Hello 👋
The markdown syntax in the Sarif reports produced by docker scout cves --format sarif has broken since v1.19.0.
The summary table at the end of the CVE description (found in the report at runs.tool.driver.rules.help.markdown) is no longer a valid markdown table.
Example of table in report generated by v1.18.4:
| | |
|----------------|-----------------------------------------------------------------|
| Package | pkg:maven/org.assertj/assertj-core@3.27.6 |
| Affected range | >=1.4.0,<=3.27.6 |
| Fixed version | 3.27.7 |
| CVSS Score | 8.2 |
| CVSS Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N |
Example of table in report generated by v1.19.0 (and also 1.20.0):
| |
|Package pkg:golang/github.com/docker/docker@27.2.1%2Bincompatible |
|Affected range >=26.0.0-rc1,<28.0.0 |
|Fixed version 28.0.0 |
|[[CVSS Score 3.3] [CVSS Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N]] |
Hello 👋
The markdown syntax in the Sarif reports produced by
docker scout cves --format sarifhas broken since v1.19.0.The summary table at the end of the CVE description (found in the report at
runs.tool.driver.rules.help.markdown) is no longer a valid markdown table.Example of table in report generated by v1.18.4:
Example of table in report generated by v1.19.0 (and also 1.20.0):