jfrog-cli icon indicating copy to clipboard operation
jfrog-cli copied to clipboard
verified publisher icon jfrog

jf scan does not order/sort results consistently

Open anessi opened this issue 1 year ago • 1 comments

Describe the bug

I'm using the following command to scan docker images and save the result as text file in a CI/CD pipeline. We use this result file to track changes between different scans, resp. see if an updated image version fixes or adds some vulnerabilities.

jf scan --extended-table '--watches=min-severity-critical' '--fail=false' <tar>

Current behavior

The issues is that the order of the vulnerabilities is changing each time which makes it impossible to compare the results.

Reproduction steps

Run the command multiple times and compare the resulting content

Expected behavior

It is expected that the result order is consistent. We want to keep the --extended-table format as this is human readable and not use e.g. JSON output with a sorting post processing step (which could be a workaround).

Additionally a CLI option could be provided to control the sorting, but that's not a necessity.

JFrog CLI version

2.55.0

Operating system type and version

Docker Image, Linux

JFrog Artifactory version

No response

JFrog Xray version

3.87.8

anessi avatar Apr 17 '24 07:04 anessi

@anessi The fix released in the latest version of the CLI.

dortam888 avatar Jul 24 '24 19:07 dortam888