Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change root of JSON presenter to a mapping (instead of a sequence) #163

Merged
merged 2 commits into from
Sep 25, 2020
Merged

Change root of JSON presenter to a mapping (instead of a sequence) #163

merged 2 commits into from
Sep 25, 2020

Conversation

wagoodman
Copy link
Contributor

Changes the JSON presenter from an enumeration of vulnerability findings...

[
 {
   "vulnerability": {
    "id": "CVE-1999-0001",
    ...
    }
  },
  ...
]

...to a JSON mapping at the root of the document:

{
 "vulnerabilities": [
    {
     "vulnerability": {
      "id": "CVE-1999-0001",
      ...
    },
    ...
   ],
   ...
}

And additionally adds the image or directory source information (just as in syft).

@wagoodman
update root of json presenter document
974dd4b 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman added the enhancement New feature or request label Sep 25, 2020
@wagoodman wagoodman self-assigned this Sep 25, 2020
alfredodeza
alfredodeza reviewed Sep 25, 2020
View reviewed changes
grype/presenter/json/presenter.go Show resolved Hide resolved
grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden Show resolved Hide resolved
grype/presenter/json/test-fixtures/snapshot/TestJsonDirsPresenter.golden
}
}
],
"directory": "/some/path"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having the golden files is a good way to visualize how this output is shaping up. I think this is going to be very helpful for consumers. One thing that jumps at me is that a consumer would need to check for the key existence instead of asking for a value that advertises what the source is.

There is at least one potential caveat in the case of a directory being a one-to-one mapping like in here: If we want to add any other key information to the directory scan besides the path, this would need to have a breaking change to include that.

The pattern(s) that the JSON presenter follows in other parts of the object is what I would like to see. For example, in the "artifact" object, there are a few keys that advertise what their values are:

"name": "package-1",
"type": "deb",

Which is great to consume, as the consumer doesn't need to figure out what it is dealing with. This is an example on how that would look like if it didn't advertise the values as it is today:

"deb": "package-1",

And that is the similarity that I see with the proposed approach in this PR. Can we consider making this new section a generic name that encompasses directory,image and any other future source? I don't have any strong opinions on the key name, but following what grype has internally this could be:

  "source": {
    "type": "directory",
    "target": {
      "path": "/some/path"
    }
  }

For an image it could probably be something like:

  "source": {
    "type": "directory",
    "target": {
      "tag": "latest",
      "repo": "alpine:3.12",
    }
  }

Copy link
Contributor Author

@wagoodman wagoodman Sep 25, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good suggestion, I'll incorporate in syft then a follow up PR in grype.

@wagoodman
Copy link
Contributor Author

from an offline chat, changing vulnerabilities to matches

@wagoodman
change vulnerabilities to matches in json output
314e9b5 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman mentioned this pull request Sep 25, 2020
Merged
@wagoodman wagoodman merged commit 9f6301b into main Sep 25, 2020
@wagoodman wagoodman deleted the json-root-map branch September 25, 2020 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alfredodeza alfredodeza alfredodeza left review comments

@luhring luhring luhring approved these changes

@dakaneye dakaneye Awaiting requested review from dakaneye

Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wagoodman @alfredodeza @luhring