trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 3 weeks ago verified publisher icon aquasecurity

refactor(template): change `source_location` in `github` template for aggregated packages

Open DmitriyLewen opened this issue 1 year ago • 0 comments

Description

We use target field for source_location in github template. But we aggregate some packages: https://github.com/aquasecurity/trivy/blob/fb36c4ed09efc3fc241d02713c4cc864b6c6a2c8/pkg/fanal/applier/docker.go#L263-L291

For these packages target is Python, Java, etc. This is problem for GitHub UI - #5998. We need to use Results.Packages.FilePath for these packages.

But filePath for image scans can be large (e.g. "FilePath": "usr/local/lib/python3.12/site-packages/pip-23.2.1.dist-info/METADATA"). It might make sense to use image name for image mode.

Discussed in https://github.com/aquasecurity/trivy/discussions/5998

DmitriyLewen avatar Jan 26 '24 04:01 DmitriyLewen