-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: prototype of grype explain #1367
Conversation
0306a30
to
3ecd88f
Compare
Signed-off-by: Will Murphy <will.murphy@anchore.com> WIP Signed-off-by: Will Murphy <will.murphy@anchore.com> WIP: working explain command Signed-off-by: Will Murphy <will.murphy@anchore.com> WIP track explanation model Signed-off-by: Will Murphy <will.murphy@anchore.com> Working template for exact-indirect-matches Signed-off-by: Will Murphy <will.murphy@anchore.com> Format CPE matches; add datasource URL Signed-off-by: Will Murphy <will.murphy@anchore.com> some cleanup Signed-off-by: Will Murphy <will.murphy@anchore.com> WIP: a few more details Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Previously they were grouped by artifact ID, which was noisy because it made a lot of similar, small-ish groups. Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Previous code assumed primary was a property of a match, but really it's a property of a vulnerability. Rearrange the code to choose a pimary vulnerability. Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
797f9c0
to
03dc5db
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments added about cleaning up the comments and potential reminders that have been sitting around - are there any integration/cli tests we want to add for this one. Maybe just a smoke test to give the 👍 it's executing and producing the correct results?
The rest of explain looks technically correct - no hard to catch bugs or otherwise hard to read code.
@willmurphyscode I can do another pass this PM so we can get this prototype out for users to start kicking the tires on
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a great v0 of this functionality, really looking forward to continuing this work!
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Fixes #1342.
Still WIP. Mostly using #1342 to comment on what the desired output should look like, then will clean up this branch and get ready to merge.This is an initial prototype of
grype explain
. The goal is to get something in front of users so that they can try out the experience and we can start getting feedback. This is NOT a final version of the output, or a final factoring of the code that renders the output.Note: this is invoked on grype JSON output, like
grype -q alpine:3.7 -o json | go run cmd/grype/main.go explain --id CVE-2022-48174
.