fatihtokus
Support for SBOM
Hi,
I really like this plugin for Trivy as it fits perfectly in my project for visualizing Trivy reports.
I would like to ask if it could be possible to support SBOMs as well. Specifically in spdx format but cyclonedx would also be fine. The command would be something like:
trivy scan2html image --format spdx ghcr.io/zalando/spilo-15:3.0-p1
Hi @lucboj ,
It is great to get such a nice feedback from the community. We will be working on this feature. Stay tune.
Regards, Fatih
Hi @lucboj ,
We have just released SBOM(spdx) feature, please have look and give us feedback 🥳 🎆
trivy scan2html image --format spdx ghcr.io/zalando/spilo-15:3.0-p1 interactive_result.html
Regards, Fatih
Hi @fatihtokus,
thank you very much! 🥳 Looks good! Will try to use it as soon as possible and give feedback! Great how fast it went 👍
Regards, Lucas
Hi @fatihtokus @lucboj I tried the latest version on a Go.mod file system spdx format with scan2html but the "Supply chain SBOM" section came out empty despite it coming out with lots of BOM in command line output (without the scan2html plugin). Any thoughts or suggestions? I used the example in the front page readme: "trivy scan2html image --format spdx alpine:3.15 interactive_report.html" but substituted fs for image and the current dir "." instead of the image name.
Hi @huornlmj ,
Thanks for using the plugin. It is a defect and it is resolved with the latest release. Please try and let us know: https://fatih.tokus.gitlab.io/-/scan2html-test/-/jobs/7301471873/artifacts/interactive_report_sbom.html
please consider giving us a GitHub star ⭐️. Thank you!