Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: prototype of grype explain #1367

Merged
merged 49 commits into from
Sep 11, 2023
Merged

feat: prototype of grype explain #1367

merged 49 commits into from
Sep 11, 2023

Conversation

willmurphyscode
Copy link
Contributor

@willmurphyscode willmurphyscode commented Jun 28, 2023

Fixes #1342.

Still WIP. Mostly using #1342 to comment on what the desired output should look like, then will clean up this branch and get ready to merge.

This is an initial prototype of grype explain. The goal is to get something in front of users so that they can try out the experience and we can start getting feedback. This is NOT a final version of the output, or a final factoring of the code that renders the output.

Note: this is invoked on grype JSON output, like grype -q alpine:3.7 -o json | go run cmd/grype/main.go explain --id CVE-2022-48174.

@willmurphyscode willmurphyscode force-pushed the grype-cve-explain branch 3 times, most recently from 0306a30 to 3ecd88f Compare September 7, 2023 19:31
@willmurphyscode willmurphyscode marked this pull request as ready for review September 7, 2023 19:53
Signed-off-by: Will Murphy <will.murphy@anchore.com>

WIP

Signed-off-by: Will Murphy <will.murphy@anchore.com>

WIP: working explain command

Signed-off-by: Will Murphy <will.murphy@anchore.com>

WIP track explanation model

Signed-off-by: Will Murphy <will.murphy@anchore.com>

Working template for exact-indirect-matches

Signed-off-by: Will Murphy <will.murphy@anchore.com>

Format CPE matches; add datasource URL

Signed-off-by: Will Murphy <will.murphy@anchore.com>

some cleanup

Signed-off-by: Will Murphy <will.murphy@anchore.com>

WIP: a few more details

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Previously they were grouped by artifact ID, which was noisy because it
made a lot of similar, small-ish groups.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Previous code assumed primary was a property of a match, but really it's
a property of a vulnerability. Rearrange the code to choose a pimary
vulnerability.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments added about cleaning up the comments and potential reminders that have been sitting around - are there any integration/cli tests we want to add for this one. Maybe just a smoke test to give the 👍 it's executing and producing the correct results?

The rest of explain looks technically correct - no hard to catch bugs or otherwise hard to read code.

@willmurphyscode I can do another pass this PM so we can get this prototype out for users to start kicking the tires on

grype/presenter/explain/explain.go Outdated Show resolved Hide resolved
grype/presenter/explain/explain.go Show resolved Hide resolved
cmd/grype/cli/legacy/explain.go Show resolved Hide resolved
grype/presenter/explain/explain.go Outdated Show resolved Hide resolved
grype/presenter/explain/explain.go Outdated Show resolved Hide resolved
grype/presenter/explain/explain.go Outdated Show resolved Hide resolved
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great v0 of this functionality, really looking forward to continuing this work!

Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode willmurphyscode merged commit 1772f25 into main Sep 11, 2023
@willmurphyscode willmurphyscode deleted the grype-cve-explain branch September 11, 2023 17:32
@willmurphyscode willmurphyscode changed the title feat: grype explain feat: prototype of grype explain Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

grype explain
3 participants