Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Render output as a markdown table for use in github comments #156

Merged
merged 6 commits into from
Feb 2, 2023

Conversation

deftdawg
Copy link
Contributor

@deftdawg deftdawg commented Jan 21, 2023

Add --format markdown command line switch that will render the output table as a markdown table for use when making comments to github and other places that use markdown.

Resolves #61

Sample Output

Here's what the output looks like for osv-scanner -D golang:1.18-rc-stretch --format markdown:

Raw

Scanned docker image with 189 packages
| OSV URL | Ecosystem | Package | Version | Source |
| --- | --- | --- | --- | --- |
| https://osv.dev/DLA-2948-1 | Debian | debian-archive-keyring | 2017.5+deb9u1 | golang:1.18-rc-stretch |
| https://osv.dev/DLA-3022-1 | Debian | dpkg | 1.18.25 | golang:1.18-rc-stretch |
| https://osv.dev/DLA-2952-1 | Debian | openssl | 1.1.0l-1~deb9u4 | golang:1.18-rc-stretch |
| https://osv.dev/DLA-3008-1 | Debian | openssl | 1.1.0l-1~deb9u4 | golang:1.18-rc-stretch |
| https://osv.dev/DLA-2963-1 | Debian | tzdata | 2021a-0+deb9u2 | golang:1.18-rc-stretch |
| https://osv.dev/DLA-3051-1 | Debian | tzdata | 2021a-0+deb9u2 | golang:1.18-rc-stretch |

Rendered

Scanned docker image with 189 packages

OSV URL Ecosystem Package Version Source
https://osv.dev/DLA-2948-1 Debian debian-archive-keyring 2017.5+deb9u1 golang:1.18-rc-stretch
https://osv.dev/DLA-3022-1 Debian dpkg 1.18.25 golang:1.18-rc-stretch
https://osv.dev/DLA-2952-1 Debian openssl 1.1.0l-1~deb9u4 golang:1.18-rc-stretch
https://osv.dev/DLA-3008-1 Debian openssl 1.1.0l-1~deb9u4 golang:1.18-rc-stretch
https://osv.dev/DLA-2963-1 Debian tzdata 2021a-0+deb9u2 golang:1.18-rc-stretch
https://osv.dev/DLA-3051-1 Debian tzdata 2021a-0+deb9u2 golang:1.18-rc-stretch

@google-cla
Copy link

google-cla bot commented Jan 21, 2023

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@G-Rath

This comment was marked as resolved.

Copy link
Collaborator

@G-Rath G-Rath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than add dedicated flag, I think it'd be best to add an --output flag since we've planning to add support for another output format at somepoint.

Also, could you include a sample of what the output looks like just for easy reference, since we don't yet have any tests that report vulnerabilities (that'll change once #94 gets landed)

@deftdawg
Copy link
Contributor Author

Rather than add dedicated flag, I think it'd be best to add an --output flag since we've planning to add support for another output format at somepoint.

Yep, the thought crossed my mind as I was adding these changes, but it that was more refactoring than I wanted to take on for a first-time Go coding experience. Just need to get it to spit out markdown for something I was working on; there are considerations around handling regular output vs json and stdout vs stderr that come with broader refactoring...

@G-Rath
Copy link
Collaborator

G-Rath commented Jan 21, 2023

All good - ideally we will want --output to land this because once a flag is added it requires a new major version to remove as its a breaking change, but that can be done in its own PR ahead of this, and I'm happy to that work if you'd prefer

@deftdawg
Copy link
Contributor Author

All good - ideally we will want --output to land this because once a flag is added it requires a new major version to remove as its a breaking change, but that can be done in its own PR ahead of this, and I'm happy to that work if you'd prefer

Go for it, I completely understand... Once you get output it'll be easier to add markdown, HTML, CSV, TSV, etc and whatever other output formats people might find useful.

@G-Rath
Copy link
Collaborator

G-Rath commented Jan 25, 2023

@deftdawg sorry I forgot to say my PR adding --format has been landed, so you should be good to rebase this and switch to using that as a new option.

@deftdawg deftdawg closed this Jan 26, 2023
@deftdawg deftdawg force-pushed the render-markdown-table branch from 7a81764 to 0a8be7b Compare January 26, 2023 17:28
@deftdawg deftdawg reopened this Jan 26, 2023
@another-rex another-rex merged commit 64e1ed5 into google:main Feb 2, 2023
@deftdawg deftdawg deleted the render-markdown-table branch February 2, 2023 21:59
hayleycd pushed a commit that referenced this pull request Mar 9, 2023
)

* - render output as markdown table (rebase)

* - Run gofmt -s on main.go

* Fix import

* Merge markdown and table logic into one function

---------

Co-authored-by: Rex Pan <[email protected]>
Co-authored-by: Rex P <[email protected]>
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
…oogle#156)

* - render output as markdown table (rebase)

* - Run gofmt -s on main.go

* Fix import

* Merge markdown and table logic into one function

---------

Co-authored-by: Rex Pan <[email protected]>
Co-authored-by: Rex P <[email protected]>
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
…oogle#156)

* - render output as markdown table (rebase)

* - Run gofmt -s on main.go

* Fix import

* Merge markdown and table logic into one function

---------

Co-authored-by: Rex Pan <[email protected]>
Co-authored-by: Rex P <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

add markdown output option
3 participants