/gogrype

GoGrype is a helper package for Grype.

Primary LanguageGoMIT LicenseMIT

Go Grype

Build Status Lint Status Go Report Card Docs LOC License

gogrype is a package to interact with github.com/anchore/grype.

Usage

Generate Grype JSON output from SBOM

% grype sbom:./sbom.spdx.json --add-cpes-if-none > grypeout.json

Generate Grype JSON output from JAR

% grype log4shell-vulnerable-app-all.jar -o json > grypeout.json

Convert Grype JSON output to XLSX file

% go run cmd/json2xlsx/main.go grypeout.json grypeout.xlsx

Integrate with GoVEX

import (
    "github.com/grokify/gogrype"
	"github.com/grokify/mogo/fmt/fmtutil"
	"github.com/grokify/mogo/log/logutil"
)

g, err := gogrype.ReadFileGrypeOutputJSON(f)
logutil.FatalErr(err)
fmtutil.PrintJSON(g)
fmtutil.PrintJSON(g.GoVEXes())