Closed jpinkham closed 3 months ago
I've taken a first pass at tweaking the template to increase readability. This round was more about determining what data I can add to the page, vs fussing too much with styling. Feedback is welcome
Was also facing this issue, where we scan a large number of .NET projects at the same time, and each project would only get the header "nuget". Would be great to see the modifications by @jpinkham implemented.
@frjonsen you can use any custom templates for trivy
results:
$ trivy image --format template --template @path/to/custom/html.tpl --output result.html alpine:latest
it seems that @jpinkham's changes are here: https://github.com/aquasecurity/trivy/commit/7b4fb9daadffa758337a9042ff37b057b602a772
@afdesk and @frjonsen : thank you for providing the impetus to stop futzing with the template and finally submit a PR with my changes. Hopefully https://github.com/aquasecurity/trivy/pull/1741 will be reviewed soon.
This issue is stale because it has been labeled with inactivity.
I think this shouldn't be closed, I'd like to see this fixed at some point... And the PR hasn't been merged yet
Same issue here - please merge the PR
This also applies when using Trivy's misconfiguration scanning AND filesystem scanning features.
This issue is stale because it has been labeled with inactivity.
Ping to keep this active. This is the official bundled HTML template and it's never worked properly. I think this should be fixed.
Hi @huornlmj, we have a plan to extract the non-essential output options out of trivy so that the community can develop it, therefore we are reluctant to invest in these areas right now. related: https://github.com/aquasecurity/trivy/discussions/4451
This issue is stale because it has been labeled with inactivity.
Still an issue
Still an issue - quietly longing for this fix as I believe it would be one of those "missing puzzle piece" feature fixes.!
@huornlmj I'm sorry but we have no intention to maintain the HTML template in-tree, most like we will remove it. I would advise people interested in an HTML output to either copy the html from Trivy and tweak it, or make the request with one of the existing plugins such as https://github.com/fatihtokus/scan2html
For many different types of files being scanned, the target names are not being reported in the HTML template, only the type of file. This makes it impossible to know which file contains the vulnerabilities and/or misconfigurations that were found.
I happened to have a local clone of https://github.com/docker/awesome-compose available, which is good for scanning because it contains files of multiple types (except golang). I've attached the json output of the scan and the HTML output for comparison (for some reason GH doesn't support HTML or JSON file attachments....so I gzip'd them). I attached trivy results of Trivy as well, since it contains golang examples plus lots of config files.
And here's some screenshots of the lack of Target name:
awesome-compose.html.gz awesome-compose.json.gz trivy_results_of_trivy_itself.json.gz trivy_results_of_trivy_itself.html.gz
NOTE: These reports were generated with Trivy v0.22.0