Skip to content

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

License

Notifications You must be signed in to change notification settings

fatihtokus/scan2html

Repository files navigation

scan2html

License: Apache-2.0 OpenSSF Scorecard OpenSSF Best Practices GitHub All Releases GitHub Latest Release

Before moving on, please consider giving us a GitHub star ⭐️. Thank you!

About scan2html

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

Install

trivy plugin install scan2html

Uninstall

trivy plugin uninstall scan2html

Usage

Generate a report from multiple json scan results

trivy scan2html generate --scan2html-flags --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
Result

result

Generate report with EPSS scores from multiple scan results - experimental

trivy scan2html generate --scan2html-flags --with-epss --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
Result

result

Scan a local folder

trivy scan2html fs --scanners vuln,secret,misconfig . --scan2html-flags --output interactive_report.html
Result

result

Scan a k8s cluster

trivy scan2html k8s cluster --scan2html-flags --output interactive_report.html
Result

result

Scan a k8s cluster all

trivy scan2html k8s --report=all --scan2html-flags --output interactive_report.html
Result

result

Scan a k8s cluster summary

trivy scan2html k8s --report summary cluster --scan2html-flags --output interactive_report.html
Result

result

Scan and generate SBOM(spdx) report

trivy scan2html image --format spdx alpine:3.15 --scan2html-flags --output interactive_report.html
Result

result

Help

$ trivy scan2html -h

Usage: trivy scan2html [-h,--help] command target filename
  trivy scan2html <trivy [global flags] command [flags] target> --scan2html-flags [scan2html flags]
  trivy scan2html generate --scan2html-flags [scan2html flags]
  
Utility Commands
  generate    Generate a report from multiple json scan results
  help        Help about any command
  version     Print the version
  
Flags:
  -h, --help      Show usage.
  --output        Report name
  --report-title  Report Title
  --with-epss     Include EPSS data
  
Examples:
   # Scan an image
  trivy scan2html image alpine:latest --scan2html-flags --output interactive_report.html

  # Scan an image from local tar file
  trivy scan2html image --input ruby-3.1.tar --scan2html-flags --output interactive_report.html

  # Scan a local folder
  trivy scan2html fs --scanners vuln,secret,misconfig . --scan2html-flags --output interactive_report.html

  # Scan a k8s cluster
  trivy scan2html k8s cluster --scan2html-flags --output interactive_report.html

  # Scan a k8s cluster all
  trivy scan2html k8s --report=all --scan2html-flags --output interactive_report.html

  # Scan a k8s cluster summary
  trivy scan2html k8s --report summary cluster --scan2html-flags --output interactive_report.html

  # Scan and generate SBOM(spdx) report
  trivy scan2html image --format spdx alpine:3.15 --scan2html-flags --output interactive_report.html
  
  # Generate a report from multiple json scan results - experimental
  trivy scan2html generate --scan2html-flags --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
  
  # Generate report with EPSS scores from multiple scan results - experimental
  trivy scan2html generate --scan2html-flags --with-epss --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json