feat(output): add HTML output format (#1258)

Implement #1274 Add an HTML output format to display results more effectively, particularly for container scanning. This format retains all the information from the existing table output, including called/uncalled vulnerability details. New features: * Provides a package summary page * Groups vulnerabilities by source package and ecosystem. Vulnerabilities from OS images are displayed last by default. * Provides a total count of vulnerabilities (excluding uncalled vulnerabilities by default). * Surfaces container scanning metrics, such as layer commands. * Shows fix version information. ![image](https://github.com/user-attachments/assets/dfe80bd4-243c-4f3e-8196-aef735b8b2ed) ![image](https://github.com/user-attachments/assets/620fc0b2-82a3-4fa0-bb62-557717aee1b1) ![image](https://github.com/user-attachments/assets/fbabe9f1-d054-4222-aba9-5d40acf93e1b)
google · Oct 9, 2024 · 3702c3b · 3702c3b
1 parent b14f6c7
commit 3702c3b
Show file tree

Hide file tree

Showing 16 changed files with 14,858 additions and 0 deletions.
diff --git a/.prettierignore b/.prettierignore
@@ -1,3 +1,4 @@
 **/fixtures/**
 **/fixtures-go/**
 /docs/vendor/**
+/internal/output/html/*template.html
diff --git a/cmd/osv-scanner/scan/main.go b/cmd/osv-scanner/scan/main.go
@@ -55,6 +55,12 @@ func Command(stdout, stderr io.Writer, r *reporter.Reporter) *cli.Command {
 						return nil
 					}
 
+					// Supporting html output format without showing it in the help command.
+					// TODO(gongh@): add html to reporter.Format()
+					if s == "html" {
+						return nil
+					}
+
 					return fmt.Errorf("unsupported output format \"%s\" - must be one of: %s", s, strings.Join(reporter.Format(), ", "))
 				},
 			},