Report Formats

    1. 2019-05-16T01:46:31.777+0900    INFO    Updating vulnerability database...

    JSON

    VulnerabilityID, PkgName, , and Severity in Vulnerabilities are always filled with values, but other fields might be empty.

    1. $ trivy image --format template --template "{{ range . }} {{ .Target }} {{ end }}" golang:1.12-alpine
    1. 2020-01-02T18:02:32.856+0100    INFO    Detecting Alpine vulnerabilities...

    You can load templates from a file prefixing the template path with an @.

    XML

    In the following example using the template junit.tpl XML can be generated.

    1. $ trivy image --format template --template "@contrib/junit.tpl" -o junit-report.xml  golang:1.12-alpine

    SARIF

    1. $ trivy image --format template --template "@contrib/sarif.tpl" -o report.sarif  golang:1.12-alpine

    This SARIF format can be uploaded to GitHub code scanning results, and there is a Trivy GitHub Action for automating this process.

    Trivy also supports an

    HTML