docs: Add json2 output format (fixes #4333) (#4397)

* fixes #4333
intel · Aug 29, 2024 · 57554a1 · 57554a1
1 parent 3d2bf7f
commit 57554a1
Show file tree

Hide file tree

Showing 3 changed files with 173 additions and 4 deletions.
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -38,6 +38,7 @@ bash
 bashrc
 bazel
 bcca
+bcrypt
 bdbd
 bdist
 bestpractices
@@ -129,6 +130,7 @@ cybersecurity
 cygwin
 d
 darkhttpd
+datasource
 dav
 davfs
 dbus

diff --git a/README.md b/README.md
@@ -163,12 +163,12 @@ We also provide an example [GitHub action](https://github.com/intel/cve-bin-tool
 
 ## Output Options
 
-The CVE Binary Tool provides console-based output by default. If you wish to provide another format, you can specify this and a filename on the command line using `--format`. The valid formats are CSV, JSON, console, HTML and PDF. The output filename can be specified using the `--output-file` flag.
+The CVE Binary Tool provides console-based output by default. If you wish to provide another format, you can specify this and a filename on the command line using `--format`. The valid formats are CSV, JSON, JSON2, console, HTML and PDF. The output filename can be specified using the `--output-file` flag.
 
 You can also specify multiple output formats by using comma (',') as separator:
 
 ```bash
-cve-bin-tool file -f csv,json,html -o report
+cve-bin-tool file -f csv,json,json2,html -o report
 ```
 
 Note: You must not use spaces between the commas (',') and the output formats.
@@ -473,7 +473,7 @@ Output:
                         provide output filename (default: output to stdout)
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--html-theme-html_theme">--html-theme HTML_THEME</a>
                         provide custom theme directory for HTML Report
-  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-f-csvjsonconsolehtml---format-csvjsonconsolehtml">-f {csv,json,console,html,pdf}, --format {csv,json,console,html,pdf}</a>
+  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-f-csvjsonconsolehtml---format-csvjsonconsolehtml">-f {csv,json,json2,console,html,pdf}, --format {csv,json,json2,console,html,pdf}</a>
                         update output format (default: console)
                         specify multiple output formats by using comma (',') as a separator
                         note: don't use spaces between comma (',') and the output formats.

diff --git a/doc/MANUAL.md b/doc/MANUAL.md
@@ -153,7 +153,7 @@ which is useful if you're trying the latest code from
                             provide output filename (default: output to stdout)
       --html-theme HTML_THEME
                             provide custom theme directory for HTML Report
-      -f {csv,json,console,html,pdf}, --format {csv,json,console,html,pdf}
+      -f {csv,json,json2,console,html,pdf}, --format {csv,json,json2,console,html,pdf}
                             update output format (default: console)
                             specify multiple output formats by using comma (',') as a separator
                             note: don't use spaces between comma (',') and the output formats.
@@ -573,6 +573,173 @@ EPSS bridges this gap by incorporating up-to-date threat information from CVE an
 
 ![JSON metric table](images/metric/JSON.png)
 
+- JSON2
+
+```json
+{
+  "$schema": "",
+  "metadata": {
+    "tool": {
+      "name": "cve-bin-tool",
+      "version": "3.4rc0"
+    },
+    "generation_date": "2024-08-28 18:56:24",
+    "parameter": {
+      "options": {
+        "help": null,
+        "exclude": [],
+        "version": null,
+        "disable-version-check": false,
+        "disable-validation-check": false,
+        "offline": false,
+        "detailed": false
+      },
+      "cve_data_download": {
+        "nvd": "json-mirror",
+        "update": "daily",
+        "nvd-api-key": "",
+        "disable-data-source": [],
+        "use-mirror": ""
+      },
+      "input": {
+        "directory": "test/language_data/Gemfile.lock",
+        "input-file": "",
+        "config": "",
+        "package-list": "",
+        "sbom": "",
+        "sbom-file": "",
+        "vex-file": ""
+      },
+      "output": {
+        "quiet": false,
+        "log-level": "info",
+        "output-file": "/tmp/gem.json",
+        "html-theme": "",
+        "format": "json2",
+        "generate-config": "",
+        "cvss": 0,
+        "severity": "low",
+        "metrics": false,
+        "epss-percentile": null,
+        "epss-probability": null,
+        "no-0-cve-report": false,
+        "available-fix": "",
+        "backport-fix": "",
+        "affected-versions": 0,
+        "sbom-output": "",
+        "sbom-type": "spdx",
+        "sbom-format": "tag"
+      },
+      "vex_output": {
+        "vex-output": "",
+        "vex-type": "",
+        "product": "",
+        "release": "",
+        "vendor": "",
+        "revision-reason": "",
+        "filter-triage": false
+      },
+      "merge_report": {
+        "append": false,
+        "tag": "",
+        "merge": null,
+        "filter": []
+      },
+      "checkers": {
+        "skips": "",
+        "runs": ""
+      },
+      "database_management": {
+        "import-json": "",
+        "ignore-sig": false,
+        "log-signature-error": false,
+        "verify": "",
+        "export-json": "",
+        "pgp-sign": "",
+        "passphrase": "",
+        "export": "",
+        "import": ""
+      },
+      "exploits": {
+        "exploits": false
+      },
+      "deprecated": {
+        "extract": true,
+        "report": false
+      }
+    }
+  },
+  "database_info": {
+    "last_updated": "2024-08-28 18:29:40",
+    "total_entries": {
+      "NVD": 251104,
+      "OSV": 172654,
+      "GAD": 20792,
+      "REDHAT": 18002
+    }
+  },
+  "vulnerabilities": {
+    "summary": {
+      "CRITICAL": 14,
+      "HIGH": 57,
+      "MEDIUM": 39,
+      "LOW": 8,
+      "UNKNOWN": 19
+    },
+    "report": [
+      {
+        "datasource": "OSV",
+        "entries": [
+          {
+            "vendor": "microsoft",
+            "product": "azure-storage-blob",
+            "version": "2.0.3",
+            "location": "test/language_data/Gemfile.lock",
+            "cve_number": "CVE-2022-30187",
+            "severity": "MEDIUM",
+            "score": "4.7",
+            "source": "OSV",
+            "cvss_version": "3",
+            "cvss_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "paths": "test/language_data/Gemfile.lock",
+            "remarks": "NewFound",
+            "comments": ""
+          },
+          {
+            ...
+          }
+        ]
+      },
+      {
+        "datasource": "NVD",
+        "entries": [
+          {
+            "vendor": "unknown",
+            "product": "bcrypt",
+            "version": "3.1.16",
+            "location": "test/language_data/Gemfile.lock",
+            "cve_number": "CVE-2020-7689",
+            "severity": "HIGH",
+            "score": "7.5",
+            "source": "NVD",
+            "cvss_version": "3",
+            "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+            "paths": "test/language_data/Gemfile.lock",
+            "remarks": "NewFound",
+            "comments": ""
+          },
+          {
+            ...
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+
+
 ## Optional Arguments
 
 ### -e EXCLUDE, --exclude EXCLUDE