Open uweng opened 6 days ago
Hi @uweng ,
Thanks for the feature request. May I know which exact command you are using for this report? Also do you use Trivy/Scan2html for other scans (k8s cluster, file, repo, secret, sbom etc)?
Regards, Fatih
Here is my scan command:
trivy scan2html image registry.access.redhat.com/rhel7/rhel:latest --scanners vuln,secret,misconfig report.html
Hi Fatih,
yes we scan not only docker images but also the file system of the docker host ( meanwhile podman hosts since redhat 8 ). Scanning a host, the name of the host as title of the report with timestamp would be nice as well.
Best regards Uwe
Am Fr., 18. Okt. 2024 um 09:58 Uhr schrieb Fatih Tokus < @.***>:
Hi @uweng https://github.com/uweng ,
Thanks for the feature request. May I know which exact command you are using for this report? Also do you use Trivy/Scan2html for other scans (k8s cluster, file, repo, secret, sbom etc)?
Regards, Fatih
— Reply to this email directly, view it on GitHub https://github.com/fatihtokus/scan2html/issues/110#issuecomment-2421745269, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5P3FP3OGJGXMC4W42SKFLZ4C5UHAVCNFSM6AAAAABQFGAKN2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRRG42DKMRWHE . You are receiving this because you were mentioned.Message ID: @.***>
-- Mit freundlichen Grüßen
Uwe Wenglewski
This guide to make a chart more readable is worth reading: The Ultimate Guide to Designing Data Tables, for instance could the chart has "zebra stripes" and the headlines set up with a color an would be visible on scrolling down.
These are nice suggestions. But I am not sure if all scan results will have that metadata. We will double-check the trivy report output data format and then include it in the report.
The most flexible way could be a report name parameter like --report-name . You only have to map this data into your report. So i have to care about the information i wan't to see as title in the report. For instance scanning container images at a docker host the following script will scan all active and running container images:
for container in $(docker ps -f status=running --format '{{.Names}}')
do
image=$(docker ps -f status=running -f name="${container}$" --format '{{.Image}}')
echo "###########################"
echo "Vulnerability scan of '$container'"
echo "###########################"
trivy scan2html image $image --severity HIGH,CRITICAL --scanners vuln,secret,misconfig --report-name "asset: $image<BR>scanned_at: $(date +%Y_%m_%d)" $container.html
echo "###########################"
echo
done
If i'm scanning docker images and title is simple "Trivy Report".
In the result.json there are:
It would be great, if this information will be present on top of the report instead of simple "Trivy Report".
Thanks in advance Uwe