github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/sarif.tpl (about) 1 { 2 "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", 3 "version": "2.1.0", 4 "runs": [ 5 { 6 "tool": { 7 "driver": { 8 "name": "Trivy", 9 "informationUri": "https://github.com/aquasecurity/trivy", 10 "fullName": "Trivy Vulnerability Scanner", 11 "version": "v0.15.0", 12 "rules": [ 13 {{- $t_first := true }} 14 {{- range . }} 15 {{- range .Vulnerabilities -}} 16 {{- if $t_first -}} 17 {{- $t_first = false -}} 18 {{ else -}} 19 , 20 {{- end }} 21 { 22 "id": "[{{ .Vulnerability.Severity }}] {{ .VulnerabilityID }}", 23 "name": "dockerfile_scan", 24 "shortDescription": { 25 "text": {{ printf "%v Package: %v" .VulnerabilityID .PkgName | printf "%q" }} 26 }, 27 "fullDescription": { 28 "text": {{ endWithPeriod (escapeString .Title) | printf "%q" }} 29 } 30 {{- with $help_uri := .PrimaryURL -}} 31 , 32 {{ $help_uri | printf "\"helpUri\": %q," -}} 33 {{- else -}} 34 , 35 {{- end }} 36 "help": { 37 "text": {{ printf "Vulnerability %v\nSeverity: %v\nPackage: %v\nInstalled Version: %v\nFixed Version: %v\nLink: [%v](%v)" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}}, 38 "markdown": {{ printf "**Vulnerability %v**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|%v|%v|%v|%v|[%v](%v)|\n" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}} 39 }, 40 "properties": { 41 "tags": [ 42 "vulnerability", 43 "{{ .Vulnerability.Severity }}", 44 {{ .PkgName | printf "%q" }} 45 ], 46 "precision": "very-high" 47 } 48 } 49 {{- end -}} 50 {{- end -}} 51 ] 52 } 53 }, 54 "results": [ 55 {{- $t_first := true }} 56 {{- range . }} 57 {{- range $index, $vulnerability := .Vulnerabilities -}} 58 {{- if $t_first -}} 59 {{- $t_first = false -}} 60 {{ else -}} 61 , 62 {{- end }} 63 { 64 "ruleId": "[{{ $vulnerability.Vulnerability.Severity }}] {{ $vulnerability.VulnerabilityID }}", 65 "ruleIndex": {{ $index }}, 66 "level": "error", 67 "message": { 68 "text": {{ endWithPeriod (escapeString $vulnerability.Description) | printf "%q" }} 69 }, 70 "locations": [{ 71 "physicalLocation": { 72 "artifactLocation": { 73 "uri": "Dockerfile" 74 }, 75 "region": { 76 "startLine": 1, 77 "startColumn": 1, 78 "endColumn": 1 79 } 80 } 81 }] 82 } 83 {{- end -}} 84 {{- end -}} 85 ], 86 "columnKind": "utf16CodeUnits" 87 } 88 ] 89 }