trivy
trivy copied to clipboard
Split properties for SARIF result
Hi,
Thanks for your great tool !
As SARIF format supports properties
with any key / value in it, would it be possible, to make a result more exploitable, to add the following values in those extra properties ?
https://github.com/aquasecurity/trivy/blob/11f4f811236ca05cfb30827e25f312eec45ca097/pkg/report/sarif.go#L143
Properties could be the ones not already present as standalone value on a result item:
- packageName
- installedVersion
- fixedVersion
message: fmt.Sprintf("Package: %v\nInstalled Version: %v\nVulnerability %v\nSeverity: %v\nFixed Version: %v\nLink: [%v](%v)",
vuln.PkgName, vuln.InstalledVersion, vuln.VulnerabilityID, vuln.Severity, vuln.FixedVersion, vuln.VulnerabilityID, vuln.PrimaryURL)
Many thanks & best regards :)
@nvuillam thanks for your interest in trivy
.
we'll definitely consider this suggestion.
Many thanks ! :)
it seems that SARIF format returns many less details than the JSON one :/
Would it be possible to also return in "properties" SARIF item everything that is returned by JSON result ? thanks :)
Also, as we woud need that soon, would it be possible to have an estimated time for delivery of this feature ? Or if you have not enough bandwith, I coudl eventually make my first PR is GO ?
@nvuillam sorry, i missed your comment.
Or if you have not enough bandwith, I coudl eventually make my first PR is GO ?
it would be great! we welcome contributors!
This issue is stale because it has been labeled with inactivity.
Not stale :(
This issue is stale because it has been labeled with inactivity.
Still not stale :(
This issue is stale because it has been labeled with inactivity.
And again not stale 🤡