Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add more views into grype results #2199

Open
wagoodman opened this issue Oct 18, 2024 · 0 comments
Open

Add more views into grype results #2199

wagoodman opened this issue Oct 18, 2024 · 0 comments
Labels
enhancement New feature or request spike ui UI related
Milestone
Grype 1.0

Comments

@wagoodman
Copy link
Contributor

Today there are a few ways to see the data that grype raises up. The default view is table which is a summarization of findings, json shows you all we know about every match, cyclonedx/cyclonedx-json, sarif, and template if you enjoy the golang template language. When users run grype and see the default results table it is reasonable to ask "what is actionable about this output"? Depending on the package type or location there are different answers here.

We introduced the explain command as an experiment last year to be a way to "dig" into a single row to get an opinionated view into the data (without having the full json data shown). We want to be able to elevate that command further, but it isn't immediately clear where.

We've also had several asks to add file location to the table output to help with report after actions ("what do I do now that I have CVE X against package Y??"). This hinders the summarization of that table, so we've resisted changing the default view here.

All of this hints that we need more ways to describe the same results from multiple perspectives. I think any default view will need to be static output to serve existing needs, but other output options could be interactive allowing the user to filter/find/select/dig dynamically.

Some ideas the team chatted about that are more on the "static" side:

  • Add the concept of a pivot table, which is tunable from the CLI (e.g. grype myimage -o table --pivot location), so we can have the same table experience but allow for users to change what populates each row (i.e. vulns, packages, locations, etc).
  • Add a new HTML report that is a static file but allows for exploring the results more dynamically (multiple different views, filterable, clickable in order to dive and get a view, etc)
  • embed snippets of go templates from an in repo example-templates dir directly into the binary so users can reference them by name instead of by needing the file
  • support --json/--jq similar to the gh command to allow for in-tool ability to query and summarize specific data
  • provide jq snippets example dir for common operations
@wagoodman wagoodman added enhancement New feature or request spike ui UI related labels Oct 18, 2024
@wagoodman wagoodman added this to the Grype 1.0 milestone Oct 18, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement New feature or request spike ui UI related
Projects
OSS
Status: No status
Milestone
Grype 1.0
Development

No branches or pull requests
1 participant
@wagoodman