A tool for analyzing the reports generated by various code security scanning tools (i.e. Snyk, Trivy). It is inspired by and designed for Github Action Workflow integration.
Currently the commands summary and diff can generate different outputs according to the flag setting. It will bring some confusion about using the command. For example:
./scan-report summary -report-type=snyk -path="/data/snyk.json" -output-type=table -export -export-filename="/data/js-result" (generate a html file)
It would be great to have the feature to compare the security result between the current feature branch and the base branch. With this feature, we can identify the new vulnerabilities found in the feature branch
The original security report is raw json file, which can be very content intensive and hard to read. Extract the important information and display in the html page can be very helpful