search

amdei / prospector-html

HTML report generator from prospector static analyzer tool JSON output.
MIT License
3 stars 4 forks source link

Error at startup #6

Open mario-teq opened 5 months ago

mario-teq commented 5 months ago

Hello

The app is not running with last version of semgrep and prospector-html.

semgrep scan --json --output semgrep-native-report.json --config=auto myapp

prospector-html --input semgrep-native-report --output filtered-report.html --filter semgrep

(.venv) ~ [ prospector-html --input semgrep-native-report.json --output filtered-report.json --json 
Traceback (most recent call last):
  File "/home/mario/.venv/bin/prospector-html", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/mario/.venv/lib/python3.11/site-packages/prospector2html/__main__.py", line 9, in main
    sys.exit(prh.main())
             ^^^^^^^^^^
  File "/home/mario/.venv/lib/python3.11/site-packages/prospector2html/prospector2html.py", line 141, in main
    msgs = json_obj['vulnerabilities']
           ~~~~~~~~^^^^^^^^^^^^^^^^^^^
KeyError: 'vulnerabilities'
amdei commented 5 months ago

Sorry to hear that something is not working for you.

The issue appears in lack of proper error reporting on different output formats form different SAST tools.

Try to add --filter semgrep to your last command line. E.g.

prospector-html --input semgrep-native-report.json --output filtered-report.json --json --filter semgrep
amdei commented 5 months ago

Gota enhance error reporting and update samples in documentation, though.

mario-teq commented 5 months ago

thank you the command line is running well produce a json, so how to produce an HTML?

amdei commented 1 month ago

so how to produce an HTML?

In order to produce HTML instead of JSON - just avoid --json paramter

E.g.

prospector-html --input semgrep-native-report.json --output filtered-report.html --filter semgrep

Result will be in file filtered-report.html