code-security-report

command module
v0.0.0-...-8e84926 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2023 License: MIT Imports: 4 Imported by: 0

README

code-security-report

A tool for analyzing the reports generated by various code security scanning tools (i.e. Snyk, Trivy). It is inspired by and designed for Github Action Workflow integration.

Supported Report Type

  1. Snyk
  2. Trivy

How to develop?

Build image locally

make image

Bump version

./dev.sh bump_version

Examples in Github Action Workflow

1. Get summary
- name: Analyse the js result
if: >-
    github.ref == 'refs/heads/main' ||
    github.ref== 'refs/heads/master'
id: set-matrix
run: | 
    result=$(docker run --rm -v /home/runner/work/repo:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=matrix)
    echo "js_result=${result}" >> $GITHUB_OUTPUT
2. Diff two reports
- name: Analyse the go diff result
if: >-
    github.ref != 'refs/heads/main' && 
    github.ref != 'refs/heads/master'
id: set-diff-matrix
run: | 
    result=$(docker run --rm -v /home/runner/work/repo:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/go-snyk-feature.json" --compare-to="/data/go-snyk-develop.json" -output-type=matrix)
    echo "js_diff_result=${result}" >> $GITHUB_OUTPUT
3. Export summary result
- name: Export scan result to html file 
run: | 
    $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=table --export --export-filename="/data/go-result")

- name: Upload go result html file
uses: actions/upload-artifact@v3
with:
    name: html-go-result-${{github.run_id}}
    path: go-result.html
4. Export diff result
- name: Export scan result to html file 
run: | 
    $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/go-snyk-feature.json" --compare-to="/data/go-snyk-develop.json" --output-type=table --export --export-filename="/data/go-result")

- name: Upload go result html file
uses: actions/upload-artifact@v3
with:
    name: html-go-result-compare-to-develop-${{github.run_id}}
    path: go-result.html

Examples in CLI

1. Get summary of the report

./code-security-report summary --report-type=snyk --path="./snyk-feature.json" --output-type=matrix

Output:
[
	{
		"ScannedObjects": 365,
		"SeverityStat": {
			"critical": 0,
			"high": 3,
			"medium": 0,
			"low": 0,
			"unknown": 0
		},
		"total": 3,
		"FixableSeverityStat": {
			"critical": 0,
			"high": 2,
			"medium": 0,
			"low": 0,
			"unknown": 0
		},
		"Languages": [
			"js"
		],
		"summary": "Tested 365 dependencies for known issues.  Severity Statistic: High:3 ",
		"status": "success"
	}
]
2. Compare two reports

./code-security-report diff --report-type=snyk --path="./snyk-feature.json" --compare-to="./snyk-develop.json" --output-type=matrix

Output:
[
	{
		"Base": {
			"ScannedObjects": 426,
			"SeverityStat": {
				"critical": 0,
				"high": 2,
				"medium": 6,
				"low": 0,
				"unknown": 0
			},
			"total": 8,
			"FixableSeverityStat": {
				"critical": 0,
				"high": 1,
				"medium": 2,
				"low": 0,
				"unknown": 0
			},
			"Languages": [
				"js"
			],
			"summary": "Tested 426 dependencies for known issues.  Severity Statistic: High:2 Medium:6 ",
			"status": "success"
		},
		"Fixed": {
			"ScannedObjects": 0,
			"SeverityStat": {
				"critical": 0,
				"high": 0,
				"medium": 0,
				"low": 0,
				"unknown": 0
			},
			"total": 0,
			"FixableSeverityStat": {
				"critical": 0,
				"high": 0,
				"medium": 0,
				"low": 0,
				"unknown": 0
			},
			"Languages": null,
			"summary": "Tested 450 dependencies for known issues.  Severity Statistic: Nothing found",
			"status": ""
		},
		"NewFound": {
			"ScannedObjects": 0,
			"SeverityStat": {
				"critical": 0,
				"high": 0,
				"medium": 3,
				"low": 0,
				"unknown": 0
			},
			"total": 3,
			"FixableSeverityStat": {
				"critical": 0,
				"high": 0,
				"medium": 0,
				"low": 0,
				"unknown": 0
			},
			"Languages": null,
			"summary": "Tested 450 dependencies for known issues.  Severity Statistic: Medium:3 ",
			"status": ""
		},
		"Summary": "Base summary:Tested 426 dependencies for known issues.  Severity Statistic: High:2 Medium:6  | Fixed summary:Tested 450 dependencies for known issues.  Severity Statistic: Nothing found | New found summary:Tested 450 dependencies for known issues.  Severity Statistic: Medium:3 .",
		"Status": "failure"
	}
]
3. Export the summary report

./code-security-report summary --report-type=snyk --path="./fixtures/snyk-feature.json" --export --output-type=table --export-filename="snyk-summary"

4. Export the diff report

./code-security-report diff --report-type=snyk --path="./fixtures/snyk-feature.json" --compare-to="./fixtures/snyk-develop.json" --output-type=table --export

5. Debug with inspect command

docker run --rm -v $PWD/fixtures:/data portainerci/code-security-report:latest inspect --target-dir=/data

6. Check version

./code-security-report version

Examples with docker

1. Run with docker container

docker run --rm -v $PWD/fixtures:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json"

2. Export with docker container

docker run --rm -v $PWD/fixtures:/data portainerci/code-security-report:latest diff --report-type=snyk --path="./data/snyk-feature.json" --compare-to="./data/snyk-develop.json" --output-type=table --export --export-filename="./data/snyk-diff"

Command detail

./code-security-report help

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.