Skip to content

Commit

Permalink
docs: add info about github format (#5265)
Browse files Browse the repository at this point in the history
* docs: add info about github format

* rename `GitHub SBOM` to `GitHub dependency snapshots`
  • Loading branch information
DmitriyLewen authored Sep 28, 2023
1 parent 3dd5b1e commit 562723f
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions docs/docs/configuration/reporting.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ Trivy supports the following formats:
- [SARIF](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)
- Template
- SBOM
- GitHub dependency snapshot

### Table (Default)

Expand Down Expand Up @@ -258,6 +259,20 @@ $ trivy image --format sarif -o report.sarif golang:1.12-alpine

This SARIF file can be uploaded to GitHub code scanning results, and there is a [Trivy GitHub Action][action] for automating this process.

### GitHub dependency snapshot
Trivy supports the following packages.

- [OS packages][os_packages]
- [Language-specific packages][language_packages]

[GitHub dependency snapshots][github-sbom] can be generated with the `--format github` flag.

```
$ trivy image --format github -o report.gsbom alpine
```

This snapshot file can be [submitted][github-sbom-submit] to your GitHub repository.

### Template

| Scanner | Supported |
Expand Down Expand Up @@ -389,3 +404,8 @@ $ trivy convert --format table --severity CRITICAL result.json
[asff]: ../../tutorials/integrations/aws-security-hub.md
[sarif]: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-results-from-code-scanning
[sprig]: http://masterminds.github.io/sprig/
[github-sbom]: https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28#about-dependency-submissions
[github-sbom-submit]: https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28#create-a-snapshot-of-dependencies-for-a-repository

[os_packages]: ../scanner/vulnerability.md#os-packages
[language_packages]: ../scanner/vulnerability.md#language-specific-packages

0 comments on commit 562723f

Please sign in to comment.