BREAKING CHANGE: migration to new JSON schema #1050
Replies: 3 comments 1 reply
-
|
I saw the warning today as we upgraded to 0.19.1 and I want to just say thanks. This new schema is a massive improvement. |
Beta Was this translation helpful? Give feedback.
-
|
@knqyf263 @tofuatjava Trivy support was recently added to Jenkins in the warnings-ng and analysis-model plugins. This will need to be updated for the new schema? jenkinsci/warnings-ng-plugin#711 |
Beta Was this translation helpful? Give feedback.
-
|
I'm sorry I missed your message. If the plugins use Trivy JSON, they need to migrate to the new JSON schema. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the heads-up, that was an easy fix. Really nice, that this was testable with the Environment variable beforehand. |
Beta Was this translation helpful? Give feedback.
-
Overview
We will migrate the JSON schema of scan results to a new schema in
v0.20.0. You might need to update your JSON parser.v0.19.0displays a warning as below when you specify-f json.Impact
Trivy CLI
This change affects
--format/-f jsonoption regardless of scanning modes such asimage,fs, andclient.v0.20.0will generate JSON with a different schema.if you parse the JSON output from Trivy, this change breaks your script.
-f table(default) and-f templatewill not be affected by this change.GitHub Action (trivy-action)
Not affected
https://github.com/aquasecurity/trivy-action
Schema Change
Current:
[ { "Target": "alpine 3.12", "Type": "alpine", "Vulnerabilities": [...], }, { "Target": "app/jenkins.jar", "Type": "java", "Vulnerabilities": [...], } ]New:
The current data structure will be kept intact and moved under
Results.NOTE: This new schema is subject to change before the release of v0.19.0.
{ "SchemaVersion": 2, "ArtifactName": "alpine:3.14", "ArtifactType": "container_image", "Metadata": { "OS": { "Family": "alpine", "Name": "3.14.2" }, "ImageID": "sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab", "DiffIDs": [ "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" ], "RepoTags": [ "alpine:3.14" ], "RepoDigests": [ "alpine@sha256:e1c082e3d3c45cccac829840a25941e679c25d438cc8412c2fa221cf1a824e6a" ], "ImageConfig": { "architecture": "amd64", "container": "330289c649db86f5fb1ae5bfef18501012b550adb0638b9193d4a3a4b65a2f9b", "created": "2021-08-27T17:19:45.758611523Z", "docker_version": "20.10.7", "history": [ { "created": "2021-08-27T17:19:45.553092363Z", "created_by": "/bin/sh -c #(nop) ADD file:aad4290d27580cc1a094ffaf98c3ca2fc5d699fe695dfb8e6e9fac20f1129450 in / " }, { "created": "2021-08-27T17:19:45.758611523Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" ] }, "config": { "Cmd": [ "/bin/sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Image": "sha256:d3e0b6258ec2f725c19668f11ae5323c3b0245e197ec478424ec6a87935690eb" } } }, "Results": [ { "Target": "alpine 3.12", "Type": "alpine", "Class": "os-pkgs", "Vulnerabilities": [...], }, { "Target": "app/jenkins.jar", "Type": "java", "Class": "lang-pkgs", "Vulnerabilities": [...], } ] }Test
This new JSON schema is available in
v0.19.0by specifyingTRIVY_NEW_JSON_SCHEMA=true. The warning is not displayed.We apologize for the inconvenience, but please try this environment variable to fix your JSON parser.
TRIVY_NEW_JSON_SCHEMAenv will be removed inv0.20.0, so you will not have to specify it inv0.20.0or later.Examples
Here are some examples of what modifications might be needed.
jq
An example of jq parsing the result JSON and displaying the vulnerability IDs
Before:
After:
Python
An example of python parsing the result JSON and displaying the vulnerability IDs
Before:
After:
Diff
Beta Was this translation helpful? Give feedback.
All reactions