search

fatihtokus / scan2html

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
Apache License 2.0
43 stars 9 forks source link

Scanning docker images title is simple "Trivy Report" #110

Open uweng opened 6 days ago

uweng commented 6 days ago

If i'm scanning docker images and title is simple "Trivy Report".

In the result.json there are:

  "CreatedAt": "2024-10-17T14:45:01.638848667+02:00",
  "ArtifactName": "registry.access.redhat.com/rhel7/rhel:latest",
  "ArtifactType": "container_image",

It would be great, if this information will be present on top of the report instead of simple "Trivy Report".

Thanks in advance Uwe

fatihtokus commented 6 days ago

Hi @uweng ,

Thanks for the feature request. May I know which exact command you are using for this report? Also do you use Trivy/Scan2html for other scans (k8s cluster, file, repo, secret, sbom etc)?

Regards, Fatih

uweng commented 6 days ago

Here is my scan command: trivy scan2html image registry.access.redhat.com/rhel7/rhel:latest --scanners vuln,secret,misconfig report.html

uweng commented 6 days ago

Hi Fatih,

yes we scan not only docker images but also the file system of the docker host ( meanwhile podman hosts since redhat 8 ). Scanning a host, the name of the host as title of the report with timestamp would be nice as well.

Best regards Uwe

Am Fr., 18. Okt. 2024 um 09:58 Uhr schrieb Fatih Tokus < @.***>:

Hi @uweng https://github.com/uweng ,

Thanks for the feature request. May I know which exact command you are using for this report? Also do you use Trivy/Scan2html for other scans (k8s cluster, file, repo, secret, sbom etc)?

Regards, Fatih

— Reply to this email directly, view it on GitHub https://github.com/fatihtokus/scan2html/issues/110#issuecomment-2421745269, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5P3FP3OGJGXMC4W42SKFLZ4C5UHAVCNFSM6AAAAABQFGAKN2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRRG42DKMRWHE . You are receiving this because you were mentioned.Message ID: @.***>

-- Mit freundlichen Grüßen

Uwe Wenglewski

uweng commented 6 days ago

This guide to make a chart more readable is worth reading: The Ultimate Guide to Designing Data Tables, for instance could the chart has "zebra stripes" and the headlines set up with a color an would be visible on scrolling down.

fatihtokus commented 4 days ago

These are nice suggestions. But I am not sure if all scan results will have that metadata. We will double-check the trivy report output data format and then include it in the report.

uweng commented 3 days ago

The most flexible way could be a report name parameter like --report-name . You only have to map this data into your report. So i have to care about the information i wan't to see as title in the report. For instance scanning container images at a docker host the following script will scan all active and running container images:

for container in $(docker ps -f status=running --format '{{.Names}}')
 do
   image=$(docker ps -f status=running -f name="${container}$" --format '{{.Image}}')
   echo "###########################"
   echo "Vulnerability scan of '$container'"
   echo "###########################"
   trivy scan2html image $image --severity HIGH,CRITICAL --scanners vuln,secret,misconfig --report-name "asset: $image<BR>scanned_at: $(date +%Y_%m_%d)" $container.html
   echo "###########################"
   echo
 done