diff --git a/contrib/analyze-local-images/main.go b/contrib/analyze-local-images/main.go index 62c933e5..a82c6c1b 100644 --- a/contrib/analyze-local-images/main.go +++ b/contrib/analyze-local-images/main.go @@ -31,6 +31,7 @@ import ( "time" "github.com/coreos/clair/api/v1" + "github.com/coreos/clair/utils/types" ) const ( @@ -43,6 +44,7 @@ func main() { // Parse command-line arguments. endpoint := flag.String("endpoint", "http://127.0.0.1:6060", "Address to Clair API") myAddress := flag.String("my-address", "127.0.0.1", "Address from the point of view of Clair") + minimumSeverity := flag.String("minimum-severity", "Negligible", "Minimum severity of vulnerabilities to show (Unknown, Negligible, Low, Medium, High, Critical, Defcon1)") flag.Usage = func() { fmt.Fprintf(os.Stderr, "Usage: %s [options] image-id\n\nOptions:\n", os.Args[0]) @@ -57,6 +59,12 @@ func main() { } imageName := flag.Args()[0] + minSeverity := types.Priority(*minimumSeverity) + if !minSeverity.IsValid() { + flag.Usage() + os.Exit(1) + } + // Save image. fmt.Printf("Saving %s\n", imageName) path, err := save(imageName) @@ -130,11 +138,19 @@ func main() { fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName) if len(feature.Vulnerabilities) > 0 { - isSafe = false - - fmt.Printf(" - Added by: %s\n", feature.AddedBy) + isFirstVulnerability := true for _, vulnerability := range feature.Vulnerabilities { + if minSeverity.Compare(types.Priority(vulnerability.Severity)) > 0 { + continue + } + + if isFirstVulnerability { + isSafe = false + isFirstVulnerability = false + fmt.Printf(" - Added by layer: %s\n", feature.AddedBy) + } + fmt.Printf("### (%s) %s\n", vulnerability.Severity, vulnerability.Name) if vulnerability.Description != "" {