json output for lock files and Dockerfiles does not include line numbers #4394
Closed
tbutler-qontigo
started this conversation in
Ideas
Replies: 1 comment 13 replies
-
It is not a lock file, but Dockerfile, right? |
Beta Was this translation helpful? Give feedback.
13 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Cloning your example repo, https://github.com/knqyf263/trivy-ci-test.git, if I output results in JSON format then the issues do not include start/end lines but if I output the results in SARIF format then they do.
e.g. JSON
vs SARIF:
Desired Behavior
Both JSON format and SARIF format include the start/end line and start/end column information where available.
It works for Misconfigurations but vulnerabilities, at least for lock files, do not include this information when in JSON format.
Actual Behavior
No start/end line information is included in the output - see the example above
Reproduction Steps
Target
Filesystem
Scanner
Vulnerability
Output Format
JSON
Mode
Standalone
Debug Output
Operating System
Windows 10
Version
Checklist
trivy --reset
Beta Was this translation helpful? Give feedback.
All reactions