Today there are a few ways to see the data that grype raises up. The default view is table which is a summarization of findings, json shows you all we know about every match, cyclonedx/cyclonedx-json, sarif, and template if you enjoy the golang template language. When users run grype and see the default results table it is reasonable to ask "what is actionable about this output"? Depending on the package type or location there are different answers here.
We introduced the explain command as an experiment last year to be a way to "dig" into a single row to get an opinionated view into the data (without having the full json data shown). We want to be able to elevate that command further, but it isn't immediately clear where.
We've also had several asks to add file location to the table output to help with report after actions ("what do I do now that I have CVE X against package Y??"). This hinders the summarization of that table, so we've resisted changing the default view here.
All of this hints that we need more ways to describe the same results from multiple perspectives. I think any default view will need to be static output to serve existing needs, but other output options could be interactive allowing the user to filter/find/select/dig dynamically.
Some ideas the team chatted about that are more on the "static" side:
Add the concept of a pivot table, which is tunable from the CLI (e.g. grype myimage -o table --pivot location), so we can have the same table experience but allow for users to change what populates each row (i.e. vulns, packages, locations, etc).
Add a new HTML report that is a static file but allows for exploring the results more dynamically (multiple different views, filterable, clickable in order to dive and get a view, etc)
embed snippets of go templates from an in repo example-templates dir directly into the binary so users can reference them by name instead of by needing the file
support --json/--jq similar to the gh command to allow for in-tool ability to query and summarize specific data
provide jq snippets example dir for common operations
Today there are a few ways to see the data that grype raises up. The default view is
tablewhich is a summarization of findings,jsonshows you all we know about every match,cyclonedx/cyclonedx-json,sarif, andtemplateif you enjoy the golang template language. When users run grype and see the default results table it is reasonable to ask "what is actionable about this output"? Depending on the package type or location there are different answers here.We introduced the
explaincommand as an experiment last year to be a way to "dig" into a single row to get an opinionated view into the data (without having the full json data shown). We want to be able to elevate that command further, but it isn't immediately clear where.We've also had several asks to add file location to the table output to help with report after actions ("what do I do now that I have CVE X against package Y??"). This hinders the summarization of that table, so we've resisted changing the default view here.
All of this hints that we need more ways to describe the same results from multiple perspectives. I think any default view will need to be static output to serve existing needs, but other output options could be interactive allowing the user to filter/find/select/dig dynamically.
Some ideas the team chatted about that are more on the "static" side:
grype myimage -o table --pivot location), so we can have the same table experience but allow for users to change what populates each row (i.e. vulns, packages, locations, etc).example-templatesdir directly into the binary so users can reference them by name instead of by needing the file--json/--jqsimilar to theghcommand to allow for in-tool ability to query and summarize specific data