search

optiopay / klar

Integration of Clair and Docker Registry
MIT License
506 stars 140 forks source link

JSON output still gives empty Vulnerabilities list #154

Closed robh007 closed 4 years ago

robh007 commented 4 years ago

The issue fixed in #133 doesn't appear to have fixed the empty JSON output problem. A var named output is created in the following code. But that map is never updated to include the vulnerability data hence you then get an empty JSON object in the output.

{"LayerCount":2,"Vulnerabilities":{}}

https://github.com/optiopay/klar/blob/99ad65f257636385fed0c6ef0997dc020687ee71/main.go#L57-L59

This line updates the output with the number of layers so you get the LayerCount within the file.

https://github.com/optiopay/klar/blob/99ad65f257636385fed0c6ef0997dc020687ee71/main.go#L64-L68

But the actual Vulnerabilities aren't being processed and subsequently are not added to the output map. The text & table format uses the vs variable.

https://github.com/optiopay/klar/blob/99ad65f257636385fed0c6ef0997dc020687ee71/main.go#L95-L109

robh007 commented 4 years ago

I hadn't looked at the code in jsonFormat. Closing the issue for now.