Enhance the HTML report table

[64J0]

Description:

I want to be able to run some common operations for tables in the trivy HTML report. Right now it's not interactive, so we can't group vulnerabilities by their criticality.

After checking the repository I found this file : https://github.com/aquasecurity/trivy/blob/8d5882be03d3e27eeaa48825b064d4235974a730/contrib/html.tpl, that I believe is related to the HTML report.

I would be glad to help this project but I'm not versed in Go Lang syntax, so my question is:

• Is there a way to easily test this template using some JSON scan result file I already have?
• If there is a way, how would I do it?

[KyleK1782]

I agree, some additional information and formatting would be greatly beneficial to to the HTML template. I think the most useful would be to have a total number of vulnerabilities, len .Vulnerabilities and then the number of each severity. This would allow users to be able to quickly identify how severe the results are.

[afdesk]

i had an idea to create a custom Trivy plugin for html templates.
@KyleK1782 @64J0 what do you think it's a convenient way for enhance reports?
thanks

[64J0]

I like the idea of being able to filter the columns (per severity for example), and arrange it in some way, say, alphabetically.

My main issue is that I don't know much about Go lang, like I said before. So I'm not sure how to contribute for this project (development locally and test it). It would be nice if we had some docs teaching how to test the HTML report feature using some example scan JSON, just in case we want to work in this feature.

[afdesk]

I like the idea of being able to filter the columns (per severity for example), and arrange it in some way, say, alphabetically.

do you mean that it should be done via JavaScript?

[64J0]

do you mean that it should be done via JavaScript?

Yes, I think that doing this with JavaScript would be easier, and we would get more freedom to implement other features in the future. As an example:

• https://www.w3schools.com/howto/howto_js_filter_table.asp

But initially I think we can keep something like a checkbox menu with all the possible severity values, and let the user pick which values to present in the table. I like the idea of using those chip elements in some control mechanism to select what to show:

• https://mui.com/material-ui/react-chip/#clickable-and-deletable

[fatihtokus]

Hi guys,

I am planning to implement this. Are you still interested?

Regards,
Fatih

[64J0]

For sure @fatihtokus !

[fatihtokus]

@afdesk, I see you have a trivy plugin(scan2html) that can be enhanced to support filtering/sorting. What do you think?

[afdesk]

@fatihtokus yes, there is an idea to create such custom plugin. but unfortunately I haven't tested it yet

[fatihtokus]

@64J0 , @KyleK1782 , @afdesk guys, I have created the initial version of my trivy plugin (https://github.com/fatihtokus/scan2html). Please have a look and give your feedback:

$ trivy plugin install github.com/fatihtokus/scan2html

$ trivy scan2html -h

Usage: trivy scan2html [-h,--help] command target filename
A Trivy plugin that scans and outputs the results to an interactive html file.
Options:
-h, --help Show usage.
Examples:

Scan image

trivy scan2html image alpine:latest interactive_result.html

Scan a local folder

trivy scan2html config . interactive_result.html

[fatihtokus]

v0.0.2 is out, filtering column is added!

[fatihtokus]

Hi all,

I would like to hear from the community if having such a trivy plugin(https://github.com/fatihtokus/scan2html) is useful. It creates a well-formated filterable/sortable html report. Please have a look and give your feedback.

Thanks in advance!