This packge parses the vulnerability report(.json) generated by trivy for container images, then generate human readable report(.html or .pdf)
Project description
ImageVulnAnalyzer
This tool can parse the raw vulnerabilities report of container image generated by trivy and generate a human-readable HTML page.
Installation
pip install iv-sherlock
Use the tool
This tool comes with a default config.toml, it's designed for running in linux OS.
[report]
# directory to put raw report generated by trivy
source_path = "/tmp/iv_sherlock/data"
# directory which hosts the generated html report
out_path = "/tmp/iv_sherlock/data/tmp"
# report encoding
default_encoding = "utf-8"
# enable pdf generation or not
export_pdf = false
[cvss]
# default vector score metric. You should change the score based on your security requirements, you can obtain your
# own cvss_score and cve severity
score_mapping = '{"AV": {"N": 0.85, "A": 0.62, "L": 0.55, "P": 0.2}, "AC": {"L": 0.77, "H": 0.44}, "PR": {"N": 0.85, "L": 0.62, "H": 0.27}, "UI": {"N": 0.85, "R": 0.62}, "S": {"U": 1.0, "C": 1.08}, "C": {"H": 0.56, "L": 0.22, "N": 0.0}, "I": {"H": 0.56, "L": 0.22, "N": 0.0}, "A": {"H": 0.56, "L": 0.22, "N": 0.0}}'
You can overload the default configuration file by using the -c or --conf option.
# run the application with default conf, only works in Linux OS
iv_sherlock
# run the application with custom conf
iv_sherlock -c path/to/custom_conf.toml
For windows user, you must provide a custom_conf.toml. You can use the above example and modify the source_path and out_path
To generate some raw report for image in trivy, you can use the below command
$ trivy image -f json -o redis.json redis
You can have more details of trivy from here
The image vulnerabilities
The image vulnerabilities can be divided into two categories:
- The vulnerabilities from base OS
- The vulnerabilities from the applications (or dependencies of the application)
Rendering
The application will generate one report per image and one general report (summary) It is possible to get such a report in PDF too because it prints badly in browsers from HTML
To do that, install playwright and use :
playwright install
Otherwise, you can deactivate this functionality in the config.toml by setting export_pdf to false.
The app will run without playwright then
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iv_sherlock-0.3.0.tar.gz.
File metadata
- Download URL: iv_sherlock-0.3.0.tar.gz
- Upload date:
- Size: 20.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0f0c4bda6f157e17e4ee40cb735fa6912f6243c1ff7920002caa7c9930e45bb2
|
|
| MD5 |
915ea7095a6b27fea8401587c83a9b63
|
|
| BLAKE2b-256 |
e71031d3d234ed27e7032215f93c689872df68cfe538eff212698460795d164e
|
File details
Details for the file iv_sherlock-0.3.0-py3-none-any.whl.
File metadata
- Download URL: iv_sherlock-0.3.0-py3-none-any.whl
- Upload date:
- Size: 19.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
35dc4ef561e984b61f33901ba6fda1b9836f000401de0d98131a69c808de9990
|
|
| MD5 |
47a26bb6665bd1bdb03ca06ae7a0f951
|
|
| BLAKE2b-256 |
5218f2d068627d1e1902ee7e6d24cefdcb138f216ae00603cc0129283528dd18
|
