) 🤞 hopefully you'll find this helpful 😸

This is not the same, because that way you loose the detailed report. So to get the standard output table AND the summary, you need to scan image twice or save results as json and then parse it to list the CVEs.

pawelkowalak avatar Apr 28 '23 13:04 pawelkowalak

------

This is not the same, because that way you lose the detailed report. So to get the standard output table AND the summary, you need to scan image twice or save results as json and then parse it to list the CVEs. (1) I agree with @pawelkowalak . Going further, it would have been nice, to simply print "total types of vunls" , directly from the 1 and only run. (2) However, is there some "unspoken requirement" by the Grype maintainers , at play in influencing the implementation? Perhaps they felt (I'm mind-reading): "It is too late to alter the default and now expected table output , in any way"

gh-greg avatar Apr 28 '23 18:04 gh-greg