Last active
August 24, 2022 01:59
-
-
Save tonybaloney/04a0744d4e3501fd02500f5c429821cc to your computer and use it in GitHub Desktop.
Grype results printer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Requirements -- | |
| - orjson | |
| - rich | |
| Usage: | |
| > grype /path/to/scan -o json > output.json | |
| > python grype_print.py output.json | |
| or | |
| > python grype_print.py output.json --only-fixable | |
| """ | |
| import orjson | |
| from rich.console import Console | |
| from rich.table import Table | |
| from rich.text import Text | |
| import argparse | |
| severity_map = { | |
| "Unknown": 0, | |
| "Negligible": 1, | |
| "Low": 2, | |
| "Medium": 3, | |
| "High": 4, | |
| "Critical": 5, | |
| } | |
| severity_color_map = { | |
| "Unknown": "yellow", | |
| "Negligible": "green", | |
| "Low": "green", | |
| "Medium": "yellow", | |
| "High": "red", | |
| "Critical": "red", | |
| } | |
| def main(path, only_fixable=True, include_all=True, contains=None): | |
| table = Table(title="Grype Results") | |
| table.add_column("Artifact", justify="right", style="green") | |
| table.add_column("CVE", justify="right", style="cyan", no_wrap=True) | |
| table.add_column("Severity", style="magenta") | |
| table.add_column("Type", justify="right", style="green") | |
| table.add_column("Version", justify="right", style="green") | |
| table.add_column("State", justify="right", style="green") | |
| table.add_column("Path", justify="right", style="green") | |
| table.add_column("URL", justify="right", style="green") | |
| with open(path, 'r') as f: | |
| data = orjson.loads(f.read()) | |
| rows = [] | |
| for match in data["matches"]: | |
| row = {"id": match["vulnerability"]["id"], "severity": match["vulnerability"]["severity"], "type": match["artifact"]["type"], "name": match["artifact"]["name"], "version": match["artifact"]["version"], "state": match["vulnerability"]["fix"]["state"], "url": match["vulnerability"]["urls"][0], "path": match["artifact"]["locations"][0]["path"]} | |
| if only_fixable and row["state"] in ["wont-fix", "not-fixed"]: | |
| continue | |
| if not include_all and severity_map[row["severity"]] < 3: | |
| continue | |
| if contains and contains not in row["name"]: | |
| continue | |
| rows.append(row) | |
| rows.sort(key=lambda x: (severity_map[x["severity"]], x["name"]), reverse=True) | |
| for row in rows: | |
| table.add_row(row["name"], row["id"], Text(row["severity"], severity_color_map[row['severity']]), row["type"], row["version"], row["state"], row["path"], row["url"]) | |
| console = Console() | |
| console.print(table) | |
| if __name__ == '__main__': | |
| parser = argparse.ArgumentParser(description='Grype Print') | |
| parser.add_argument('path', type=str, help='Path to Grype results file') | |
| parser.add_argument('--only-fixable', action='store_true', help='Only print fixable vulnerabilities') | |
| parser.add_argument('--all', action='store_true', help='Include Informational and Low') | |
| parser.add_argument('--contains', type=str, action='store', help='Contains keyword') | |
| args = parser.parse_args() | |
| main(args.path, args.only_fixable, args.all, args.contains) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just change your code:
And you can use pipe:
grype ... | ./your_script