Add a Markdown format template #3201
Comments
ohmer
added
the
kind/feature
|
Thanks for your proposal. Please let us see how much this feature is needed in the community to decide if we will accept this proposal. |
|
Just stumbled on the exactly same issue, please add this template, thanks! |
|
@ohmer You can actually output directly to step summary, even thou it is missing in the documentation (I'm pretty sure by accident), via - uses: aquasecurity/trivy-action@master
with:
format: template
template: "@trivy/github-markdown.tpl"
output: ${{ github.step_summary }} |
|
I think this is a great addition to Trivy, it would greatly benefit people who don't have access to GitHub Advanced Security. A similar feature was already proposed and discussed earlier this year, in the Trivy Action repository, but the maintainers there apparently put it on hold. |
|
Thank you guys for your thoughts. We'll look into @ohmer's PR. |
|
This issue is stale because it has been labeled with inactivity. |
github-actions
bot
added
the
lifecycle/stale
|
Is it implemented now? I would also love to use this |
github-actions
bot
removed
the
lifecycle/stale
|
Were you able to make the following piece of code work, with an existing format or template? I tested it with the markdown template ( |
|
@michadvorak-cen38289 @saerosV I'm receiving the same error in a GitHub hosted runner. Any tips? I assumed the markdown template needs to exist in the GitHub workspace context and that we prefix this with @ (i.e. |
|
Hi @dstrates. Correct, the template needs to exist. I tested using the HTML template: format: template
template: "@/contrib/html.tpl"
output: ${{ github.step_summary }}and the |
|
FWIW ohmer's original example works fine with the separate step: |
|
This issue is stale because it has been labeled with inactivity. |
github-actions
bot
added
the
lifecycle/stale
github-actions
bot
removed
the
lifecycle/stale
|
I have solved this by creating the markdown.tpl in the repository, with the content provided by ohmer (https://github.com/aquasecurity/trivy/pull/3202/files), and with the following code I am able to the results in the job summary: Because the Trivy scanner runs inside a docker instance, it mounts the checked out repository as a volume inside that container. The volume is mounted as: So to be able the retrieve the markdown template from the repository I have to use '@/github/workspace/' and then the template file location (software/trivy/templates/markdown.tpl) Not my preferred way of doing this, but it works. |
|
does this template 👉🏻 I am getting the following error |
|
trivy never had a build it markdown template #3202 (comment) |
|
What is the usefulness of the |
|
So @itaysk the edit: I mean it cannot be used to update the GitHub actions summary with a report of the vulnerabilities found? |
|
yes github format was created only for github's dependencies tab integration |
|
This feature is still needed, especially when using reusable workflows. This should be easy to implement, as the template is already written. |
Hi there,
Not exactly a feature request, more of an humble proposal to include a new report formatter.
I am using Trivy in GitHub Actions to scan container images. I wanted to make report easy to read in the context of a PR check. SARIF looked like great way to get there but I do not have Advanced Security. So I created a report template that generates Markdown compatible HTML to reach my goal. Maybe it could be useful to the community hence this proposal.
Here is how it looks like when added to a job summary:
Note that the CVE link is automatically generated by GitHub which leads to similar references as in the report.
Example of usage:
The text was updated successfully, but these errors were encountered: