A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
License: Apache License 2.0
I have generated the HTML however, the secrets are not being displayed in the UI.
Command used: trivy scan2html fs --scanners vuln,secret,misconfig . interactive_report.html
Trivy version : 0.51 & 0.52
Expected behaviour: secrets should also display
When i call "trivy scan2html -h" i got an error that says no such file or directory, but file exist. Mb i'm doing something wrong
Hi Team,
I'm running Trivy commands twice in pipeline: is there any way to combine the output html and show single file? or I need to display in 2x different html? additionally, if it's not possible to display the combine html - is it possible to configure the left side menu to show exactly what we want to show?
trivy scan2html rootfs --exit-code 1 . --skip-files "*.deb" --ignore-unfixed --scanners vuln --severity CRITICAL,HIGH,MEDIUM output.html
trivy scan2html rootfs --exit-code 0 . --skip-files "*.deb" --skip-dirs "venv" --scanners secrets --severity CRITICAL,HIGH,MEDIUM output1.html
Developing the CSS features of the table.
Hi,
I really like this plugin for Trivy as it fits perfectly in my project for visualizing Trivy reports.
I would like to ask if it could be possible to support SBOMs as well. Specifically in spdx format but cyclonedx would also be fine. The command would be something like:
trivy scan2html image --format spdx ghcr.io/zalando/spilo-15:3.0-p1
trivy scan2html k8s --report summary cluster interactive_result.html
trivy k8s --report summary cluster --format json -o results_k8s_cluster_summary.json
oot@ubuntu-server:/home/chenwei# trivy scan2html image proxy:v2.4.0 result.html
/root/snap/trivy/215/.trivy/plugins/scan2html/scan2html: line 24: trivy: command not found
Error: plugin error: plugin exec: exit status 127
Usage:
trivy scan2html [flags]
Flags:
-h, --help help for scan2html
Global Flags:
--cache-dir string cache directory (default "/root/snap/trivy/215/.cache/trivy")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
2023-07-15T23:51:22.381+0800 FATAL plugin error: plugin exec: exit status 127
trivy image --scanners license alpine:3.15 --format json -o image-license.json
Hi Fatih,
I hope you are doing well !
Recently I created a job to perfom trivy scan image and trivy scan filesystem which is running fine inside opensuse.
As the step zypper refresh takes time, and also after last issue due to the absence of bash and git I have decided to run the same job inside alpine and aquasec/trivy docker image.
I could notice that the generated html file inside alpine (also aquasec/trivy) is giving me empty page, even tho the file has content.
When i run the command in my wsl ubuntu the report fine also the same in opensuse docker images.
trivy scan2html fs --scanners vuln,misconfig --exit-code 0 . interactive_fs_scan_report.html
I tried to compare the two html files, I could see some differences but unable to figure it out ( I'm not a react expert :)), I attached them bellow
reports.zip
I should mention that I don't have any issue for trivy image scanning when I execute the scan in opensuse nor alpine (aquasec/trivy).
Can you please support in this matter ?
Thank you !
related to #25
Hi Team,
exit code is not getting capture properly:
trivy scan2html rootfs --exit-code 1 . --scanners vuln --severity CRITICAL,HIGH,MEDIUM test.html
echo $?
the above code is printing 0
trivy rootfs --exit-code 1 . --scanners vuln --severity CRITICAL,HIGH,MEDIUM
echo $?
the above code is printing 1
Hi,
First thanks you for this plugin, it helps a lot !
I'm facing to an issue. When I run the plugin install command inside a Gitlab runner job I got this error :
$ trivy plugin -d install github.com/fatihtokus/scan2html
2024-05-06T14:56:39Z INFO Installing the plugin... url="github.com/fatihtokus/scan2html"
2024-05-06T14:56:41Z INFO Loading the plugin metadata...
2024-05-06T14:56:41Z DEBUG Installing the plugin... path="/root/.trivy/plugins/scan2html"
2024-05-06T14:56:41Z DEBUG Downloading the execution file... uri="https://github.com/fatihtokus/scan2html/releases/download/v0.2.8/scan2html.tar.gz"
$ trivy -d plugin list
Installed Plugins:
Name: scan2html
Version: 0.2.8
$ trivy -d scan2html image ${IMAGE} "index.html"
2024-05-06T14:56:44Z FATAL Fatal error plugin error: plugin exec: fork/exec /root/.trivy/plugins/scan2html/scan2html: no such file or directoryPS: I also tried to move basic directory of trivy next to my procject folder by changing XDG_DATA_HOME variable.
Can you help me to debug this ?
I use a docker:dind image based on alpine system.
trivy scan2html k8s --report=all all -n my-namespace resultnew.html
Json is inside html, but page is empty (no vulnerabilities) only filters and search bar.
Uncaught TypeError: Cannot read properties of undefined (reading 'forEach')
at vulnerabilitiesForK8s (result3.html:470:32)
at vulnerabilities (result3.html:465:12)
at initializeReportTitle (result3.html:410:89)
at initTheReportDetails (result3.html:383:5)
at result3.html:13248:1
When using the Trivy plugin as a task in Azure DevOps pipelines, It is able to detect packages.json and find vulnerabilities. When using this plugin, the vulnerabilities are 0.
Trivy in Azure DevOps:
Scan2html results:
EDIT:
I just had to use trivy scan2html fs instead of trivy scan2html config
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.