Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cli: add command to convert Vulnerability Reports #194

Merged
merged 1 commit into from
Nov 25, 2024

Conversation

crozzy
Copy link
Collaborator

@crozzy crozzy commented Nov 15, 2024

The convert command is able to take a Vulnerability Report in JSON and covert it to Quay secscan format or sarif format.

@crozzy crozzy requested a review from a team as a code owner November 15, 2024 22:21
@crozzy crozzy requested review from RTann and removed request for a team November 15, 2024 22:21
@crozzy crozzy force-pushed the add-convert-command branch from 0744436 to 71e7d55 Compare November 15, 2024 22:21
@crozzy
Copy link
Collaborator Author

crozzy commented Nov 15, 2024

The Konflux team run the action twice because they need both report formats. This can be avoided by extracting the convert logic into it's own command.

cmd/clair-action/convert.go Show resolved Hide resolved
@crozzy crozzy requested a review from RTann November 21, 2024 21:50
Copy link

@RTann RTann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

writing to stdout LGTM at this time. Perhaps one day we may want to allow for other writers, but that day is not today

Copy link

@RTann RTann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I just noticed each fmt.Errorf should use %w for errors, so perhaps do that before merging

@crozzy
Copy link
Collaborator Author

crozzy commented Nov 25, 2024

Actually, I just noticed each fmt.Errorf should use %w for errors, so perhaps do that before merging

So, I thought about that when writing it and figured it wasn't going to be called outside of the CLI context so there's going to be no audience to actually unwrap the error. OTOH I can't really think of an advantage of %v.

The convert command is able to take a Vulnerability Report in JSON and
covert it to Quay secscan format or sarif format.

Signed-off-by: crozzy <[email protected]>
@crozzy crozzy force-pushed the add-convert-command branch from 71e7d55 to 0e0e589 Compare November 25, 2024 23:29
@crozzy
Copy link
Collaborator Author

crozzy commented Nov 25, 2024

/fast-forward

@github-actions github-actions bot merged commit 0e0e589 into quay:main Nov 25, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants