extract trivy_scan: add --all and --severity option

Author: seebi

CHANGELOG.md

@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](https://semver.org/)
 
+## [0.7.0] 2025-03-17
+
+### Fixed
+
+- even extraction of zero keys will result in a metadata file
+
+### Added
+
+- extract trivy-scan:
+  - --all option to extract all vulnerability groups
+  - --severity option to extract an explicit Vulnerability group
+
 ## [0.6.2] 2025-02-05
 
 ### Added

cimd/commands/extract/trivy_scans.py

@@ -61,22 +61,46 @@ def image_for_severity_count(severity: str, count: int) -> str:
     "JSON_FILE",
     type=click.Path(exists=True, dir_okay=False, file_okay=True, readable=True, resolve_path=True),
 )
+@click.option(
+    "--severity",
+    type=click.Choice(list(COLORS.keys()), case_sensitive=False),
+    help="Request a single severity group only. This results in explicit zero counts.",
+)
+@click.option(
+    "--all",
+    "all_",
+    is_flag=True,
+    help="Will explicitly extract all known severity groups, even zero counts.",
+)
 @click.option(
     "--replace",
     is_flag=True,
-    show_default=True,
     help="Replace items in case they already exists.",
 )
 @click.pass_obj
-def trivy_scan_command(app: ApplicationContext, json_file: str, replace: bool) -> None:
-    """Extract metadata from a trivy scan JSON output file."""
+def trivy_scan_command(
+    app: ApplicationContext, json_file: str, severity: str, all_: bool, replace: bool
+) -> None:
+    """Extract metadata from a trivy scan JSON output file.
+
+    This command will extract counts of vulnerabilities, grouped by
+    severity. Per default, only severity groups with at least one
+    vulnerability will be extracted. If you need explicit zero counts,
+    use `--severity` or `--all`.
+    """
     counter = count_json_file(json_file=json_file)
-    for severity, count in counter.items():
-        key = f"trivy-scan-{severity.lower()}"
+    severities = [severity] if severity else counter.keys()
+    if all_:
+        severities = list(COLORS.keys())
+        severities.extend(counter.keys())
+        severities = list(set(severities))
+    for _ in severities:
+        count = counter.get(_, 0)
+        key = f"trivy-scan-{_.lower()}"
         new_item = Item(
             value=str(count),
-            label=severity,
-            description=f"Count of found vulnerabilities with severity '{severity}'",
-            image=image_for_severity_count(severity=severity, count=count),
+            label=_,
+            description=f"Count of found vulnerabilities with severity '{_}'",
+            image=image_for_severity_count(severity=_, count=count),
         )
         app.add_item(key=key, item=new_item, replace=replace)