Write to multiple output files (like syft)

anchore / grype

A vulnerability scanner for container images and filesystems

Apache License 2.0

8.42k stars 546 forks source link

Write to multiple output files (like syft) #648

Closed debuglevel closed 1 year ago

debuglevel commented 2 years ago

What would you like to be added: Unlike syft, grype does not seem to support writing to (multiple) output files: grype ubuntu:20.04 -o json=docker.vulnerabilities.grype.json -o table=docker.vulnerabilities.grype.table -o table

Works with syft: syft ubuntu:20.04 -o json=docker.vulnerabilities.grype.json -o table=docker.vulnerabilities.grype.table -o table

Why is this needed: So that grype and syft are more similar :)

Additional context:

spiffcs commented 2 years ago

Great suggestion @debuglevel. If I have some free time this week I'll look about grabbing this and upgrading grype in the way you described.

mkesper commented 2 years ago

Yes, it would be nice to output e.g. table format for easy reading and CycloneDX or JSON for automation at the same time.

spiffcs commented 2 years ago

Hey everyone! I've put my name on this one so I don't forget about it, but am working on another feature right now for attestations in syft. If any of you would like to take a stab at this feel free and I'll happily review the PR, add commits, and walk you through the contribution process. Otherwise, I'll make sure to circle back on this when I have the time.

mike-19 commented 1 year ago

its been quite a while since the last update on this issue, is anyone looking into it ?

mike-19 commented 1 year ago

Is there any update on this ask? Our run time build cycles are increased since we have to grype scans multiple times for different reporting formats we need. Our use case is that we use a custom HTML template for generating a cleaner readable data format for end users; we also run another scan to generate JSON format data for data manipulation and keep audit checks documented for our internal processes and compliance audits. Running scan just for the sake of generating different formats of reports are time-consuming in our build cycles

kzantow commented 1 year ago

This hasn't been prioritized for us at the moment, but we'd be happy to help if someone anyone would like to create a PR for this -- it shouldn't be too complicated to port the changes made in Syft. This deals with parsing the options and the multiWriter is responsible for writing the files -- these would have to be adapted to the Grype data model and Presenter idiom, of course.