Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(output): add HTML output format #1258

Merged
merged 23 commits into from
Oct 9, 2024
Merged

feat(output): add HTML output format #1258

merged 23 commits into from
Oct 9, 2024

Conversation

hogo6002
Copy link
Contributor

@hogo6002 hogo6002 commented Sep 18, 2024
edited
Loading

Implement #1274
Add an HTML output format to display results more effectively, particularly for container scanning.
This format retains all the information from the existing table output, including called/uncalled vulnerability details.

New features:

  • Provides a package summary page
  • Groups vulnerabilities by source package and ecosystem. Vulnerabilities from OS images are displayed last by default.
  • Provides a total count of vulnerabilities (excluding uncalled vulnerabilities by default).
  • Surfaces container scanning metrics, such as layer commands.
  • Shows fix version information.
    image
    image
    image

@hogo6002 hogo6002 marked this pull request as draft September 18, 2024 06:27
@codecov-commenter
Copy link

codecov-commenter commented Sep 25, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 68.73065% with 101 lines in your changes missing coverage. Please review.

Project coverage is 68.48%. Comparing base (b14f6c7) to head (96505fb).

Files with missing lines Patch % Lines
internal/output/html.go 77.41% 53 Missing and 10 partials ⚠️
pkg/reporter/html_reporter.go 0.00% 26 Missing ⚠️
internal/utility/severity/severity.go 54.54% 5 Missing ⚠️
cmd/osv-scanner/scan/main.go 0.00% 2 Missing and 1 partial ⚠️
internal/semantic/parse.go 0.00% 2 Missing ⚠️
pkg/reporter/format.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff            @@
##             main    #1258    +/-   ##
========================================
  Coverage   68.47%   68.48%            
========================================
  Files         175      177     +2     
  Lines       16832    17155   +323     
========================================
+ Hits        11526    11748   +222     
- Misses       4679     4769    +90     
- Partials      627      638    +11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@hogo6002 hogo6002 requested a review from cuixq September 27, 2024 06:31
@hogo6002 hogo6002 marked this pull request as ready for review September 27, 2024 06:31
another-rex
another-rex reviewed Sep 30, 2024
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good! Did a quick first pass at reviewing this.

internal/output/html/report_template.html Outdated Show resolved Hide resolved
internal/output/html/vuln_table_template.html Outdated Show resolved Hide resolved
internal/output/html/report_template.html Outdated Show resolved Hide resolved
internal/output/html/report_template.html Outdated Show resolved Hide resolved
internal/output/html/package_table_template.html Outdated Show resolved Hide resolved
internal/output/html.go Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
@hogo6002
Copy link
Contributor Author

hogo6002 commented Oct 1, 2024

Added a tooltip for layer command file name and enabled UT

cuixq
cuixq approved these changes Oct 3, 2024
View reviewed changes
Copy link
Contributor

@cuixq cuixq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/reporter/format.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Show resolved Hide resolved
another-rex
another-rex reviewed Oct 3, 2024
View reviewed changes
internal/output/html.go Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Show resolved Hide resolved
oliverchang
oliverchang reviewed Oct 3, 2024
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks awesome!!!

internal/output/html.go Show resolved Hide resolved
internal/output/html.go Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
another-rex
another-rex reviewed Oct 8, 2024
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last review!

internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
internal/output/html.go Outdated Show resolved Hide resolved
another-rex
another-rex approved these changes Oct 9, 2024
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one minor comment

internal/output/html.go Outdated Show resolved Hide resolved
G-Rath
G-Rath reviewed Oct 9, 2024
View reviewed changes
.prettierignore Outdated Show resolved Hide resolved
@hogo6002 hogo6002 merged commit 3702c3b into google:main Oct 9, 2024
13 checks passed
@oliverchang oliverchang mentioned this pull request Oct 9, 2024
Closed
@hogo6002 hogo6002 mentioned this pull request Nov 6, 2024
Merged
hogo6002 added a commit that referenced this pull request Nov 13, 2024
@hogo6002
feat(output): update HTML output to a new design (#1383)
9ea8aa5 
HTML output added #1258

New design (sample one: https://hogo6002.github.io/scanner-report/):
- Changed the color scheme to match osv.dev.
- Merged the package view and vulnerability view into a single nested
table.
- Added a layer view.
- Added a vulnerability type filter (project, OS, and uncalled).
- Added a vulnerability search bar.
- Refined the vulnerability severity count design.
- Integrated the osv.dev vulnerability page into results (allowing users
to click to view details).
- Improved the UI.

Future plan:
Use frontend framework to enhance code maintainability and readability


![image](https://github.com/user-attachments/assets/5aa1559d-3d41-4ce1-9aff-6e68c25200ac)

![image](https://github.com/user-attachments/assets/e23d7a97-b295-4d10-a8cc-1350dd33576e)

![image](https://github.com/user-attachments/assets/849dc0cf-2b12-4bc9-a08a-10b426d16155)

![image](https://github.com/user-attachments/assets/ba787cda-3e07-479a-976d-171de4db6c7e)

---------

Signed-off-by: Holly Gong <gongh@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@G-Rath G-Rath G-Rath left review comments

@another-rex another-rex another-rex approved these changes

@cuixq cuixq cuixq approved these changes

@oliverchang oliverchang Awaiting requested review from oliverchang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hogo6002 @codecov-commenter @oliverchang @G-Rath @cuixq @another-rex