Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Including invocation startTime and endTime in SARIF output #3226

Open
fniessink opened this issue Nov 24, 2022 · 3 comments · May be fixed by #8255
Open

Including invocation startTime and endTime in SARIF output #3226

fniessink opened this issue Nov 24, 2022 · 3 comments · May be fixed by #8255
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@fniessink
Copy link

Is it possible to make Trivy write the invocation startTimeUtc and endTimeUtc properties to the SARIF output report?

I haven't been able to find anything about manipulating the contents of the SARIF output unfortunately.

Rationale: we want to monitor that SARIF reports are current.

CC: @Sebastiaan127001

@fniessink fniessink added the triage/support Indicates an issue that is a support question. label Nov 24, 2022
@knqyf263 knqyf263 added good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. and removed triage/support Indicates an issue that is a support question. labels Jan 8, 2023
@github-actions
Copy link

This issue is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Mar 10, 2023
@Sebastiaan127001
Copy link

Who can help us with this?

@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Mar 11, 2023
@github-actions
Copy link

This issue is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label May 11, 2023
@knqyf263 knqyf263 added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. labels May 11, 2023
anupamme added a commit to anupamme/trivy that referenced this issue Jan 20, 2025
Fixes aquasecurity#3226

Add invocation `startTimeUtc` and `endTimeUtc` properties to SARIF output report.

* **pkg/report/sarif.go**
  - Import `time` package.
  - Add `StartTime` and `EndTime` fields to `SarifWriter` struct.
  - Set `startTimeUtc` and `endTimeUtc` properties in the `Write` method.

* **pkg/report/writer.go**
  - Import `time` package.
  - Add `StartTime` and `EndTime` fields to `SarifWriter` initialization in the `Write` method.

* **pkg/report/sarif_test.go**
  - Add test `TestSarifWriter_Write_WithInvocationTimes` to verify `startTimeUtc` and `endTimeUtc` properties in SARIF report.
  - Ensure test covers various scenarios for `startTimeUtc` and `endTimeUtc`.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/aquasecurity/trivy/issues/3226?shareId=XXXX-XXXX-XXXX-XXXX).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
3 participants