Feature Request: Reading multiple reports at the same time about scan2html HOT 9 CLOSED

Hi @prasenjitsh ,

Thanks for the feature request. To answer your two questions:
1- Combining the two reports is one of our plans which is a big change. Before investing into that we would like to see the demand from the community. Could I ask you how important feature is that for you/your company? Other question is that how do you store all the scan results for a project? Say over a year you have done the scanning and created 365 reports. Do you need some auditing/history?
2- Configuring left side menu - it is not possible right now but very easy to implement. To clarify your request: if the report includes only vulnerabilities then vulnerabilities menu will be selected as default. if secrets then secrets is the default and so on ?

Regards,
Fatih

from scan2html.

HI @fatihtokus ,

1. We are running Trivy as part of our Azure DevOps pipeline. Please see the screenshot below. These reports will be available in the release pipeline for six months for auditing purposes.
2. I was actually looking to see if we can hide those menus that are not required. If you see the screenshot, currently, I’m scanning one time for vulnerabilities and another time for secrets. I am planning to implement SBOM and K8 scanner in the future. Each of the tabs should have only one report visible instead of the entire menu list, so that developers don’t get confused.

from scan2html.

Hi @prasenjitsh ,

Thanks for the answers:

1. We are planning to accept multiple trivy-results.json reports as url parameters like below.
   scan2html-empty-report.html?url=https://$CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/jobs/$CI_JOB_ID/artifacts/trivy-vuln-results.json&https://$CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/jobs/$CI_JOB_ID/artifacts/trivy-secrets-results.json
   Would this address your requirement?

2- As a quick solution I will collapse the menu and open the filled one as default, will this help you?

from scan2html.

Hi @fatihtokus ,

1. Can it load from local directory instead of https? Since I will be running from from pipeline it will be easy to load from local machine.
2. yes that will help

from scan2html.

1- unfortunately, due to the browsers' security limitations, it has to come via https/http :( Do you think it still will be useful for you?
2- We have started working on this.

from scan2html.

1. I have to see. I can publish the JSON as azure pipeline artifacts. I have to verify whether these artifacts can be accessed via https from shell.

from scan2html.

Hi @prasenjitsh ,
1- Still working on this, will update you soon
2- We have released this with v0.3.1, please try and give us feedback.

Regard

from scan2html.

Hi @prasenjitsh ,

1- We have delivered this as well, please give it a try and let us know your feedback
2- Any feedback?

from scan2html.

from scan2html.