diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 92fcf00c4d..af7d55885f 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -2589,12 +2589,18 @@ Scanned /fixtures/maven-transitive/pom.xml file and found 3 packages [TestRun_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 1] Scanning image ../../internal/image/fixtures/test-alpine.tar -+--------------------------------+------+--------------+---------+-----------+---------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+--------------------------------+------+--------------+---------+-----------+---------------------------------------------------------------------+ -| https://osv.dev/CVE-2018-25032 | 7.5 | Alpine:v3.18 | zlib | 1.2.11-r1 | ../../internal/image/fixtures/test-alpine.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2022-37434 | 9.8 | Alpine:v3.18 | zlib | 1.2.11-r1 | ../../internal/image/fixtures/test-alpine.tar:/lib/apk/db/installed | -+--------------------------------+------+--------------+---------+-----------+---------------------------------------------------------------------+ +Total 1 packages affected by 2 vulnerabilities (1 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystems, 2 have fixes available +Alpine:v3.18 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-alpine. | +| tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| zlib | 1.2.11-r1 | Fix Available | 2 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- @@ -2614,14 +2620,18 @@ failed to load image ./fixtures/oci-image/no-file-here.tar: open ./fixtures/oci- [TestRun_OCIImage/scanning_node_modules_using_npm_with_no_packages - 1] Scanning image ../../internal/image/fixtures/test-node_modules-npm-empty.tar -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ -| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed | -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ +Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems, 4 have fixes available +Alpine:v3.19 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_mo | +| dules-npm-empty.tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| busybox | 1.36.1-r15 | Fix Available | 4 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- @@ -2631,17 +2641,28 @@ Scanning image ../../internal/image/fixtures/test-node_modules-npm-empty.tar [TestRun_OCIImage/scanning_node_modules_using_npm_with_some_packages - 1] Scanning image ../../internal/image/fixtures/test-node_modules-npm-full.tar -+-------------------------------------+------+--------------+----------+------------+-------------------------------------------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+-------------------------------------+------+--------------+----------+------------+-------------------------------------------------------------------------------------------------------+ -| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed | -| https://osv.dev/GHSA-38f5-ghc2-fcmv | 9.8 | npm | cryo | 0.0.6 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/usr/app/node_modules/.package-lock.json | -| https://osv.dev/GHSA-vh95-rmgr-6w4m | 9.8 | npm | minimist | 0.0.8 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/usr/app/node_modules/.package-lock.json | -| https://osv.dev/GHSA-xvch-5gv4-984h | | | | | | -+-------------------------------------+------+--------------+----------+------------+-------------------------------------------------------------------------------------------------------+ +Total 3 packages affected by 6 vulnerabilities (2 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 2 ecosystems, 5 have fixes available +npm ++--------------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_module | +| s-npm-full.tar:/usr/app/node_modules/.package-lock.json | ++----------+-------------------+------------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++----------+-------------------+------------------+------------+ +| cryo | 0.0.6 | No fix available | 1 | +| minimist | 0.0.8 | Fix Available | 1 | ++----------+-------------------+------------------+------------+ +Alpine:v3.19 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_mo | +| dules-npm-full.tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| busybox | 1.36.1-r15 | Fix Available | 4 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- @@ -2651,14 +2672,18 @@ Scanning image ../../internal/image/fixtures/test-node_modules-npm-full.tar [TestRun_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 1] Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar -+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+ -| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed | -+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+ +Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems, 4 have fixes available +Alpine:v3.19 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_mo | +| dules-pnpm-empty.tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| busybox | 1.36.1-r15 | Fix Available | 4 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- @@ -2668,14 +2693,18 @@ Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar [TestRun_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 1] Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-full.tar -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ -| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed | -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ +Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems, 4 have fixes available +Alpine:v3.19 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_mo | +| dules-pnpm-full.tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| busybox | 1.36.1-r15 | Fix Available | 4 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- @@ -2685,14 +2714,18 @@ Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-full.tar [TestRun_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 1] Scanning image ../../internal/image/fixtures/test-node_modules-yarn-empty.tar -+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+ -| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed | -+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+ +Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems, 4 have fixes available +Alpine:v3.19 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_mo | +| dules-yarn-empty.tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| busybox | 1.36.1-r15 | Fix Available | 4 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- @@ -2702,14 +2735,18 @@ Scanning image ../../internal/image/fixtures/test-node_modules-yarn-empty.tar [TestRun_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 1] Scanning image ../../internal/image/fixtures/test-node_modules-yarn-full.tar -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ -| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed | -| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed | -+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+ +Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems, 4 have fixes available +Alpine:v3.19 ++----------------------------------------------------------+ +| Source:docker:../../internal/image/fixtures/test-node_mo | +| dules-yarn-full.tar:/lib/apk/db/installed | ++---------+-------------------+---------------+------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | ++---------+-------------------+---------------+------------+ +| busybox | 1.36.1-r15 | Fix Available | 4 | ++---------+-------------------+---------------+------------+ +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. +You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical` --- diff --git a/internal/output/table.go b/internal/output/table.go index 663bc94844..ee735b93de 100644 --- a/internal/output/table.go +++ b/internal/output/table.go @@ -133,7 +133,7 @@ func printContainerScanningResult(result Result, outputWriter io.Writer, termina } const promptMessage = "For the most comprehensive scan results, we recommend using the HTML output: " + - "`osv-scanner --format html --output results.html`. \n" + + "`osv-scanner --format html --output results.html`.\n" + "You can also view the full vulnerability list in your terminal with: " + "`osv-scanner --format vertical`" fmt.Fprintln(outputWriter, promptMessage)