Skip to content

sysdig2sarif
Compare
Choose a tag to compare
@airadier airadier released this 26 May 11:29
· 9 commits to main since this release
sysdig2sarif-0.1
65eda31
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Scan image using Sysdig CLI scanner:

./sysdig-cli-scanner -a <sysdig-secure-url> <image-to-scan> --json-scan-result=scan-result.json

then, convert the scan-result.json to SARIF:

./sysdig2sarif scan-result.json sarif-report.json

For further filtering, check sysdig2sarif -h:

./sysdig2sarif -h
Usage of ./sysdig2sarif:
  -exclude-accepted
        Exclude vulnerabilities with accepted risks
  -group-by-package
        Group by package
  -min-severity string
        Minimum severity (e.g., High)
  -not-type string
        Exclude package types (comma-separated)
  -type string
        Package types (comma-separated, e.g., java, javascript)

Example:

./sysdig2sarif -exclude-accepted -min-severity high -not-type os scan-result.json sarif-report.json

Assets 6
Loading