anchore / grype

A vulnerability scanner for container images and filesystems
Apache License 2.0
8.91k stars 575 forks source link

Feature request: Grype Convert #2224

Open tidusete opened 1 month ago

tidusete commented 1 month ago

What would you like to be added:

I would like to add a new command, grype convert, to enable the conversion of previously generated scan report files into various formats (e.g., JSON, CycloneDX JSON, Table) without needing to re-scan the components.

Why is this needed:

Currently, generating multiple report formats (such as JSON, CycloneDX JSON, and Table) requires re-running the scan each time. This process significantly increases the job's duration and resource usage. Having a command to convert existing reports into multiple formats would save time and resources, improving the efficiency of the scanning workflow.

Additional context:

Implementing either the grype convert command or enabling multiple output formats in a single scan would streamline report generation by eliminating redundant scans.

kzantow commented 1 month ago

I think having a convert command would be great -- one thing it would help with is allowing more quick experimentation with templates, without needing to wait for a scan to run repeatedly.

Grype does support multiple output formats already, using multiple -o flags of the form <format>=<filename>. For example, this works:

grype alpine:latest -o table -o table=alpine-latest.txt -o sarif=alpine-latest.sarif.json -o json=alpine-latest.json