Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add "vertical" output format #889

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat: add "vertical" output format #889

wants to merge 8 commits into from

Conversation

G-Rath
Copy link
Collaborator

@G-Rath G-Rath commented Mar 26, 2024

This adds a new "vertical" output format that is designed for humans and based on the output of osv-detector, which effectively aims to group the output relating to each entity being scanned in vertical slices:

image

Unfortunately I think it suffers significantly due to the assumptions made by the rest of the codebase for outputting that made sense when the final output was a table i.e. we dump a lot of information as we go about scanning, config files, vulnerability filtering, and so on that really should be grouped but currently cannot because they're all outputted at different stages - I think a way to address that could be using some sort of event-emitter type pattern so that the reporters could be responsible for deciding what they actually do (e.g. r.Emit("filtered-vulnerability", ...) and then most reporters could choose to just print immediately, and ones like "vertical" could choose to add it to an internal struct), but I think that'll involve a lot more work; for now I'm just going to ignore the pre-results output.

Resolves #85

@G-Rath G-Rath force-pushed the add-vertical-reporter branch 3 times, most recently from 505d532 to bae0efe Compare March 28, 2024 02:59
@codecov-commenter
Copy link

codecov-commenter commented Mar 28, 2024
edited

Codecov Report

Attention: Patch coverage is 93.56725% with 11 lines in your changes are missing coverage. Please review.

Project coverage is 64.88%. Comparing base (804589a) to head (14e97cd).

Files Patch % Lines
pkg/reporter/vertical_reporter.go 76.47% 8 Missing ⚠️
internal/output/vertical.go 97.77% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #889      +/-   ##
==========================================
+ Coverage   64.47%   64.88%   +0.40%     
==========================================
  Files         148      150       +2     
  Lines       12088    12259     +171     
==========================================
+ Hits         7794     7954     +160     
- Misses       3843     3853      +10     
- Partials      451      452       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@G-Rath G-Rath mentioned this pull request Apr 1, 2024
Closed
@G-Rath G-Rath mentioned this pull request Apr 5, 2024
Closed
@G-Rath

This comment was marked as resolved.

Sign in to view
@G-Rath G-Rath mentioned this pull request Apr 23, 2024
Merged
another-rex pushed a commit that referenced this pull request May 24, 2024
@G-Rath
test: add cases for output functions (#937)
33e7f93 
This introduces a set of crafted scanner results that each supported
`output` format is run through to showcase how they look across all the
different results possible from a scanner run - it originally started
life as the tests for #889 but I realised they could base used more
generally for testing and reviewing all the outputters, so here we are.

~It looks like this has also revealed the SARIF output is unstable in
its ordering, which I'll aim to address in a dedicated PR~
@G-Rath G-Rath force-pushed the add-vertical-reporter branch 2 times, most recently from d5c8f4d to b266097 Compare May 24, 2024 19:47
@G-Rath

This comment was marked as resolved.

Sign in to view
@G-Rath G-Rath force-pushed the add-vertical-reporter branch 2 times, most recently from ab449a3 to 1ecd8e0 Compare May 28, 2024 00:26
@G-Rath G-Rath marked this pull request as ready for review May 28, 2024 03:51
@cuixq
Copy link
Contributor

cuixq commented May 29, 2024

LGTM - however I am not sure if we want the output in this color schema. @another-rex is there any discussion/agreement on this?

josieang pushed a commit to josieang/osv-scanner that referenced this pull request Jun 6, 2024
@G-Rath @josieang
test: add cases for output functions (google#937)
2aaea38 
This introduces a set of crafted scanner results that each supported
`output` format is run through to showcase how they look across all the
different results possible from a scanner run - it originally started
life as the tests for google#889 but I realised they could base used more
generally for testing and reviewing all the outputters, so here we are.

~It looks like this has also revealed the SARIF output is unstable in
its ordering, which I'll aim to address in a dedicated PR~
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@another-rex another-rex Awaiting requested review from another-rex

@cuixq cuixq Awaiting requested review from cuixq

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Optimise human readable output for narrow terminals
3 participants
@G-Rath @codecov-commenter @cuixq