trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 4 months ago verified publisher icon aquasecurity

fix(report): fix missing targets in HTML report template

Open jpinkham opened this issue 4 years ago • 6 comments

Description

The HTML title of the file is now the current date and time. Previously it was named after the first item scanned. All targets scanned are now explicitly listed with target type and target location.

Section headings have been added to clarify which items are vulnerabilities vs misconfigurations.

Before: Trivy_HTML_output_asof_v0 22 0

Trivy_HTML_report_confusing_mixed_findings

After:

Trivy_HTML_fixedreport_AwesomeCompose-3 Trivy_HTML_fixedreport_AwesomeCompose-2 Trivy_HTML_fixedreport_AwesomeCompose-1

Related issues

  • Close #1556

jpinkham avatar Feb 20 '22 16:02 jpinkham

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Feb 20 '22 16:02 CLAassistant

@jpinkham thanks for your contribution! it's really nice!

at first look I can see two moments:

  1. integration tests are broken now.
  2. there is a fatal error:
2022-02-28T02:17:05.529+0600	FATAL	unable to write results: failed to initialize template writer: error parsing template: template: output template:56: function "getCurrentTime" not defined

afdesk avatar Feb 27 '22 20:02 afdesk

@afdesk I'm struggling to get the test to work for the HTML template because I am not sure how to get a new golden image generated. I'm using "now" instead of "getCurrentTime", so at least the fatal error is resolved.

I thought I saw somewhere in the code that the current time is being overwritten to a specific value (i assume to make sure that always matches to golden image?) but I've lost track of it.

I've tried to run trivy with 'fs' , pointing to testdata/fixtures/images/alpine-310.tar.gz, but it returns "OS is not detected": trivy --debug fs --format template --template "@contrib/html.tpl" --output $HOME/alpine_testfixture_NEWHTML.html ./integration/testdata/fixtures/images/alpine-310.tar.gz Is there any documentation about creating tests/golden images, especially for reports? I've spent several hours on this and still banging head against desk.

jpinkham avatar Mar 13 '22 20:03 jpinkham

@jpinkham sorry! I missed your question. usually I set update flag to true and run the specific integration test: https://github.com/aquasecurity/trivy/blob/453a1edfd26b496c263f4d32ec263068dfaa35a2/integration/integration_test.go#L25

note if this flag is true, you can update another golden files and it can break tests.

afdesk avatar Apr 18 '22 10:04 afdesk

This PR is stale because it has been labeled with inactivity.

github-actions[bot] avatar Jun 26 '22 00:06 github-actions[bot]

Hi @jpinkham I had an idea for such changes - create a custom html plugin for trivy. What do you think about it? thanks a lot

afdesk avatar Jul 07 '22 16:07 afdesk

This PR is stale because it has been labeled with inactivity.

github-actions[bot] avatar May 19 '23 00:05 github-actions[bot]