Cannot distinguish report when using multiple report json files as input

[philpep]

Hi,

First thanks for the project, very useful!

Our use case is to run trivy on multiple docker images and display an aggregated report using scan2html.

So basically:

for image in ...; do trivy image --output $image.json  --format json; done
trivy scan2html generate --scan2html-flags --output report.html --from image1.json,image2.json,image3.json,...

For distribution package the "Target" column contains the docker image name which is fine. But for python packages or golang package "Target" column is not enough precise for us to understand what is the source image target.

For instance:

Maybe we could display json ArtifactName somewere ? In a new column or in detailed view. Also could be nice in deduplication mode to see all images having this duplicated issue.

Thanks!

[fatihtokus]

Hi @philpep ,

Thanks for using the plugin, and I am glad to hear that it is useful for you. Adding ArtifactName as a column would make the table too wide. But we can add it in the detailed view.

Deduplication makes a distinct list of the findings. Can you clarify what you mean here?: 'Also could be nice in deduplication mode to see all images having this duplicated issue.'

Regards, Fatih

[fatihtokus]

@philpep , this is implemented please have a look

[philpep]

@fatihtokus awesome! Yes the added "Artifact Name" help a lot to known what docker image is impacted. By could be nice in deduplication mode to see all images having this duplicated issue I mean in case of multiple image having same security issue (same Library/Package version) when deduplication is enabled. But I can live without this. Feel free to close the ticket.

Thanks a lot!