@@ -38,11 +38,20 @@ jobs:
3838 # v1.19.1-debian-amd64
3939 IMAGE=$(make echo-all-images | cut -d' ' -f1|cut -d',' -f3)
4040 echo "# Scan Fluentd image with grype (filter)" >> $GITHUB_STEP_SUMMARY
41- docker run --rm anchore/grype:latest fluent/fluentd:$IMAGE --ignore-states wont-fix | grep -v Negligible >> $GITHUB_STEP_SUMMARY
41+ docker run --rm anchore/grype:latest fluent/fluentd:$IMAGE --ignore-states wont-fix | jq -r '
42+ (["NAME","INSTALLED","FIXED IN","TYPE","VULNERABILITY","SEVERITY"] | join(" | ") | "| " + . + " |"),
43+ (["---","---","---","---","---","---"] | join(" | ") | "| " + . + " |"),
44+ (.matches[]
45+ | select(.vulnerability.severity != "Negligible")
46+ | "| \(.artifact.name) | \(.artifact.version) | \(.vulnerability.fix.versions[0] // "") | \(.artifact.type) | \(.vulnerability.id) | \(.vulnerability.severity)|")
47+ ' >> $GITHUB_STEP_SUMMARY
4248 echo "# Scan Fluentd image with grype (details)" >> $GITHUB_STEP_SUMMARY
43- echo "|NAME | INSTALLED | FIXED | IN | TYPE | VULNERABILITY | SEVERITY | EPSS | RISK | |" >> $GITHUB_STEP_SUMMARY
44- echo "|---| ---|---|---|----|---|---|---|---|---|" >> $GITHUB_STEP_SUMMARY
45- docker run --rm anchore/grype:latest fluent/fluentd:$IMAGE | sed -e "s/won't fix/won'tfix/g" | grep -v "^NAME" | sed 's/^/|/; s/ */ | /g; s/$/ |/' >> $GITHUB_STEP_SUMMARY
49+ docker run --rm anchore/grype:latest fluent/fluentd:$IMAGE | jq -r '
50+ (["NAME","INSTALLED","FIXED IN","TYPE","VULNERABILITY","SEVERITY"] | join(" | ") | "| " + . + " |"),
51+ (["---","---","---","---","---","---"] | join(" | ") | "| " + . + " |"),
52+ (.matches[]
53+ | "| \(.artifact.name) | \(.artifact.version) | \(.vulnerability.fix.versions[0] // "") | \(.artifact.type) | \(.vulnerability.id) | \(.vulnerability.severity)|")
54+ ' >> $GITHUB_STEP_SUMMARY
4655ruby :
4756 name : Scan Ruby image with grype
4857 strategy :
0 commit comments