vimp

command module

v0.3.11 Latest Latest Go to latest Published: Apr 4, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mchmarny/vimp

Links

Open Source Insights

README ¶

vimp

Import CLI for OSS vulnerability scanner output. Generalizes vulnerability reports from common OSS scanners into a generic format and imports them into a target database. Useful for comparing data across multiple scanners.

usage

Given a container image digest:

export image="docker.io/redis@sha256:7b83a0167532d4320a87246a815a134e19e31504d85e8e55f0bb5bb9edf70448"

Generate vulnerability report using one of the supported OSS scanners:

grype grype --add-cpes-if-none -s AllLayers -o json --file report.json $image
snyk snyk container test --app-vulns --json-file-output=report.json $image
trivy trivy image --format json --output report.json $image

Then, import that vulnerability data into one of the supported data stores:

vimp --source $image --file report.json --target bq://project:dataset.table

Note, target table will be created if it does not exist.

Installation

You can install vimp CLI using one of the following ways:

Go
Homebrew
RHEL/CentOS
Debian/Ubuntu
Binary

See the release section for vimp checksums and SBOMs.

Go

If you have Go 1.17 or newer, you can install latest vimp using:

go install github.com/mchmarny/vimp@latest

Homebrew

On Mac or Linux, you can install vimp with Homebrew:

brew tap mchmarny/vimp
brew install vimp

New release will be automatically picked up when you run brew upgrade

RHEL/CentOS

rpm -ivh https://github.com/mchmarny/vimp/releases/download/v$VERSION/vimp-$VERSION_Linux-amd64.rpm

Debian/Ubuntu

wget https://github.com/aquasecurity/vimp/releases/download/v$VERSION/vimp-$VERSION_Linux-amd64.deb
sudo dpkg -i vimp-$VERSION_Linux-64bit.deb

Binary

You can also download the latest release version of vimp for your operating system/architecture from here. Put the binary somewhere in your $PATH, and make sure it has that executable bit.

The official vimp releases include SBOMs

Disclaimer

This is my personal project and it does not represent my employer. While I do my best to ensure that everything works, I take no responsibility for issues caused by this code.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
internal
converter/grype
converter/snyk
converter/trivy
parser
processor
target
target/bq
pkg
data

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL