Releases: sysdiglabs/secure-inline-scan-examples
sysdig2sarif 0.2
What's new
- Support V1 JSON format (CLI parameter
--output=json-file=filename.json)
There are now 2 go scripts (and 2 available binaries), one for the v1beta format (using --json-scan-result=filename.json) and one for the v1 format.
Scan image using Sysdig CLI scanner:
./sysdig-cli-scanner -a <sysdig-secure-url> <image-to-scan> --output=json-file=scan-result-v1.json
then, convert the scan-result.json to SARIF:
./sysdigv1_to_sarif scan-result-v1.json sarif-report.json
For further filtering, check sysdigv1_to_sarif -h:
./sysdigv1_to_sarif -h
Usage of ./sysdigv1_to_sarif:
-exclude-accepted
Exclude vulnerabilities with accepted risks
-group-by-package
Group by package
-min-severity string
Minimum severity (e.g., High)
-not-type string
Exclude package types (comma-separated)
-type string
Package types (comma-separated, e.g., java, javascript)
Example:
./sysdigv1_to_sarif -exclude-accepted -min-severity high -not-type os scan-result.json sarif-report.json
sysdig2sarif
Scan image using Sysdig CLI scanner:
./sysdig-cli-scanner -a <sysdig-secure-url> <image-to-scan> --json-scan-result=scan-result.json
then, convert the scan-result.json to SARIF:
./sysdig2sarif scan-result.json sarif-report.json
For further filtering, check sysdig2sarif -h:
./sysdig2sarif -h
Usage of ./sysdig2sarif:
-exclude-accepted
Exclude vulnerabilities with accepted risks
-group-by-package
Group by package
-min-severity string
Minimum severity (e.g., High)
-not-type string
Exclude package types (comma-separated)
-type string
Package types (comma-separated, e.g., java, javascript)
Example:
./sysdig2sarif -exclude-accepted -min-severity high -not-type os scan-result.json sarif-report.json