From 910288fc97ff26d8aac2b96ada85a6f79a1069e6 Mon Sep 17 00:00:00 2001
From: Quentin Machu <me@quentin-machu.fr>
Date: Thu, 17 Mar 2016 11:41:00 -0400
Subject: [PATCH] contrib: Add minimum severity support to analyze-local-images

---
 contrib/analyze-local-images/main.go | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/contrib/analyze-local-images/main.go b/contrib/analyze-local-images/main.go
index 62c933e5..a82c6c1b 100644
--- a/contrib/analyze-local-images/main.go
+++ b/contrib/analyze-local-images/main.go
@@ -31,6 +31,7 @@ import (
 	"time"
 
 	"github.com/coreos/clair/api/v1"
+	"github.com/coreos/clair/utils/types"
 )
 
 const (
@@ -43,6 +44,7 @@ func main() {
 	// Parse command-line arguments.
 	endpoint := flag.String("endpoint", "http://127.0.0.1:6060", "Address to Clair API")
 	myAddress := flag.String("my-address", "127.0.0.1", "Address from the point of view of Clair")
+	minimumSeverity := flag.String("minimum-severity", "Negligible", "Minimum severity of vulnerabilities to show (Unknown, Negligible, Low, Medium, High, Critical, Defcon1)")
 
 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, "Usage: %s [options] image-id\n\nOptions:\n", os.Args[0])
@@ -57,6 +59,12 @@ func main() {
 	}
 	imageName := flag.Args()[0]
 
+	minSeverity := types.Priority(*minimumSeverity)
+	if !minSeverity.IsValid() {
+		flag.Usage()
+		os.Exit(1)
+	}
+
 	// Save image.
 	fmt.Printf("Saving %s\n", imageName)
 	path, err := save(imageName)
@@ -130,11 +138,19 @@ func main() {
 		fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName)
 
 		if len(feature.Vulnerabilities) > 0 {
-			isSafe = false
-
-			fmt.Printf("   - Added by: %s\n", feature.AddedBy)
+			isFirstVulnerability := true
 
 			for _, vulnerability := range feature.Vulnerabilities {
+				if minSeverity.Compare(types.Priority(vulnerability.Severity)) > 0 {
+					continue
+				}
+
+				if isFirstVulnerability {
+					isSafe = false
+					isFirstVulnerability = false
+					fmt.Printf("   - Added by layer: %s\n", feature.AddedBy)
+				}
+
 				fmt.Printf("### (%s) %s\n", vulnerability.Severity, vulnerability.Name)
 
 				if vulnerability.Description != "" {