github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/sarif.tpl

github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/sarif.tpl (about)

     1  {
     2    "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
     3    "version": "2.1.0",
     4    "runs": [
     5      {
     6        "tool": {
     7          "driver": {
     8            "name": "Trivy",
     9            "informationUri": "https://github.com/aquasecurity/trivy",
    10            "fullName": "Trivy Vulnerability Scanner",
    11            "version": "v0.15.0",
    12            "rules": [
    13          {{- $t_first := true }}
    14          {{- range . }}
    15              {{- range .Vulnerabilities -}}
    16                {{- if $t_first -}}
    17                  {{- $t_first = false -}}
    18                {{ else -}}
    19                  ,
    20                {{- end }}
    21              {
    22                "id": "[{{ .Vulnerability.Severity }}] {{ .VulnerabilityID }}",
    23                "name": "dockerfile_scan",
    24                "shortDescription": {
    25                  "text": {{ printf "%v Package: %v" .VulnerabilityID .PkgName | printf "%q" }}
    26                },
    27                "fullDescription": {
    28                  "text": {{ endWithPeriod (escapeString .Title) | printf "%q" }}
    29                }
    30                {{- with $help_uri := .PrimaryURL -}}
    31                ,
    32                {{ $help_uri | printf "\"helpUri\": %q," -}}
    33                {{- else -}}
    34                ,
    35                {{- end }}
    36                "help": {
    37                  "text": {{ printf "Vulnerability %v\nSeverity: %v\nPackage: %v\nInstalled Version: %v\nFixed Version: %v\nLink: [%v](%v)" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}},
    38                  "markdown": {{ printf "**Vulnerability %v**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|%v|%v|%v|%v|[%v](%v)|\n" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}}
    39                },
    40                "properties": {
    41                  "tags": [
    42                    "vulnerability",
    43                    "{{ .Vulnerability.Severity }}",
    44                    {{ .PkgName | printf "%q" }}
    45                  ],
    46                  "precision": "very-high"
    47                }
    48              }
    49              {{- end -}}
    50           {{- end -}}
    51            ]
    52          }
    53        },
    54        "results": [
    55      {{- $t_first := true }}
    56      {{- range . }}
    57          {{- range $index, $vulnerability := .Vulnerabilities -}}
    58            {{- if $t_first -}}
    59              {{- $t_first = false -}}
    60            {{ else -}}
    61              ,
    62            {{- end }}
    63          {
    64            "ruleId": "[{{ $vulnerability.Vulnerability.Severity }}] {{ $vulnerability.VulnerabilityID }}",
    65            "ruleIndex": {{ $index }},
    66            "level": "error",
    67            "message": {
    68              "text": {{ endWithPeriod (escapeString $vulnerability.Description) | printf "%q" }}
    69            },
    70            "locations": [{
    71              "physicalLocation": {
    72                "artifactLocation": {
    73                  "uri": "Dockerfile"
    74                },
    75                "region": {
    76                  "startLine": 1,
    77                  "startColumn": 1,
    78                  "endColumn": 1
    79                }
    80              }
    81            }]
    82          }
    83          {{- end -}}
    84        {{- end -}}
    85        ],
    86        "columnKind": "utf16CodeUnits"
    87      }
    88    ]
    89  }