-
Notifications
You must be signed in to change notification settings - Fork 2.5k
/
Copy pathgitlab.tpl
105 lines (105 loc) · 3.19 KB
/
gitlab.tpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
{{- /* Template based on https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format */ -}}
{
"version": "15.0.7",
"scan": {
"analyzer": {
"id": "trivy",
"name": "Trivy",
"vendor": {
"name": "Aqua Security"
},
"version": "{{ appVersion }}"
},
"end_time": "{{ now | date "2006-01-02T15:04:05" }}",
"scanner": {
"id": "trivy",
"name": "Trivy",
"url": "https://github.com/aquasecurity/trivy/",
"vendor": {
"name": "Aqua Security"
},
"version": "{{ appVersion }}"
},
"start_time": "{{ now | date "2006-01-02T15:04:05" }}",
"status": "success",
"type": "container_scanning"
},
"vulnerabilities": [
{{- $t_first := true }}
{{- range . }}
{{- $target := .Target }}
{{- $image := $target | regexFind "[^\\s]+" }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"id": "{{ .VulnerabilityID }}",
"name": {{ .Title | printf "%q" }},
"description": {{ .Description | printf "%q" }},
"severity": {{ if eq .Severity "UNKNOWN" -}}
"Unknown"
{{- else if eq .Severity "LOW" -}}
"Low"
{{- else if eq .Severity "MEDIUM" -}}
"Medium"
{{- else if eq .Severity "HIGH" -}}
"High"
{{- else if eq .Severity "CRITICAL" -}}
"Critical"
{{- else -}}
"{{ .Severity }}"
{{- end }},
"solution": {{ if .FixedVersion -}}
"Upgrade {{ .PkgName }} to {{ .FixedVersion }}"
{{- else -}}
"No solution provided"
{{- end }},
"location": {
"dependency": {
"package": {
"name": "{{ .PkgName }}"
},
"version": "{{ .InstalledVersion }}"
},
{{- /* TODO: No mapping available - https://github.com/aquasecurity/trivy/issues/332 */}}
"operating_system": "Unknown",
"image": "{{ $image }}"
},
"identifiers": [
{
{{- /* TODO: Type not extractable - https://github.com/aquasecurity/trivy-db/pull/24 */}}
"type": "cve",
"name": "{{ .VulnerabilityID }}",
"value": "{{ .VulnerabilityID }}"
{{- /* cf. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/e3d280d7f0862ca66a1555ea8b24016a004bb914/dist/container-scanning-report-format.json#L157-179 */}}
{{- if .PrimaryURL | regexMatch "^(https?|ftp)://.+" -}},
"url": "{{ .PrimaryURL }}"
{{- end }}
}
],
"links": [
{{- $l_first := true -}}
{{- range .References -}}
{{- if $l_first -}}
{{- $l_first = false }}
{{- else -}}
,
{{- end -}}
{{- if . | regexMatch "^(https?|ftp)://.+" -}}
{
"url": "{{ . }}"
}
{{- else -}}
{{- $l_first = true }}
{{- end -}}
{{- end }}
]
}
{{- end -}}
{{- end }}
],
"remediations": []
}