search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.27k stars 363 forks source link

feat(output): add a unified output result #1397

Closed hogo6002 closed 1 week ago

hogo6002 commented 1 week ago

Refactored the HTMLResult into a unified structure that can be reused by other output formats. This new structure presents results hierarchically, grouping vulnerabilities by ecosystem, source, and package. Compare to the original vulnerabilityResult, it contains more information, such as vulnerability count (called/uncalled/fixable/unfixable/severity), package/vulnerability fix information, etc.

Follow-up PRs:

codecov-commenter commented 1 week ago

Codecov Report

Attention: Patch coverage is 75.31646% with 78 lines in your changes missing coverage. Please review.

Project coverage is 69.05%. Comparing base (c80f395) to head (b3bcc7c). Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
internal/output/output_result.go 75.16% 61 Missing and 14 partials :warning:
internal/utility/severity/severity.go 57.14% 3 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1397 +/- ## ========================================== + Coverage 68.96% 69.05% +0.08% ========================================== Files 185 186 +1 Lines 17934 18237 +303 ========================================== + Hits 12368 12593 +225 - Misses 4903 4965 +62 - Partials 663 679 +16 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

🚨 Try these New Features:

hogo6002 commented 1 week ago

I'm going to merge this PR first to create the package view for the table output. Feel free to leave comments, and I'll address them in a separate PR.