search

fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
31 stars 18 forks source link

Custom Output Support #447

Closed webmutation closed 1 year ago

webmutation commented 1 year ago

Is there a simple way to filter the output fields using the -o expr command? for example I would like to output only the following fields name, visibleCount, totalCount from the following command

fcli v1.2.3 fcli ssc appversion-vuln count --appversion cc-bulk-service-backend:develop -o tree

I can always process it with an external tool like jq or yq but if there is a built-in way to create this type of custom output that would save some piping.

I would like to filter out the following output

VULNERABILITY SUMMARY -+- |-id: Critical |-cleanName: Critical |-name: Critical - [1 / 6] |-totalCount: 6 |-auditedCount: 1 '-visibleCount: 6 -+- |-id: High |-cleanName: High |-name: High - [8 / 25] |-totalCount: 25 |-auditedCount: 8 '-visibleCount: 25 -+- |-id: Medium |-cleanName: Medium |-name: Medium - [1 / 16] |-totalCount: 16 |-auditedCount: 1 '-visibleCount: 16 -+- |-id: Low |-cleanName: Low |-name: Low - [50 / 73] |-totalCount: 73 |-auditedCount: 50 '-visibleCount: 73

into a cleaner output, maybe even reduce it more than this...

VULNERABILITY SUMMARY -+- |-name: Critical - [1 / 6] |-totalCount: 6 |-auditedCount: 1 '-visibleCount: 6 -+- |-name: High - [8 / 25] |-totalCount: 25 |-auditedCount: 8 '-visibleCount: 25 -+- |-name: Medium - [1 / 16] |-totalCount: 16 |-auditedCount: 1 '-visibleCount: 16 -+- |-name: Low - [50 / 73] |-totalCount: 73 |-auditedCount: 50 '-visibleCount: 73

rsenden commented 1 year ago

Sure you can. Most output formats support an additional comma-separated parameter to select the the (JSON) properties to be included in the output, so you should be able to do something like -o tree=name,totalCount,.... For even more flexibility, you can use the expr output format, for example -o 'expr={name}\t{totalCount}\n' to have fcli output tab-delimited rows.

For more information, see https://fortify.github.io/fcli/v1.2.3/#_o_output. Note that you're using a relatively old fcli version; latest 1.x version is currently 1.3.1 (after upgrading, please select the appropriate version on the documentation pages).

We're also planning to release fcli 2.0.0 in the next month or so. This new version will bring a lot of enhancements and new functionality, but some invocations may need to be updated as we've changed some command names and options. For example, the fcli ssc appversion-vuln count command has been renamed to fcli ssc vulnerability count or alias fcli ssc issue count. You may want to check out the dev_develop (built from latest commit) or dev_2.0.0-beta (slightly behind dev_develop) releases to already familiarize yourself with the upcoming 2.0.0 release.

webmutation commented 1 year ago

That is exactly what I was looking for. Thanks so much @rsenden , I was trying to understand the help command but it was throwing an error, I see now that the expr is index based not a CSV list. Makes perfect sense now